• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Transferring firewall rules to a new server

K

Kurt Ludikovsky

Basic Pleskian
Server operating system version
Debian 9 / Debian 11
Plesk version and microupdate number
18.0.44 / 18.0.49
My provider does not offer a OS-upgrade, so to upgrade a new Server has to be rented and all has to be migrated. This is basically well supported by Plesk. Except for the firewall rules.

I have exported the iptable-rules and the resulting file is aprox. 57k covering approx 1000 lines. Simply too much to enter everything manually.

What is a workable solution to transfer the FW-rules from the old system to a new system.

I have tried resp. considered already:
* iptables-save and -restore => not persistent as Plesk overwrites the settings
* transferring firewall-active.sh => not persistent as Plesk overwrites the settings


Old Server; Debian 9.13, Plesk Obsidian 18.0.44
New Server;: Debian 11, Plesk Obsidian 18.0.49
 
Peter Debik said:
Hi @Kurt Ludikovsky , are you saying that Migrator does not migrate the Plesk Firewall settings?
Click to expand...
Correct! Qt least this is what I read from the docu which states

  • The settings of Plesk services, such as installed PHP handlers, Fail2Ban settings, ModSecurity settings, firewall settings, SpamAssassin's Bayes database and so on are not transferred.

and the various comments.
 
I've researched on this topic a bit and it seems that there is no migration solution at this time. However, there is a Uservoice request
plesk.uservoice.com

export import firewall rules

Please add Export/import firewall rules to Plesk Panel - important functionality missing
plesk.uservoice.com
Please vote on it i you believe that this is an important feature.

Could you please explain why you need so very many iptables rules? What are all your rules doing?
 
Peter Debik said:
I've researched on this topic a bit and it seems that there is no migration solution at this time. However, there is a Uservoice request
plesk.uservoice.com

export import firewall rules

Please add Export/import firewall rules to Plesk Panel - important functionality missing
plesk.uservoice.com
Please vote on it i you believe that this is an important feature.

Could you please explain why you need so very many iptables rules? What are all your rules doing?
Click to expand...
Vote done!
There was not much progress since 2013. (So nothing to worry, it's just one decade :D)

The rules are the result of several years blocking spammers and potential invaders.
If there is someone trying to break in my system i am blocking this IP (or range) based on the source. The same for spam-sources.
Hope this explains it.
 
Thank you for your vote and for your feedback. Actually, most attackers change their IP addresses frequently. Today many attacks are not done directly, but through malware that resides on various other servers. Your IP list may long be outdated. You likely already use Fail2Ban. That works quite well for blocking unwanted intruders. Also Plesk is working on a geo IP banning option, so that users can be blocked by region.
 
Last edited:
You must log in or register to reply here.

Similar threads

E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
2K
epertinez
E
K
Question Migrating DNSSEC to the New Plesk Server
Replies
1
Views
464
nayoung109
N
R
Resolved New Let's Encrypt extension upgrade (version 3.1.13) breaks old Plesk versions
Replies
4
Views
2K
RalfMeyer
R
S
Issue I have an old Windows plesk server. I want to transfer all the server data to my new server with a Linux
Replies
2
Views
897
LTUser
LTUser
M
Issue FTP behind VPN - Connect it via Local IP
Replies
0
Views
2K
Mutate2546
M
Back
Top