• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Transferring firewall rules to a new server

Kurt Ludikovsky

Basic Pleskian
Server operating system version
Debian 9 / Debian 11
Plesk version and microupdate number
18.0.44 / 18.0.49
My provider does not offer a OS-upgrade, so to upgrade a new Server has to be rented and all has to be migrated. This is basically well supported by Plesk. Except for the firewall rules.

I have exported the iptable-rules and the resulting file is aprox. 57k covering approx 1000 lines. Simply too much to enter everything manually.

What is a workable solution to transfer the FW-rules from the old system to a new system.

I have tried resp. considered already:
* iptables-save and -restore => not persistent as Plesk overwrites the settings
* transferring firewall-active.sh => not persistent as Plesk overwrites the settings


Old Server; Debian 9.13, Plesk Obsidian 18.0.44
New Server;: Debian 11, Plesk Obsidian 18.0.49
 
Hi @Kurt Ludikovsky , are you saying that Migrator does not migrate the Plesk Firewall settings?
Correct! Qt least this is what I read from the docu which states

  • The settings of Plesk services, such as installed PHP handlers, Fail2Ban settings, ModSecurity settings, firewall settings, SpamAssassin's Bayes database and so on are not transferred.

and the various comments.
 
I've researched on this topic a bit and it seems that there is no migration solution at this time. However, there is a Uservoice request
Please vote on it i you believe that this is an important feature.

Could you please explain why you need so very many iptables rules? What are all your rules doing?
 
I've researched on this topic a bit and it seems that there is no migration solution at this time. However, there is a Uservoice request
Please vote on it i you believe that this is an important feature.

Could you please explain why you need so very many iptables rules? What are all your rules doing?
Vote done!
There was not much progress since 2013. (So nothing to worry, it's just one decade :D)

The rules are the result of several years blocking spammers and potential invaders.
If there is someone trying to break in my system i am blocking this IP (or range) based on the source. The same for spam-sources.
Hope this explains it.
 
Thank you for your vote and for your feedback. Actually, most attackers change their IP addresses frequently. Today many attacks are not done directly, but through malware that resides on various other servers. Your IP list may long be outdated. You likely already use Fail2Ban. That works quite well for blocking unwanted intruders. Also Plesk is working on a geo IP banning option, so that users can be blocked by region.
 
Last edited:
Back
Top