• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Unable to activate firewall changes

I

iainh

Basic Pleskian
I have posted this previously (http://talk.plesk.com/threads/modify-plesk-firewall-rules-never-completes.326239/) but not really got any answer.

I am running 12.0.18 Update #27 on CentOS 6.6 and while I can make changes to firewall rules, I cannot activate them. Importantly, I need to permit my ISPs sysadms to SSH to the box and am unable to grant them permission and so this is an important issue.

So sequence is:
  1. Make firewall change
  2. Click Apply changes
  3. Optionally review the script generated to apply the change(s)
  4. Click Activate button
  5. Get message: "Applying in progress. If your browser shows connection error messages, or if this screen does not disappear in more than 30 seconds, go to previous page" and there we stay indefinately
If I disable firewall updates, it can be problematic to reactivate changes and much like attempting to Active rule changes, switcinhg the update facility on and off also often does nothing. However, I did deactive and finally reactive the option to customise the firewall by trying many times, but no matter how many times I try the 'Activate' actual changes, the update NEVER completes and no changes are applied.

Last time IgorG suggested checking a number of logs which I have done and none show any errors.

I have looked to run the automatically generated script manually so as to observe any errors, but that just gives a 'bad interpreter' error.

I've then looked at Plesk 11 Set firewall rules manually (http://serverfault.com/questions/486115/plesk-11-set-firewall-rules-manually)) and insteringly looking at
/usr/local/psa/var/modules/firewall/firewall-active.sh I can see a default file of 542 bytes which isn't the running config...if it was, my ISP sysadms would be able to get into the VPS.

So is there are real practical advice on any of:
  1. Actually making the 'Activate' (updated firewall rules) process complete and do something
  2. Applying firewall changes from the CLI, either by running the automatically generated script or by other means
Thx
 
Is there any update on this? I *really* do need to be able to update the firewall. To expand on what is explained above:
  1. When I view the firewall it shows:
    1. Parallels Customer & Business Manager payment gateways - Allow incoming from [IP1], [IP2]
    2. Plesk administrative interface - Allow incoming from [IP1], [IP2]
    3. FTP server - Allow incoming from [IP1], [IP2]
    4. SSH (secure shell) server - Allow incoming from [IP1], [IP2]
    5. MySQL server - Allow incoming from [IP1], [IP2]
    6. Everything else is in a default Allow incoming from all
Basically, the idea is to limit access to admin functions to IPs I use ([IP1] and [IP2]) and keep unwanted people away. Now what follows is conflicting information:
  1. The hosting company sysadms say they cannot access the VPS via SSH and this would be consistent with the restriction on SSH access shown above. The update I want to apply is to permit the hosting company to get to the box if ever needed. This could become an urgent issue should there be an issue. So this result says the firewall config is applied and working - the hosting company sysadms cannot get in from [IP3], but...
  2. A security scan of the VPS says FTP (port 21) and SSH (port 22) are open. This obviously contradicts the hosting company sysadms saying they can't connect
  3. Not being on to believe everything I'm told, I made a couple of connections via my mobile, in effect testing [IP4] and [IP5] and sure enough, I could log into the Plesk admin console, start an SFTP session, start an SSH (terminal) session and connect via FTP and so clearly ports 21 and 22 are open and access to the 'Plesk administrative interface' is *not* restricted, no matter what the UI says
Now I guess the results of my experiment mean the host sysadms should be able to connect via SSH as the apparent firewall restrictions clearly are *not* in place, however this means I have two issues:
  1. The changes that the UI *think* are in place clearly are not...although I did have an almightly problem trying to apply them...although clearly they never were applied
  2. The pending change which is to extend SSH access to [IP1], [IP2] (both me) and [IP3] (the hosting cpany sysadms) will not complete. It knows of the pending change, tells me to activate them (it), we get to the Activate button and click it and then the update never completes and I'm left being told; ...or if this screen does not disappear in more than 30 seconds...
So is there any way to either:
  1. Make the UI firewall update complete. I have tried *many* times including viewing the pre-build update script, or
  2. Manually update the firewall from the CLI, maybe by running the pre-built update script somehow? This way I might at least see any errors that are generated
I'm on CentOs 6.6 and Plesk 12.0.18 Update #29, last updated at Dec 18, 2014 03:30 AM. Thx
 
You must log in or register to reply here.

Similar threads

P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
3K
PeterKi
P
michaeljoseph01
Issue Failed to apply the firewall configuration.
Replies
8
Views
3K
brother4
brother4
E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
1K
epertinez
E
M
Issue Can't confirm firewall rules from CLI
2
Replies
22
Views
3K
Dave W
Dave W
K
Issue enabling Plesk Firewall
Replies
5
Views
1K
Peter Debik
P
Back
Top