• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Unable to enable Plesk-Firewall rules

@KieranK

Did you already use the firewall, or is it a clean install?

If you just recently installed the Plesk Firewall extension, you would be best off by removing the extension and re-installing it immediately.

If you already used the Plesk Firewall extension and added some firewall rulesets, a clean re-install would be an option, but it might not be the best one.

Depending on your server (question is: do you have a VPS or a dedicated server?), one of the following is often the root cause of the problem:

1 - the number of iptables rulesets (Plesk Firewall is essentially a GUI for iptables) is very high, resulting in both iptables and Plesk Firewall becoming (relatively) unresponsive, slow and in rare cases even corrupted: this scenario would certainly apply if

- when using a (Virtuozzo based) VPS, the result of the command cat /proc/user_beancounters indicates a non-zero value in the column failcnt for the key numiptent,
- Fail2Ban exists a whole lot of banned IP addresses, which is often the result of badly defined jails and filters or badly configured Fail2Ban,
- your VPS is under attack or enduring a whole lot of connections at the same time,

and the above is a non-exhaustive summary, I just gave the most common situations creating a less responsive iptables and/or Plesk Firewall.

2 - the firewall-active.sh script is actually corrupted, which can be verified by inspecting (all of the below)

- the rules in the Plesk Firewall GUI: just use the Plesk Panel to have a view at the firewall rulesets,
- the rules in iptables: just run the command iptables -L from the command line (as a starter, to get an idea what actually is loaded in iptables)
- the lines in firewall-active.sh

and the lines in the firewall-active.sh script should be exactly identical to the rules in iptables and/or Plesk Firewall: if they are not, the script is "corrupted" somehow.


I would strongly recommend to start with option 2: inspect the files.

I am pretty sure that you will find one or more lines that do not belong in the firewall-active.sh script.

If that is the case, then the solution is simply: erase those lines and try to enable the firewall again.


A small tip: always make a backup of the firewall-active.sh script before editing it manually.


Hope the above helps a bit.

Regards..........
 
Back
Top