1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Issue Unable to enable Plesk-Firewall rules

Discussion in 'Plesk Onyx for Linux' started by KieranK, Dec 6, 2017.

  1. KieranK

    KieranK New Pleskian

    Mar 3, 2013
    Likes Received:
  2. trialotto

    trialotto Golden Pleskian Plesk Guru

    Sep 28, 2009
    Likes Received:

    Did you already use the firewall, or is it a clean install?

    If you just recently installed the Plesk Firewall extension, you would be best off by removing the extension and re-installing it immediately.

    If you already used the Plesk Firewall extension and added some firewall rulesets, a clean re-install would be an option, but it might not be the best one.

    Depending on your server (question is: do you have a VPS or a dedicated server?), one of the following is often the root cause of the problem:

    1 - the number of iptables rulesets (Plesk Firewall is essentially a GUI for iptables) is very high, resulting in both iptables and Plesk Firewall becoming (relatively) unresponsive, slow and in rare cases even corrupted: this scenario would certainly apply if

    - when using a (Virtuozzo based) VPS, the result of the command cat /proc/user_beancounters indicates a non-zero value in the column failcnt for the key numiptent,
    - Fail2Ban exists a whole lot of banned IP addresses, which is often the result of badly defined jails and filters or badly configured Fail2Ban,
    - your VPS is under attack or enduring a whole lot of connections at the same time,

    and the above is a non-exhaustive summary, I just gave the most common situations creating a less responsive iptables and/or Plesk Firewall.

    2 - the firewall-active.sh script is actually corrupted, which can be verified by inspecting (all of the below)

    - the rules in the Plesk Firewall GUI: just use the Plesk Panel to have a view at the firewall rulesets,
    - the rules in iptables: just run the command iptables -L from the command line (as a starter, to get an idea what actually is loaded in iptables)
    - the lines in firewall-active.sh

    and the lines in the firewall-active.sh script should be exactly identical to the rules in iptables and/or Plesk Firewall: if they are not, the script is "corrupted" somehow.

    I would strongly recommend to start with option 2: inspect the files.

    I am pretty sure that you will find one or more lines that do not belong in the firewall-active.sh script.

    If that is the case, then the solution is simply: erase those lines and try to enable the firewall again.

    A small tip: always make a backup of the firewall-active.sh script before editing it manually.

    Hope the above helps a bit.