• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question What firewall rules are useful?

B

BMG Germany

New Pleskian
Hi.

I have a new Plesk installation on my server.
The firewall rules are as follows. Can someone give me a tip on how to set this up in the most sensible way?
And is it possible to restore the firewall rules from a backup via Acronis etc.?

DHCP clientAllow incoming from all
FTP server passive portsAllow incoming from all
Plesk InstallerAllow incoming from all
Plesk-management interfaceAllow incoming from all
WWW-ServerAllow incoming from all
FTP-ServerAllow incoming from all
SSH-Server (Secure-Shell-Server)Allow incoming from all
SMTP-Server (Übermittlungsport)Allow incoming from all
SMTP-Server (für E-Mail-Versand)Allow incoming from all
POP3-Server (für E-Mail-Empfang)Allow incoming from all
IMAP-Server (für E-Mail-Empfang)Allow incoming from all
Password Change Servicefür E-MailAllow incoming from all
MySQL-ServerAllow incoming from all
PostgreSQL-ServerAllow incoming from all
Samba (Dateifreigabe in Windows-Netzwerken)Allow incoming from all
DomainnamenserverAllow incoming from all
IPv6 Neighbor DiscoveryAllow incoming from all
Ping-DienstAllow incoming from all
System policy for inbound trafficDeny other incoming traffic
System policy for outbound trafficAllow other outbound traffic
System policy for forwarding trafficWeiterleitung von sonstigem Traffic verweigern

Thanks and Best
Tom
 
Hi Tom,

Also a fairly new Pleskian and I have a question similar to yours and default rules similar to yours. Did you ever get an answer anywhere?

- Scott
 
The Plesk Firewall on Linux utilizes iptables. When you go to apply the changes you can choose to view a preview which will give you a bash script of what it's going to be running. You could, technically, save that script. The way it's applied is automatically determine based off of the rules you have set up. You can learn more from this article:
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Thanks! Looking for more of a "what/why" than a "how" type of explanation or pointer to some resources to learn.

More along the lines of this (from Smashing Mag Firewalls Intro article):

For a basic Web and email server with the Plesk management interface, you could configure your firewall to:

  • Allow incoming connections from anywhere to TCP ports 25 (SMTP), 80 (Web server), 110 (POP email accounts), 143 (IMAP email accounts), 443 (secure Web server), 587 (SMTP)
  • Restrict incoming connections to ports TCP 22 (SSH), 8443 (Plesk unless you use Plesk to configure the firewall)
  • Allow outgoing connections from any port on the server to the remote TCP ports 25 (SMTP), 80 (web), 443 (secure web), 587 (SMTP) and UDP 53 (DNS lookups)
  • Deny everything else
If you allow additional services, you will need to open up additional ports. This could include automatic backups, security scans or remote database access.
Click to expand...
 
You must log in or register to reply here.

Similar threads

J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
407
Johnny9977
J
V
Issue Smarthost + SRS = relay?
Replies
2
Views
826
vanlier
V
gennolo
Issue Cannot update an existing firewall rule to allow all ips
Replies
2
Views
835
gennolo
gennolo
M
Question Accessing to mail (send & receive) only from one country
Replies
1
Views
398
Kaspar@Plesk
Kaspar@Plesk
L
Resolved Mailman3 with plesk
Replies
2
Views
650
Larian
L
Back
Top