• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question What firewall rules are useful?

B

BMG Germany

New Pleskian
Hi.

I have a new Plesk installation on my server.
The firewall rules are as follows. Can someone give me a tip on how to set this up in the most sensible way?
And is it possible to restore the firewall rules from a backup via Acronis etc.?

DHCP clientAllow incoming from all
FTP server passive portsAllow incoming from all
Plesk InstallerAllow incoming from all
Plesk-management interfaceAllow incoming from all
WWW-ServerAllow incoming from all
FTP-ServerAllow incoming from all
SSH-Server (Secure-Shell-Server)Allow incoming from all
SMTP-Server (Übermittlungsport)Allow incoming from all
SMTP-Server (für E-Mail-Versand)Allow incoming from all
POP3-Server (für E-Mail-Empfang)Allow incoming from all
IMAP-Server (für E-Mail-Empfang)Allow incoming from all
Password Change Servicefür E-MailAllow incoming from all
MySQL-ServerAllow incoming from all
PostgreSQL-ServerAllow incoming from all
Samba (Dateifreigabe in Windows-Netzwerken)Allow incoming from all
DomainnamenserverAllow incoming from all
IPv6 Neighbor DiscoveryAllow incoming from all
Ping-DienstAllow incoming from all
System policy for inbound trafficDeny other incoming traffic
System policy for outbound trafficAllow other outbound traffic
System policy for forwarding trafficWeiterleitung von sonstigem Traffic verweigern

Thanks and Best
Tom
 
Hi Tom,

Also a fairly new Pleskian and I have a question similar to yours and default rules similar to yours. Did you ever get an answer anywhere?

- Scott
 
The Plesk Firewall on Linux utilizes iptables. When you go to apply the changes you can choose to view a preview which will give you a bash script of what it's going to be running. You could, technically, save that script. The way it's applied is automatically determine based off of the rules you have set up. You can learn more from this article:
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Thanks! Looking for more of a "what/why" than a "how" type of explanation or pointer to some resources to learn.

More along the lines of this (from Smashing Mag Firewalls Intro article):

For a basic Web and email server with the Plesk management interface, you could configure your firewall to:

  • Allow incoming connections from anywhere to TCP ports 25 (SMTP), 80 (Web server), 110 (POP email accounts), 143 (IMAP email accounts), 443 (secure Web server), 587 (SMTP)
  • Restrict incoming connections to ports TCP 22 (SSH), 8443 (Plesk unless you use Plesk to configure the firewall)
  • Allow outgoing connections from any port on the server to the remote TCP ports 25 (SMTP), 80 (web), 443 (secure web), 587 (SMTP) and UDP 53 (DNS lookups)
  • Deny everything else
If you allow additional services, you will need to open up additional ports. This could include automatic backups, security scans or remote database access.
Click to expand...
 
You must log in or register to reply here.

Similar threads

gennolo
Issue Cannot update an existing firewall rule to allow all ips
Replies
2
Views
617
gennolo
gennolo
A
Question Disable local mail delivery
Replies
3
Views
214
Kaspar
K
A
Question Some security questions
Replies
2
Views
177
amba1980
A
Thomas Wilhelmi
Issue Firewall and IPv6
Replies
5
Views
770
Thomas Wilhelmi
Thomas Wilhelmi
WhiteTiger
Issue Firewall blocks port 22 with "Allow" rule
Replies
3
Views
644
WhiteTiger
WhiteTiger
Back
Top