• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question What firewall rules are useful?

B

BMG Germany

New Pleskian
Hi.

I have a new Plesk installation on my server.
The firewall rules are as follows. Can someone give me a tip on how to set this up in the most sensible way?
And is it possible to restore the firewall rules from a backup via Acronis etc.?

DHCP clientAllow incoming from all
FTP server passive portsAllow incoming from all
Plesk InstallerAllow incoming from all
Plesk-management interfaceAllow incoming from all
WWW-ServerAllow incoming from all
FTP-ServerAllow incoming from all
SSH-Server (Secure-Shell-Server)Allow incoming from all
SMTP-Server (Übermittlungsport)Allow incoming from all
SMTP-Server (für E-Mail-Versand)Allow incoming from all
POP3-Server (für E-Mail-Empfang)Allow incoming from all
IMAP-Server (für E-Mail-Empfang)Allow incoming from all
Password Change Servicefür E-MailAllow incoming from all
MySQL-ServerAllow incoming from all
PostgreSQL-ServerAllow incoming from all
Samba (Dateifreigabe in Windows-Netzwerken)Allow incoming from all
DomainnamenserverAllow incoming from all
IPv6 Neighbor DiscoveryAllow incoming from all
Ping-DienstAllow incoming from all
System policy for inbound trafficDeny other incoming traffic
System policy for outbound trafficAllow other outbound traffic
System policy for forwarding trafficWeiterleitung von sonstigem Traffic verweigern

Thanks and Best
Tom
 
Hi Tom,

Also a fairly new Pleskian and I have a question similar to yours and default rules similar to yours. Did you ever get an answer anywhere?

- Scott
 
The Plesk Firewall on Linux utilizes iptables. When you go to apply the changes you can choose to view a preview which will give you a bash script of what it's going to be running. You could, technically, save that script. The way it's applied is automatically determine based off of the rules you have set up. You can learn more from this article:
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Thanks! Looking for more of a "what/why" than a "how" type of explanation or pointer to some resources to learn.

More along the lines of this (from Smashing Mag Firewalls Intro article):

For a basic Web and email server with the Plesk management interface, you could configure your firewall to:

  • Allow incoming connections from anywhere to TCP ports 25 (SMTP), 80 (Web server), 110 (POP email accounts), 143 (IMAP email accounts), 443 (secure Web server), 587 (SMTP)
  • Restrict incoming connections to ports TCP 22 (SSH), 8443 (Plesk unless you use Plesk to configure the firewall)
  • Allow outgoing connections from any port on the server to the remote TCP ports 25 (SMTP), 80 (web), 443 (secure web), 587 (SMTP) and UDP 53 (DNS lookups)
  • Deny everything else
If you allow additional services, you will need to open up additional ports. This could include automatic backups, security scans or remote database access.
Click to expand...
 
i have a firewall option before it hits the server, and then we have a firewall within plesk itself, i'd like to give plesk additional security so i can limit who can access port 22

see example rules below that i had setup, it works but with this setup, wordpress integrity checker no longer works and it reports all wordpress websites are showing "Unresponsive WordPress site" within the dashboard and wordpress websites take longer to load, once the firewall is disabled, it runs normally

1741572725192.png
 
You must log in or register to reply here.

Similar threads

J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
449
Vladimir C.
V
TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
11K
Sebahat.hadzhi
Sebahat.hadzhi
V
Issue Smarthost + SRS = relay?
Replies
2
Views
9K
vanlier
V
gennolo
Issue Cannot update an existing firewall rule to allow all ips
Replies
2
Views
953
gennolo
gennolo
Back
Top