• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Which Firewall?

Z

zboyblue

Guest
I am curious as to people's opinion on which Firewall setup to use.

I am currently using iptables in my Cisco router as my firewall solution but would like to use something a little more user friendly and maybe better (if possible).

I thought about maybe something like a stand alone linux machine running some sort of firewall software that makes the sole purpose of that machine a firewall.

I also thought about opening all ports coming to Plesk in my current setup and using the Plesk firewall built into Plesk. The downside to this I guess is that you then allow traffic to come inside your network before stopping it at the box. Plus that would only make configing that machine easy as opposed to the whole network.

What would you reccommend as the best solution?

Craig
 
Hello

I am not too sure but doesn't the 'Plesk' firewall just use iptables?

Anyway I turned it on for good measure :)

I also use apf with bfd.

Any other recommendations anyone?

Alan
 
What is apf with bfd? I have heard that before but I cannot remember where and am not quite sure what it is.

Craig
 
APF - Advanced Policy Firewall

BFD - Brute Force Detection

What BFD does if it detects anyone using some war script which try every password combation via your server SSH or FTP and BFD will detect it and add the ip it coming from to the APF firewall blocking all access to the server on all ports ..

You can add your own ip to the APF allow host so in case you accidently type in wrong password several time in a row and get detected by BFD then it won't lock you out of your own server ..

APF also come with a antidos so if anyone doing a mass tcp packet to your server it will add and block those ips as well too.


APF website - http://www.rfxnetworks.com/proj.php

Bill
 
Oh wow, that sounds cool.

Can you install them on different servers and have them still work together like that?

For instance could you put BDF on your Plesk server to detect the brute force and put the APF on another standalone server that acts as a firewall for your system? That way if they get blocked it is fron the entire network?

Know what I mean? Ideas?

Craig
 
Technically it's possible to do that by copying the deny IP list from the server BFD's running on to your gateway firewall - rsync or similar would do it.
 
Is that like super hard or not really "real time" or anything that would make it undesirable?

I am just wondering the "best" firewall solution for both my Plesk box and my network too. (Our Plesk box is on our network along with all our workstations, etc)

Let me know your thoughts!


Craig
 
You must log in or register to reply here.

Similar threads

TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
F
Question IPv4 forwarding rule
Replies
8
Views
398
alvarezcruz
alvarezcruz
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
3K
Raul A.
R
WebHostingAce
Plesk Firewall Extension and Almalinux 8.10 Network Issue
Replies
13
Views
2K
rbstern
rbstern
B
Resolved Update broke FTP access
Replies
5
Views
964
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top