• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Firewall hardening

K

kojot

Regular Pleskian
Hi,

I know it is pretty simple to use Plesk firewall, but I need advice for 3 rules.
This is webserver with few sites, and access to SSH, FTP, MySQL I allowed only from few IP addresses.
Mail ports should be open, and also WWW.
I wan't to close everything else, but I'm not sure can I safely do that with

Domain name server Allow incoming from all
IPv6 Neighbor Discovery Allow incoming from all
Ping service Allow incoming from all

Should I block it, I believe that Ping and Neighbor discovery can with no problem, but what about DNS? What is purpose of this rule?
For domains for these websites hosted on server, I using nameservers from provider where we bought domains.

This is status of current iptables
iptables.JPG
 
Hi Coyote,

if you are not running any DNS service on the server, then you can just block it indeed.
IPv6 can be blocked if you are not on a IPv6 enabled network. (Then you won't have any IPv6 neighbours ;-) )
I always block ping
 
CoyoteKG said:
Hi Dennis, thx for suggestions :)
Click to expand...
However for hardening I'd look into a few other options as well:
fail2ban (aditional actions taken against violations *login fails, or custom rules*), mod_security (webserver security), mod_evasive (webserver security) and there are a load more :)
 
I already using fail2ban and mod_security, but did not know about mod_evasive. I will read more about this :)
 
Personally I'm running on a Ubuntu server and I'm using a geolocation based on IP to determine beforehand if the connection is allowed.
Afterwards the fail2ban will come into play (for SSH and FTP MySQL connections as an example)
If it pops up some interests, have a look here : Limit your SSH logins using GeoIP » Axllent.org
p.s. this does not work for CentOS and maybe other linux distributions (I'm not sure, I went to Ubuntu for this reason)
 
You must log in or register to reply here.

Similar threads

TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
M
Resolved SSH type seems disallowed on migration from WHM to Plesk
Replies
1
Views
217
MHC_1
M
A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
487
andg
A
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
635
Vladimir C.
V
Back
Top