• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

iptables and plesk

T

tantrileft

Guest
i want to block a LOT of country with ip tables.

i have to insert something like 3000 lines of iptables commands.

i tried manually with a bash script and iptables crashed. (even if it would have not crashed it would have been unuseful because plesk would have then overwritten the tables).

i have seen that plesk store in mysql db all the datas about the iptables rules.

may i have a SQL script to insert in the mysql psa db the rules i want (3000 of them) without having iptables crash and without any problem?

is there not a way to use iptables-save/restore with plesk iptables?

thanks

stefano
 
Id just turn the psa firewall off then. Its really just a web gui on the same thing, and cant really do anything particularly powerful with netfilter. I'm running around 30,000 rules on my systems, so I can definitely say it can handle that many (and more, all documented in my book)

Quick and dirty script to do what you want here:

1) make a file, list the networks or hosts you want to block. One per line. Call it: shunlist, put it in /etc/rc.d

2) The script, or function to add to your firewall script:

#!/bin/sh
SHUNLIST=/etc/rc.d/shunlist

for i in `cat $SHUNLIST`; do
iptables -A INPUT -s $i -j DROP
done

And thats it
 
by "turning off" psa firewall you mean to remove the firewall module?
would this have no effects on the iptables standar standard (not psa) on the machine?

thanks!!!

Originally posted by atomicturtle
Id just turn the psa firewall off then. Its really just a web gui on the same thing, and cant really do anything particularly powerful with netfilter. I'm running around 30,000 rules on my systems, so I can definitely say it can handle that many (and more, all documented in my book)

Quick and dirty script to do what you want here:

1) make a file, list the networks or hosts you want to block. One per line. Call it: shunlist, put it in /etc/rc.d

2) The script, or function to add to your firewall script:

#!/bin/sh
SHUNLIST=/etc/rc.d/shunlist

for i in `cat $SHUNLIST`; do
iptables -A INPUT -s $i -j DROP
done

And thats it
Click to expand...
 
thanks.. i was also thinking about another solution. inserting directly the rules in the psa database. but i see that the rules seem encrypted...

INSERT INTO `module_firewall_rules` (`id`, `configuration_id`, `direction`, `priority`, `object`) VALUES
(19, 1, 0, 0, 0x613a343a7b733a343a2274797065223b733a383a226361746368616c6c223b733a353a22636c617373223b733a383a226361746368616c6c223b733a393a22646972656374696f6e223b733a353a22696e707574223b733a363a22616374696f6e223b733a353a22616c6c6f77223b7d),


is it "object" the rule? how to encrypt it like that?
 
You must log in or register to reply here.

Similar threads

A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
493
andg
A
F
Question IPv4 forwarding rule
Replies
8
Views
386
alvarezcruz
alvarezcruz
F
Issue Fail2ban error with Almalinux ¿nf_tables?
Replies
1
Views
715
Fede Marsell
F
O
Resolved Update Plesk 18.0.68 on CentOS7 result in no website reachable and email not working anymore
Replies
3
Views
632
Onkeltom01
O
G
Issue restore database to mariadb 11.7.2 (Docker) create 500 exception
Replies
1
Views
403
gbailey123
G
Back
Top