• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Plesk 17.8 Firewall and default input chain rules

websavers

websavers

Regular Pleskian
Hey there,

With Plesk 17.5 and earlier our defaults always seemed to be to have the system policy for the INPUT chain to deny all, then rely upon the exceptions Plesk sets up for us to allow traffic. This has always worked great.

But with 17.8 the default appears to have the system policy set to allow all on the input chain. This seems like a bad idea to me -- anything I'm missing about this?

The problem is that when we change it to deny all as the system policy, all traffic that originates on the server and either is headed outbound is *also* denied, causing website loading issues.

Is this last issue the reason why it's allow by default? And if so, what's the deal with it? Why does it behave counterintuitively?
 
Well I have no issues (Ubuntu 16.04 & Centos 7.5) when I deny System policy for incoming traffic

Therefor take into consider to tell the comunity more details about your system OS, Version and is this a fresh installation of onyx or did you upgrade? , do you use IP-V4 only or also IP V6 and the exact issue you have when you deny the policy.

Well sometimes it helps when you remove the firewall component and install it immediately and configure it for your needs
 
You must log in or register to reply here.

Similar threads

TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
3K
Raul A.
R
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
2K
Linulex
Linulex
E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
3K
epertinez
E
A
Question Some security questions
Replies
2
Views
1K
amba1980
A
Back
Top