• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Unable to activate firewall changes

I

iainh

Basic Pleskian
I have posted this previously (http://talk.plesk.com/threads/modify-plesk-firewall-rules-never-completes.326239/) but not really got any answer.

I am running 12.0.18 Update #27 on CentOS 6.6 and while I can make changes to firewall rules, I cannot activate them. Importantly, I need to permit my ISPs sysadms to SSH to the box and am unable to grant them permission and so this is an important issue.

So sequence is:
  1. Make firewall change
  2. Click Apply changes
  3. Optionally review the script generated to apply the change(s)
  4. Click Activate button
  5. Get message: "Applying in progress. If your browser shows connection error messages, or if this screen does not disappear in more than 30 seconds, go to previous page" and there we stay indefinately
If I disable firewall updates, it can be problematic to reactivate changes and much like attempting to Active rule changes, switcinhg the update facility on and off also often does nothing. However, I did deactive and finally reactive the option to customise the firewall by trying many times, but no matter how many times I try the 'Activate' actual changes, the update NEVER completes and no changes are applied.

Last time IgorG suggested checking a number of logs which I have done and none show any errors.

I have looked to run the automatically generated script manually so as to observe any errors, but that just gives a 'bad interpreter' error.

I've then looked at Plesk 11 Set firewall rules manually (http://serverfault.com/questions/486115/plesk-11-set-firewall-rules-manually)) and insteringly looking at
/usr/local/psa/var/modules/firewall/firewall-active.sh I can see a default file of 542 bytes which isn't the running config...if it was, my ISP sysadms would be able to get into the VPS.

So is there are real practical advice on any of:
  1. Actually making the 'Activate' (updated firewall rules) process complete and do something
  2. Applying firewall changes from the CLI, either by running the automatically generated script or by other means
Thx
 
Is there any update on this? I *really* do need to be able to update the firewall. To expand on what is explained above:
  1. When I view the firewall it shows:
    1. Parallels Customer & Business Manager payment gateways - Allow incoming from [IP1], [IP2]
    2. Plesk administrative interface - Allow incoming from [IP1], [IP2]
    3. FTP server - Allow incoming from [IP1], [IP2]
    4. SSH (secure shell) server - Allow incoming from [IP1], [IP2]
    5. MySQL server - Allow incoming from [IP1], [IP2]
    6. Everything else is in a default Allow incoming from all
Basically, the idea is to limit access to admin functions to IPs I use ([IP1] and [IP2]) and keep unwanted people away. Now what follows is conflicting information:
  1. The hosting company sysadms say they cannot access the VPS via SSH and this would be consistent with the restriction on SSH access shown above. The update I want to apply is to permit the hosting company to get to the box if ever needed. This could become an urgent issue should there be an issue. So this result says the firewall config is applied and working - the hosting company sysadms cannot get in from [IP3], but...
  2. A security scan of the VPS says FTP (port 21) and SSH (port 22) are open. This obviously contradicts the hosting company sysadms saying they can't connect
  3. Not being on to believe everything I'm told, I made a couple of connections via my mobile, in effect testing [IP4] and [IP5] and sure enough, I could log into the Plesk admin console, start an SFTP session, start an SSH (terminal) session and connect via FTP and so clearly ports 21 and 22 are open and access to the 'Plesk administrative interface' is *not* restricted, no matter what the UI says
Now I guess the results of my experiment mean the host sysadms should be able to connect via SSH as the apparent firewall restrictions clearly are *not* in place, however this means I have two issues:
  1. The changes that the UI *think* are in place clearly are not...although I did have an almightly problem trying to apply them...although clearly they never were applied
  2. The pending change which is to extend SSH access to [IP1], [IP2] (both me) and [IP3] (the hosting cpany sysadms) will not complete. It knows of the pending change, tells me to activate them (it), we get to the Activate button and click it and then the update never completes and I'm left being told; ...or if this screen does not disappear in more than 30 seconds...
So is there any way to either:
  1. Make the UI firewall update complete. I have tried *many* times including viewing the pre-build update script, or
  2. Manually update the firewall from the CLI, maybe by running the pre-built update script somehow? This way I might at least see any errors that are generated
I'm on CentOs 6.6 and Plesk 12.0.18 Update #29, last updated at Dec 18, 2014 03:30 AM. Thx
 
You must log in or register to reply here.

Similar threads

A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
487
andg
A
F
Question IPv4 forwarding rule
Replies
8
Views
380
alvarezcruz
alvarezcruz
A
Issue Firewall enabled but rules still gray
Replies
8
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
S
Issue Cant activate the plesk firewall
Replies
5
Views
2K
martinez.marcias@gmai
M
Back
Top