• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question What firewall rules are useful?

B

BMG Germany

New Pleskian
Hi.

I have a new Plesk installation on my server.
The firewall rules are as follows. Can someone give me a tip on how to set this up in the most sensible way?
And is it possible to restore the firewall rules from a backup via Acronis etc.?

DHCP clientAllow incoming from all
FTP server passive portsAllow incoming from all
Plesk InstallerAllow incoming from all
Plesk-management interfaceAllow incoming from all
WWW-ServerAllow incoming from all
FTP-ServerAllow incoming from all
SSH-Server (Secure-Shell-Server)Allow incoming from all
SMTP-Server (Übermittlungsport)Allow incoming from all
SMTP-Server (für E-Mail-Versand)Allow incoming from all
POP3-Server (für E-Mail-Empfang)Allow incoming from all
IMAP-Server (für E-Mail-Empfang)Allow incoming from all
Password Change Servicefür E-MailAllow incoming from all
MySQL-ServerAllow incoming from all
PostgreSQL-ServerAllow incoming from all
Samba (Dateifreigabe in Windows-Netzwerken)Allow incoming from all
DomainnamenserverAllow incoming from all
IPv6 Neighbor DiscoveryAllow incoming from all
Ping-DienstAllow incoming from all
System policy for inbound trafficDeny other incoming traffic
System policy for outbound trafficAllow other outbound traffic
System policy for forwarding trafficWeiterleitung von sonstigem Traffic verweigern

Thanks and Best
Tom
 
Hi Tom,

Also a fairly new Pleskian and I have a question similar to yours and default rules similar to yours. Did you ever get an answer anywhere?

- Scott
 
The Plesk Firewall on Linux utilizes iptables. When you go to apply the changes you can choose to view a preview which will give you a bash script of what it's going to be running. You could, technically, save that script. The way it's applied is automatically determine based off of the rules you have set up. You can learn more from this article:
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Thanks! Looking for more of a "what/why" than a "how" type of explanation or pointer to some resources to learn.

More along the lines of this (from Smashing Mag Firewalls Intro article):

For a basic Web and email server with the Plesk management interface, you could configure your firewall to:

  • Allow incoming connections from anywhere to TCP ports 25 (SMTP), 80 (Web server), 110 (POP email accounts), 143 (IMAP email accounts), 443 (secure Web server), 587 (SMTP)
  • Restrict incoming connections to ports TCP 22 (SSH), 8443 (Plesk unless you use Plesk to configure the firewall)
  • Allow outgoing connections from any port on the server to the remote TCP ports 25 (SMTP), 80 (web), 443 (secure web), 587 (SMTP) and UDP 53 (DNS lookups)
  • Deny everything else
If you allow additional services, you will need to open up additional ports. This could include automatic backups, security scans or remote database access.
Click to expand...
 
i have a firewall option before it hits the server, and then we have a firewall within plesk itself, i'd like to give plesk additional security so i can limit who can access port 22

see example rules below that i had setup, it works but with this setup, wordpress integrity checker no longer works and it reports all wordpress websites are showing "Unresponsive WordPress site" within the dashboard and wordpress websites take longer to load, once the firewall is disabled, it runs normally

1741572725192.png
 
You must log in or register to reply here.

Similar threads

R
Question Disable FTP on single ip address
Replies
3
Views
323
Kaspar
K
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
635
Vladimir C.
V
TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
Back
Top