Knowledge Base

Fail2ban extension hangs in Plesk: iptables: Too many links.n

 
fail2banfirewallhttpsipplesk firewall

Symptoms

  1. Disabling Plesk Firewall in Tools and Settings > Firewall deletes Fail2Ban chains in iptables. Iptables gets empty.
  2. Errors in /var/log/fail2ban.log: 
     fail2ban.actions        [13400]: ERROR   Failed to stop jail 'plesk-wordpress-j' action 'iptables-multiport': Error stopping action
     fail2ban.jail           [13400]: INFO    Jail 'plesk-wordpress-j' stopped
     fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
     iptables -F f2b-plesk-wordpress
     iptables -X f2b-plesk-wordpress -- stdout: ''
     fail2ban.action         [13400]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-plesk-wordpress
     iptables -F f2b-plesk-wordpress
     iptables -X f2b-plesk-wordpress -- stderr: 'iptables: Too many links.n'
  3. Iptables rules are empty despite the fact that Fail2ban service is running on the server:

    # iptables -nL
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

  4. When Fail2ban is restarted, iptables chains get updated to correct ones and errors stop being logged to /var/log/fail2ban.log.

Cause

Plesk bug with ID #PPPM-5090 which is planned to be fixed in future updates.

Resolution

As a workaround, save existing iptables rules and disable Plesk Firewall:

  1. Login to Plesk 
  2. Disable Fail2ban at Tools & Settings > Services Management > IP Address Banning (Fail2ban)
  3. Enable Plesk Firewall at Tools & Settings > Firewall > Enable Firewall Rules Management
  4. Login to Plesk server via SSH
  5. Save iptables configuration:

    # iptables-save > /root/iptables-settings.conf

  6. Disable Plesk Firewall in Tools & Settings > Firewall > Enable Firewall Rules Management
    Restore iptables rules from file:

    # iptables-restore < /root/iptables-settings.conf

  7. Enable Fail2ban back at Tools & Settings > Services Management > IP Address Banning (Fail2ban)
  8. Modify
    /etc/rc.d/rc.local script
     , so that iptables rules are applied at boot time:

    # echo “iptables-restore < /root/iptables-restore.conf” >> /etc/rc.d/rc.local

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt