Knowledge Base

Fail2Ban iptables rules can be erased sometimes by disabling Plesk Firewall

Symptoms

When Fail2Ban is enabled and has already banned some IP addresses, its rules in iptables can be removed when Plesk Firewall is disabled.

Cause

Plesk bug PPPM-9399 that is planned to be fixed in future updates.

Resolution

Until the bug is fixed, use the workaround:

Connect to the server using SSH.
Open the file /etc/init.d/psa-firewall for editing and modify it as follows:
- Before:
  
  if "$emergency"; then
  echo "$SERVICE_NAME: firewall successfully disabled"
  exit 0
  else
  echo "$SERVICE_NAME: failed to disable firewall"
  exit 1
  fi
- After:
  
  if "$emergency"; then
  echo "$SERVICE_NAME: firewall successfully disabled"
  
  if [ "active" == `/bin/systemctl is-active fail2ban.service` ] ; then
  echo "$SERVICE_NAME: fail2ban will restart now."
  systemctl restart fail2ban.service &
  else
  echo "$SERVICE_NAME: fail2ban is not active and will not be restarted."
  fi
  exit 0
  
  else
  echo "$SERVICE_NAME: failed to disable firewall"
  exit 1
  fi

Note: After this modification, Fail2Ban service will be restarted on Plesk firewall disable action.

Related Posts

How to Use Fail2ban to Secure Your Linux Server (CentOS, Ubuntu, Debian, Fedora, and Plesk)

How to Avoid High CPU Load and Block Hackers and Bad Bots Effectively

Full Site Check now scans for Google Fonts

Knowledge Base

[BUG] PCI compliance scan shows a warning: CVE-2000-0649

On Plesk for Linux server, deny rules set up in Plesk Firewall do not block connections to Docker container

Various actions fail in Plesk with Fail2Ban installed after server reboot: Unable to open file /run/lock/files/, There is no directory /var/run/

Unable to open Updates & Upgrades on Plesk for Linux: ERR_CONNECTION_TIMED_OUT

Hosting Wiki