Symptoms
When Fail2Ban is enabled and has already banned some IP addresses, its rules in iptables can be removed when Plesk Firewall is disabled.
Cause
Plesk bug PPPM-9399 that is planned to be fixed in future updates.
Resolution
Until the bug is fixed, use the workaround:
- Connect to the server using SSH.
-
Open the file
/etc/init.d/psa-firewall
for editing and modify it as follows:-
Before:
if "$emergency"; then
echo "$SERVICE_NAME: firewall successfully disabled"
exit 0
else
echo "$SERVICE_NAME: failed to disable firewall"
exit 1
fi -
After:
if "$emergency"; then
echo "$SERVICE_NAME: firewall successfully disabled"if [ "active" == `/bin/systemctl is-active fail2ban.service` ] ; then
echo "$SERVICE_NAME: fail2ban will restart now."
systemctl restart fail2ban.service &
else
echo "$SERVICE_NAME: fail2ban is not active and will not be restarted."
fi
exit 0else
echo "$SERVICE_NAME: failed to disable firewall"
exit 1
fi
-
Note: After this modification, Fail2Ban service will be restarted on Plesk firewall disable action.