Symptoms
-
Plesk Firewall can not be enabled with one of the following errors:
The firewall configuration has failed.
I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to the configuration without rules was performed. Firewall is now disabled. Fix your rules and try again.The firewall configuration has failed.
Command '['/usr/local/psa/var/modules/firewall/firewall-emergency.sh']' timed out after 5 seconds -
In some cases nginx restarts for quite a long time, for example:
# time plesk sbin pleskrc nginx try-restart
real 0m12.762s
user 0m0.076s
sys 0m0.052s -
Or Iptables is operating slow and cause the following command to take long time:
# time /usr/local/psa/var/modules/firewall/firewall-new.sh
real 0m25,584s
user 0m0,294s
sys 0m0,858s
Cause
Product issue:
- #EXTPLESK-4587 "Firewall may fail to apply configuration if nginx restart takes too much time"
Fixed in:- Firewall 2.0.2 4 May 2023
Resolution
-
Update the Plesk Firewall extension to the version 2.0.2 or higher.
-
Extend the confirmation timeout by adding the following lines to the end of
panel.ini
file with this instructions:[ext-firewall]
confirmTimeout = 15 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 60 ; the timeout in seconds for the --confirm CLI command
Workaround
If an update is not possible for some reason try the following workaround: