Predefined Firewall Rules Specifications in Plesk Panel
The following table lists the system services to which you can restrict access using the Firewall’s predefined rules.
Parallels Plesk Panel administrative interface TCP 8443
Samba (file sharing on Windows networks) UDP 137, UDP 138, TCP 139, TCP 445
Parallels Plesk Panel VPN UDP 1194
WWW server TCP 80, TCP 443
FTP server TCP 21
SSH (secure shell) server TCP 22
SMTP (mail sending) server TCP 25, TCP 465
POP3 (mail retrieval) server TCP 110, TCP 995
IMAP (mail retrieval) server TCP 143, TCP 993
Mail password change service TCP 106
MySQL server TCP 3306
PostgreSQL server TCP 5432
Tomcat administrative interface TCP 9008, TCP 9080
Domain name server UDP 53, TCP 53
Install the Parallels Plesk Panel Firewall module through the command line
Note: Parallels Plesk Panel Firewall module and other modules that come with Parallels Plesk Panel are located in the directory /opt/modules of Parallels Plesk Panel distribution.
You can install the Parallels Plesk Panel Firewall module to the Parallels Plesk Panel server in two ways: from the Parallels Plesk Panel interface (recommended), and from the command line.
Login as root to the server, where Parallels Plesk Panel is installed.
Run the command /plesk_installation_directory/admin/bin/modulemng –install –file=[plesk_firewall_module_filename], where ‘plesk_installation_directory’ is the directory you installed Parallels Plesk Panel to.
Example:
/usr/local/psa/admin/bin/modulemng –install –file=/opt/modules/firewall.rpm
Plesk Panel Firewall Module
Parallels Plesk Panel Firewall is a module that protects your Parallels Plesk Panel-enabled server and private network from unauthorized access.
To install the Parallels Plesk Panel Firewall module through the Parallels Plesk Panel interface:
1. Login as administrator to the Parallels Plesk Panel.
2. Click the Modules shortcut in the navigation panel > Manage Modules > Add New Module.
3. Select a module package file, and click OK.
To install the Parallels Plesk Panel Firewall module through the command line:
1. Login as root to the server, where Parallels Plesk Panel is installed.
2. Run the command /plesk_installation_directory/admin/bin/modulemng –install –file=[plesk_firewall_module_filename], where ‘plesk_installation_directory’ is the directory you installed Parallels Plesk Panel to.
Example:
/usr/local/psa/admin/bin/modulemng –install –file=/opt/modules/firewall.rpm
Source : http://parallels.com/Plesk/
Configuring Firewall Pleask firewall ports
Make sure these ports are opened for all Parallels Plesk Panel services to work with a firewall:
* 20 for ftp-data;
* 21 for ftp;
* 22 for ssh;
* 25 for smtp;
* 53 for dns (TCP and UDP);
* 80 for http (web server and Parallels Plesk Panel updater);
* 106 for poppassd (for localhost only);
* 110 for pop3;
* 113 for auth;
* 143 for imap;
* 443 for https;
* 465 for smtps;
* 587 for mail message submission;
* 990 for ftps;
* 993 for imaps;
* 995 for pop3s;
* 3306 for mysql;
* 5224 for (outgoing connections only) plesk-license-update;
* 5432 for postgres;
* 8443 for plesk-https;
* 8880 for plesk-http;
* 9080 for tomcat;
* 5224 for license updates.
Basic iptables Firewall policies (-P)
The following rules block all incoming and outgoing packets on a network gateway:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Forwarded packets denied. To do this, use the following rule:
After setting the policy chains, you can create new rules for your particular network and security requirements.
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules. iptables uses policies (-P) to create default rules.
