How to manage local firewall rules using Plesk Firewall in Plesk for Linux

Below is an example of adding a rule that will allow connections to custom SSH port 2222.

1. Click Add a firewall rule button.

   

2. Fill in the fields and click Save:

   • Name of the rule: Custom SSH port
   • Match direction: Incoming
   • Action: Allow
   • Ports: TCP 2222
   • Sources: Specify IP addresses from which SSH connections will be allowed. In this example, SSH connections to a custom port are allowed from 203.0.113.2.

   

3. Click Apply Changes.

   

Use the /usr/local/psa/bin/modules/firewall/settings utility to manage Plesk Firewall in a command-line interface.

For a complete list of available options, run this help command:

# /usr/local/psa/bin/modules/firewall/settings --help

Below is an example of enabling Plesk Firewall:

1. Connect to a Plesk server via SSH in 2 separate SSH windows.

2. On the SSH windows A, enable the firewall:

   # /usr/local/psa/bin/modules/firewall/settings -e

3. On the SSH window B, confirm the changes within 60 seconds:

   # /usr/local/psa/bin/modules/firewall/settings --confirm

   All predefined by Plesk rules that are required for Plesk functionality will be enabled.

Below is an example of adding a new rule with the name "My rule" which will deny incoming connections from 203.0.113.2 on ports 2222/tcp, 2222/udp:

1. Connect to a Plesk server via SSH in 2 separate SSH windows.

2. On the SSH window A, create a new rule and apply it:

   # /usr/local/psa/bin/modules/firewall/settings -s -name 'My rule' -direction input -action deny -ports '2222/tcp,2222/udp' -remote-addresses "203.0.113.2"

   # /usr/local/psa/bin/modules/firewall/settings -a

3. Back to the SSH window B, confirm the changes within 60 seconds:

   # /usr/local/psa/bin/modules/firewall/settings -c