Plesk Firewall – How to Add Logging

Timber_floating

Plesk Firewall Logging

plesk firewall uses iptablesSince version 8.0, Plesk has included a firewall module. This module is accessible from the control panel and makes it easy to configure your itpables-based firewall rules.

Though the module provides an easy to use interface for configuring the firewall, the tool does not configure firewall logging. When trying to debug connection issues, firewall logging is very useful. You can enable logging with the Plesk firewall by manipulating the firewall at the command line.

The procedure is easy but you not to make any errors as manipulating iptables always carries the risk of locking your self out of your server.  If you are not familiar with iptables, check out this great introductory iptables tutorial.

 

Enable Firewall Logs

To enable logging, we use this quick workaround:

We create a new firewall chain for logging purposes. While there are many options for iptables, we just configure a simple logging rule called LOGDROP.

/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP

Once you create the rules, you then need to delete the normal drop rule. You can find the number of this rule with:

iptables --line-numbers -nL

and then remove it:

iptables -D INPUT 35

Where 35 is the last rule. Your number may vary.

We can now append our drop rule:

/sbin/iptables -A INPUT -j LOGDROP

In a few moments, check your /var/log/messages for firewall log messages. This is not permanent logging. Logging will be reset if you edit the firewall in the control panel or reboot the system.

This is just a simple way to turn on logging quickly while making minimum changes to the Plesk firewall system.  However, if you reset the firewall using either the Plesk control panel of via the command line using the psa-firewall script, you will need to repeat this process.

In practice, I typically only enable logging when required and just use the Plesk panel to manage the firewall.   If someone out there figures out how to inject these rules into the MySQL tables that Plesk uses for iptable rule’s management, please let me know.

 

The following two tabs change content below.
Jeff is the CEO and founder of rackAID. He has been working in hosting industry since the days of Rackshack's famed customer appreciation parties back in the early 2000's. Jeff is an avid cyclist, wine enthusiast, and admitted Kraftwerk listener (please don't hold that against him). You may spot him at any number of hosting, startup and small business conferences

Latest posts by Jeff Huckaby (see all)

2 Comments

  • Ian July 3, 2012 at 11:45 am

    Hi Jeffrey,

    Thanks for this excellent post!

    I used to set up logging on my Plesk 10 server (so its still valid :))

    There’s a slight error in your code where for
    `/sbin/iptables -A LOGDROP -j DROP`
    it should be a lower case ‘j’ argument but you have it as uppercase J.

  • Jeff Huckaby December 31, 2013 at 3:13 pm

    Thanks. I fixed the post and added a bit more detail.

Post a Comment

Your email is kept private. Required fields are marked *