Plesk Firewall Logging
Since version 8.0, Plesk has included a firewall module. This module is accessible from the control panel and makes it easy to configure your itpables-based firewall rules.
Though the module provides an easy to use interface for configuring the firewall, the tool does not configure firewall logging. When trying to debug connection issues, firewall logging is very useful. You can enable logging with the Plesk firewall by manipulating the firewall at the command line.
The procedure is easy but you not to make any errors as manipulating iptables always carries the risk of locking your self out of your server. If you are not familiar with iptables, check out this great introductory iptables tutorial.
Enable Firewall Logs
To enable logging, we use this quick workaround:
We create a new firewall chain for logging purposes. While there are many options for iptables, we just configure a simple logging rule called LOGDROP.
/sbin/iptables -N LOGDROP /sbin/iptables -A LOGDROP -j LOG /sbin/iptables -A LOGDROP -j DROP
Once you create the rules, you then need to delete the normal drop rule. You can find the number of this rule with:
iptables --line-numbers -nL
and then remove it:
iptables -D INPUT 35
Where 35 is the last rule. Your number may vary.
We can now append our drop rule:
/sbin/iptables -A INPUT -j LOGDROP
In a few moments, check your /var/log/messages for firewall log messages. This is not permanent logging. Logging will be reset if you edit the firewall in the control panel or reboot the system.
This is just a simple way to turn on logging quickly while making minimum changes to the Plesk firewall system. However, if you reset the firewall using either the Plesk control panel of via the command line using the psa-firewall script, you will need to repeat this process.
In practice, I typically only enable logging when required and just use the Plesk panel to manage the firewall. If someone out there figures out how to inject these rules into the MySQL tables that Plesk uses for iptable rule’s management, please let me know.
Latest posts by Jeff Huckaby (see all)
- Warning: Hackers Are Using SSH Tunnels to Send Spam - March 5, 2014
- Plesk: SMTP Authentication Not Working on Port 587 - February 28, 2014
- How To Set Up SPF & Greylisting on Plesk 11 [Video] - February 25, 2014