Previous Topic

Next Topic

Book Contents

Book Index

Adding a Custom Rule

On the Firewall management page you can perform the following operations:

This section describes how to choose a required mode and add new rules.

The Firewall module has two modes:

In the Active mode, you cannot make changes to the active firewall configuration or apply individual rules on-the-fly as immediate application of a misconfigured rule could expose your server to a security threat or result in network disruption. In this mode, you can only view the existing firewall configuration. To configure firewall rules, you need to switch the firewall to the Edit mode.

To switch to the Edit mode:

Click the Edit Firewall Configuration button on the Firewall management page.

To switch to the Active mode:

Click the Revert to the Active Configuration button.

To add a custom rule:

  1. Switch to the Edit mode and click Add Custom Rule (in the Active mode, this button is not available).
  2. On the Custom Rule page, enter the name of the new rule in the Name of the rule field.
  3. Using the option buttons below, select one of the following communication directions: Incoming for the communications inbound to the server, Outgoing for communications outbound from this server, or Forwarding for communications transiting through your server in any direction.

    For incoming communications you can specify the destination ports on your server, the protocol used for this communication, and the IP address the communications come from (see steps 4 and 5).

    For outgoing communications you can specify the destination ports, destination IP address, and the protocol used for the communication (see steps 4 and 5).

    For transit communications going through the server, you can specify the destination ports and source / destination IP addresses (see steps 4 and 5).

  4. To specify the port number, type it into the Add port input box, and click Add. To remove a port number from the existing rule, select it from the list and click Remove. If the list of ports is empty, this rule will be applied to all TCP and UDP ports.
  5. To specify the IP address or network address, type it into the Add IP address or network input box, and click Add. To remove an IP address or network from the list, select it in the list and click Remove. If the list of IP addresses is empty designates, this rule will be valid for all IP addresses.
  6. Specify the action that will be applied to the communications that match the defined criteria: allow or deny.
  7. Click OK to submit the rule.

After you have defined all required rules, click Activate to apply them to your system. A confirmation screen will open, from which you can preview the shell script generated to apply your rules (this might be of interest only to advanced users). Click Activate to apply the new configuration.

When the module will be applying the new configuration, it will check for connection with the control panel. If there are some connection problems, the Firewall module will automatically revert to the previous active configuration in 60 seconds. Thus, if you misconfigure your firewall in such a way that access to your control panel is prohibited even for you, this wrong configuration will be automatically discarded and you will be able to access your server in any case.

Note: Unless your configuration is activated, you have a chance to discard all the rules you configured. To do this, click the Revert to Active Configuration button.

Under FreeBSD, all currently established TCP connections will drop when the new configuration is activated!

See Also

Using Plesk™ Firewall

Terms and Definitions

How to Access Plesk Firewall

Managing Custom Rules

Managing Access to System Services

Managing System Policies