Regarding EOL of Onyx, this suggestion should be given up.

@PB, as far as I know HostEurope does allow OS Upgrades only over changing the machine, I had a server there, and they gave me a 2nd one for free for some time to migrate.
Also, if they update it in 17.8 u still will not get the update as the OS is not supported anymore.
So the best solution is to migrate to a newer Ubuntu and whitelist the new IP again (better even on a dedicated server or not openvZ/virtuozzo server so that you can upgrade without issues)
Ubuntu 14 is a big security trap as there are no OS nor Plesk updates anymore

please add FAIL2BAN IPv6 support for Plesk Onyx 17.8.11 - I am stuck with Ubuntu 14.04.6 LTS‬

because my VPS provider does NOT allow OS upgrade - just for the shame record it is HostEurope.de

if you do OS upgrade yourself VPS doesn't work anymore, if you let them do the OS upgrade you can't keep your current Public IP address, whitelisted at many business partners

so while waiting for them to resolve this non-sense limbo of upgrade-not-allowed, please add support for Fail2Ban IPv6 because I can see a LOT of entries in /var/log/fail2ban.log

WARNING Unable to find a corresponding IP address for --cut IPv6 cut-- [Errno -9] Address family for hostname not supported

Thank you!

+1, this should be implemented in 17.x.

IPv6 is not something of the future, it is actively being deployed. More and more access providers are providing their customers with IPv6 and bad actors will be using it as well.

+1

Elsewhere... In a recent Plesk reply on a different matter ( https://bre.is/PlP0pGLwC ) the latest "estimated" release date for Plesk Onyx 17.9 has been given as Q4 / 2019....

So in theory, that's the earliest date, that anybody who is happy with General Release status Plesk upgrades could concieve switching from Plesk 17.8 to 17.9 as opposed to this overdue feature being backported to 17.8

For historical reasons, many will justifiably wait for the Late Adopter status Plesk upgrade anyway, which will be even longer...

Assuming the Plesk posted reply is correct, THIS ALONE and regardless of all the other overwhelming data that's already been posted is sufficient reason for making 17.8 "catch up with the rest of the world" re: Fail2Ban and IPv6.

@Admin Up To Date Plesk replies are very conspicuous by their absence on here now....

I actually can't believe fail2ban doesn't work with IPv6 on Plesk. I have two servers on 17.5 and one on 17.8, and I cannot upgrade them without a huge risk to my business. Instead at some point I'll provision a new server and put the latest Plesk on it, and migrate *one* server contents to it. So that means it will be more than ONE YEAR from now before I will have IPv6 support on all servers.

Why do I migrate this way? I've been in IT for FORTY YEARS and learned the hard way about upgrade-in-place. Too much can and does go wrong. And it's happened multiple times with me with Plesk over the years. Not doing that.

This way I can test things out for weeks or months until everything is stable and THEN I migrate live clients to it. Works great and no problems.

Except for fail2ban and IPv6.

Unacceptable.

Further to @wahim's helpful post below

Running Plesk 17.8.11 on Ubuntu 18.04.* (as we are) means that you are forced to use the earlier (out of date / non IPv6 ) version of Fail2Ban as a result... That's far from ideal and a long way behind where everyone should be now.

A simple CLI check clearly shows, both the forced Plesk version and, the much later version, which is sat waiting in the distro-repo:

~# apt-cache policy fail2ban
fail2ban:
Installed: 1:0.9.6-ubuntu18.04.18061312
Candidate: 1:0.9.6-ubuntu18.04.18061312
Version table:
*** 1:0.9.6-ubuntu18.04.18061312 500
500 http://autoinstall.plesk.com/ubuntu/PSA_17.8.11 bionic/extras amd64 Packages
100 /var/lib/dpkg/status
0.10.2-2 500
500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 http://archive.ubuntu.com/ubuntu bionic/universe i386 Packages
~#

The Ubuntu distro-repo versions are all clearly shown here:
https://packages.ubuntu.com/search?keywords=fail2ban

With the 18.04.* download and related packages page shown here:
https://packages.ubuntu.com/bionic/fail2ban

If using an OS other than Ubuntu 18.04 with Plesk 17.8.11, obviously you will need to check other sources for all the correct data.

Finally, the opening section of the Fail2Ban Changelog (which commences with an old version release but one that is still ahead of the current Plesk release) is pretty self-explanatory:

Fail2Ban: Changelog
===================

ver. 0.9.8 (2016/XX/***) - wanna-be-released
-----------

0.9.x line is no longer heavily developed. If you are interested in
new features (e.g. IPv6 support), please consider 0.10 branch and its
releases.

https://github.com/fail2ban/fail2ban/blob/master/ChangeLog

Ubuntu 18.04 has IPv6-ready 0.10.2-2 in repo and Plesk 17.8.11 uses a backported 0.9.6 version instead. Why not add support for all platforms with the right version already in distro-repo? Would be appreciated very much!

All the previous commments posted here are both valid and self-explanatory. The comment that refers to "voting twice for the same request" is extremely relevant. Plesk should never have conveniently opted for "...only available via our latest preview software". That's more like avoidance than actively providing a solution. All 17.8 Plesk customers RIGHTLY wanted this change / update a very long time ago. @Admin, please confirm that this IS going to happen, as opposed to leaving it sat here with zero updates or additional information being provided. Thanks!

@Admin This request make no sense! Why we must vote for the same request again? The original request https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/17924536-fail2ban-now-supports-ipv6-please-upgrade want ipv6 support and not ipv6 support only for a feature version 17.9.x with no release date yet. I'm 100% sure that all supporter for this request have not 17.9.x preview installed and need this feature asap in stable version 17.8. You can say that you don't plan backport this feature, but voting again for the SAME request is absurd.

Same issue Azurel is facing, please consider this!

I need this asap. Not only for security, I need this against ipv6 bad crawlers that slow down my server daily and fail2ban 0.9.6 detect nothing.

Fully support all the previous very valid comments.

One additional minor point on this. You have been able to use IPv6 addresses as valid inputs here: https://**YourFQDN**:8443/admin/control-panel-access/list for some time now, which is great in terms of added security (i.e. controlling access to the Plesk Panel itself - we're on 17.8.11)

However, to have effective IPv6 address verification in one security area, but completely absent in another and the latter being of a much higher, more frequent security risk, is just plain wrong in our view.

It shoud just be a "...when will it will be backported?" question, not an "...IF it will be backported" dilemma!

I can only add that we are seeing a strongly increasing number of attacks coming from IPv6 sources, but we cannot update all our hosts to the latest Plesk, because the risk of too many bugs in early adopter and even early stable version is too high.

Other providers who are serving many customers, too, will not easily do the update, so we are looking at around a year more waiting time from now at least until an update to 17.9 can be considered. Too long.

... what @Florian said.

+1

Well, a security feature w/o IPv6 support is totally useless as soon as you enable IPv6 for just one subscription. On the other hand no IPv6 support for subscriptions makes Plesk totally useless for any ISP serving international customers.

So I suspect the answer is yes, the demand is really high for your target customer base.