Skip to content

I suggest you...

← Feature Suggestions

allow for custom firewall rules

currently you can do it by IP/Port, but would like to be able to add firewall rules for things like string matching. A GUI would be ideal too.

17 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Sean Ryan shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Renan Ferreira commented  ·   ·  Report

    Be able to block a network port for all IP addresses except one specific IP address using Plesk Firewall. Currently, the only possible way to block all connections to a certain port is by creating a rule directly on Windows Firewall, and adding the remote IP address ranges from which connections should be blocked.

  • Dre v.S. commented  ·   ·  Report

    Give option to change the config file Plesk firewall.
    Currently only way to add or remove rules is true the interface.
    This is simple and easy but limited.
    I would like for most to be able to add *NAT rules, postrouting.

  • Jens commented  ·   ·  Report

    This would be an important feature for us, as we have two network imterfaces: One interface for internal communication (database server etc.) and one for external access. It should definitely be possible to define per interface rules or, even better, to define custom rules.

  • Dr Gerard Bulger commented  ·   ·  Report

    Plesk firewall utility for the web version I am using, does not allow users to set up the firewall for different interfaces eg eth0:0 etho:1 when you have two IP addresses. One of the points of have two IP address is to allow you to open ports on one interface/IP, while keeping then or most closed on the other. Currently the firewall set up is for ALL IP/Interfaces. So I have had to turn it off and set it up manually. Tiresome

  • Tim Reeves commented  ·   ·  Report

    I want to add a rule to stop SlowLoris attacks - in Webmin it's easy:

    Rule comment = Protect against SlowLoris attacks
    Action to take = Drop
    Network protocol = TCP
    Destination TCP or UDP port : Equals : 80
    Additional parameters = -m connlimit --connlimit-above 20 --connlimit-mask 40

    The only thing I'm missing in Plesk is the ability to append the additional parameters - so I would be very glad to see a field added to allow that. Sure, you would have to warn "Experts only", but without this possibility I have to either live without SlowLoris protection, or without Plesk Firewall.

  • Artur commented  ·   ·  Report

    Currently there is a simple iptables firewall module. Maybe enough in most cases, but I think it's time to switch to a more flexible fw solution with the possibility to define custom rules/uwf applications. PREROUTING/POSTROUTING should also be configurable via GUI to be able to define port forwardings.

  • Tozz commented  ·   ·  Report

    String matching is no longer a layer 2 firewall as iptables is, but requires a level 7 firewall which is something completely different.

Feature Suggestions: Plesk (general)

Categories

Feedback and Knowledge Base

(thinking…)