The Best Price for IPv4/IPv6 Lease – Any RIR & Any Geo-LocationOrder Now
Hostperl logo
Hostperl
Dedicated ServersVPS HostingShared HostingColocationBGP / ASN SetupDDoS ProtectionWordPressn8n HostingDirectus
SaaSGamingFinTechHealthcareTransportationEcommerce
About UsDatacentersCareersContactLegal & Compliance
New ZealandUSLondonSwitzerlandNetherlandsIndia
Support

Configure Plesk Firewall Rules: Complete VPS Security Setup

By Raman Kumar

Share:

Updated on Jun 7, 2026

Configure Plesk Firewall Rules: Complete VPS Security Setup

Understanding Plesk Firewall Architecture

Plesk's built-in firewall gives you a clean interface for managing server security rules. Instead of wrestling with iptables commands, you get direct integration with your hosting panel that automatically updates rules when you install applications or modify services.

The firewall works with three rule types: incoming, outgoing, and forwarding. Most hosting setups focus on incoming rules to control which connections reach your server.

Your Hostperl VPS ships with Plesk ready to go, but you'll want to customize firewall rules based on what you're hosting and your security needs.

Accessing Plesk Firewall Management

Log into your Plesk panel with admin credentials. Go to Tools & Settings in the left sidebar, then click Firewall under the Security section.

First time here? Plesk shows a setup wizard. Choose "Enable firewall with recommended rules" for most hosting scenarios. This creates baseline protection while keeping essential services accessible.

The firewall interface has three tabs: Rules, Settings, and Log. You'll spend most time in Rules for configuration and Log for troubleshooting.

How to Configure Plesk Firewall Rules for Basic Security

Start with fundamental rules every hosting server needs. Click "Add Custom Rule" in the Rules tab.

Block common attack ports first. Create a new rule:

  • Action: Deny
  • Direction: Incoming
  • Protocol: TCP
  • Destination ports: 23,135,139,445,593,1025,1433,3389
  • Description: Block common attack ports

This prevents access to Telnet, NetBIOS, SQL Server, and RDP ports that shouldn't be exposed on web servers.

Next, lock down SSH access:

  • Action: Allow
  • Direction: Incoming
  • Protocol: TCP
  • Source: Your IP address (check whatismyip.com)
  • Destination ports: 22
  • Description: SSH access from office IP

This restricts SSH connections to your specific IP, preventing brute force attacks from unknown locations.

Setting Up Web Service Rules

Web hosting needs specific rules for HTTP, HTTPS, and mail services. Plesk creates basic web rules automatically, but you may need custom configurations.

For HTTPS-only sites, block direct HTTP access:

  • Action: Deny
  • Direction: Incoming
  • Protocol: TCP
  • Destination ports: 80
  • Description: Block HTTP connections

Then ensure HTTPS stays accessible:

  • Action: Allow
  • Direction: Incoming
  • Protocol: TCP
  • Destination ports: 443
  • Description: Allow HTTPS connections

For email hosting, verify these ports are open: 25 (SMTP), 110 (POP3), 143 (IMAP), 465 (SMTP SSL), 993 (IMAP SSL), 995 (POP3 SSL). Plesk usually handles these automatically when you enable mail services.

Implementing IP-Based Access Controls

Geographic or IP restrictions add another security layer. This works well for admin access or protecting sensitive applications.

To block entire countries, you'll need multiple rules. For specific regions, create rules like:

  • Action: Deny
  • Direction: Incoming
  • Protocol: All
  • Source: Country code ranges (get from IP geolocation databases)
  • Description: Block traffic from high-risk regions

For tighter control, use IP whitelisting for critical services. Create an allow rule for trusted IPs, then a deny-all rule for everything else on sensitive ports.

Remember that IP blocking affects all domains on your server. Use carefully on shared hosting environments.

Advanced Rule Configuration Options

Plesk firewall handles sophisticated matching beyond basic port and IP filtering. Time-based rules let you restrict access during specific hours—useful for maintenance windows or business-hours-only applications.

Connection limiting prevents resource exhaustion attacks. Set maximum concurrent connections per IP:

  • Action: Allow
  • Direction: Incoming
  • Protocol: TCP
  • Destination ports: 80,443
  • Connection limit: 10 per source IP
  • Description: Limit HTTP connections per IP

Rate limiting works alongside connection limits to control request frequency. This helps stop DoS attacks and aggressive crawlers.

Custom applications on non-standard ports need specific allow rules. Document these carefully since they're often forgotten during server maintenance.

Our email hosting security guide covers additional firewall configurations for mail servers.

Monitoring and Logging Configuration

Enable comprehensive logging to track firewall activity and spot security threats. In the Settings tab, configure these options:

  • Log dropped packets: Yes
  • Log accepted packets: No (creates too much noise)
  • Log level: Information
  • Log rotation: Weekly

The Log tab shows recent firewall activity. Look for patterns in dropped connections that might signal attacks or misconfigurations.

Watch for these log entries:

  • Repeated connection attempts to blocked ports
  • Connections from unexpected geographic locations
  • High-frequency requests triggering rate limits
  • Legitimate services being blocked by overly strict rules

Set up log alerts for critical events. Plesk can send email notifications when specific patterns occur, helping you respond quickly to security incidents.

Testing and Validating Rules

Never deploy firewall rules without thorough testing. Use a staged approach: test rules on a development server first, then implement during low-traffic periods.

Test basic connectivity first. Use tools like telnet or nmap from external locations to verify allowed services stay accessible and blocked services get properly denied.

Test from multiple source IPs to ensure geographic restrictions work correctly. VPN services or proxy servers help simulate connections from different locations.

Create a rollback plan before implementing restrictive rules. Document exact steps to disable or modify rules if legitimate traffic gets blocked.

For business-critical applications, maintain an emergency bypass procedure. This might involve a temporary rule allowing all traffic while you troubleshoot rule conflicts.

Our VPS security hardening guide provides additional testing strategies for server protection.

Rule Prioritization and Organization

Plesk processes firewall rules in order, so sequence matters. More specific rules should come before general ones to ensure correct matching.

Organize rules logically:

  1. Allow rules for essential services (SSH, web, mail)
  2. Specific deny rules for known threats
  3. Rate limiting and connection control rules
  4. Geographic or IP-based restrictions
  5. Default deny rules for unused services

Use clear, descriptive names for each rule. "Block suspicious IPs" beats "Rule 15" when you're troubleshooting at 2 AM.

Group related rules with consistent naming. Prefix admin rules with "ADMIN:", security rules with "SEC:", and app-specific rules with the app name.

Review rule order quarterly. As you add new rules, the sequence can become messy, causing unexpected behavior or performance issues.

Ready to implement professional firewall protection for your hosting environment? Our managed VPS hosting includes Plesk with expert firewall configuration support. Get started with enterprise-grade security that scales with your business needs.

Common Configuration Issues and Solutions

Rule conflicts create the most frequent firewall problems. When multiple rules match the same traffic, Plesk uses the first matching rule, which might not be what you intended.

If legitimate connections get blocked, check these common issues:

  • Overly broad deny rules placed before specific allow rules
  • Incorrect port ranges that include necessary services
  • IP whitelist rules with typos in address ranges
  • Connection limits set too low for normal traffic patterns

Performance problems can occur with excessive logging or too many complex rules. If your server slows down after firewall changes, temporarily disable logging to see if that fixes the issue.

Application compatibility problems often arise with custom software using non-standard ports or connection patterns. Document these requirements before implementing firewall rules.

For migration scenarios, our server migration planning guide covers firewall considerations during moves between hosting providers.

Frequently Asked Questions

How many firewall rules can Plesk handle efficiently?

Plesk can manage thousands of rules, but performance drops with excessive complexity. Keep rules under 100 for optimal performance, focusing on essential security requirements rather than comprehensive filtering.

Can I backup and restore Plesk firewall configurations?

Yes, firewall rules are included in Plesk backups. You can also export rules manually through the command line using plesk bin firewall commands for version control or migration purposes.

Do Plesk firewall rules affect all domains on the server?

Plesk firewall operates at the server level, affecting all domains and applications. For domain-specific restrictions, use application-level security or consider separate VPS instances for different security requirements.

How do I handle firewall rules during Plesk updates?

Plesk preserves custom firewall rules during updates, but test your configuration after major version upgrades. Some rule syntax or behavior might change between versions.

What's the difference between Plesk firewall and server-level iptables?

Plesk firewall provides a management layer over iptables with integration to hosting services. You can use both, but avoid conflicting rules that might cause unexpected behavior or security gaps.

Hostperl Dedicated Servers Ad

Featured Category

All Categories

Latest Chapters