PLESK: How to transfer Plesk (Obsidian) firewall-settings from old to new system

Question

Plesk (according their documentation) does not support the transfer of serverwide settings as part of their migration module.

As the Plesk (as far as I understand it) maintains their own database of firewall settings, from which an iptables-procedre is generated, the following transfer procedures also fail:

• iptables-save / iptables-restore
• copy of the iptables generating file firewall-active.sh

Simply as they are all overwritten by the next generation process.

So my question:

Has anyone a practical solution (proposal) how to efficiently transfer the firewall-settings from an old to a new system

Environment: Debian 9 to 11 Plesk: Obsidian 18 (both)

Answer 1

As a direct transfer is not provided by Plesk, I have found the following workaround.

There is a CLI tool /usr/local/psa/bin/modules/firewall/settings which enables you to create and update firewall rules and activate/de-activate the Plesk firewall. It allows to specify a list of IP's and CIDR's to be written to the Plesk database.

With /usr/local/psa/bin/modules/firewall/settings --help you get an overview what you can do with this tool. Just be cautious as the description is not 100% correct. Eg. the command options are not comma-separated nor positional, and the -p short option is not correct for the remote-addresses.

The inserts and updates are all made to the Plesk database and are therefore "persistent" (as opposed to changes directly made to iptables).

The -id-parameter for updates for a certain rule can be located as part of the URL referencing the rule in Plesk (self explanatory).

I personally have not activated and confirmed my updates via this tool, instead I have verified my settings within Plesk and then activated and confirmed it there.