Simple IPTables OpenVZ Setup

So after looking and failing to find a good article on how to describe the simple process to set up IPTables on an OpenVZ server, I figured I would write one here. The process is incredibly simple and can be broken down into 3 steps:

  1. Empty out the contents of /etc/sysconfig/iptables
    cat "" > /etc/sysconfig/iptables
  2. Use the following line in /etc/sysconfig/iptables-config:
    IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
  3. Use the following line in /etc/vz/vz.conf:
    IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

After ensuring these three things, just stop both vz and iptables, start iptables, then start vz. You should then be able to use iptables within a virtualized container.