dennis henry » IPTables http://dennishenry.net ramblings of an IT professional Mon, 26 Sep 2011 16:50:08 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Simple IPTables OpenVZ Setup http://dennishenry.net/2010/08/02/simple-iptables-openvz-setup/ http://dennishenry.net/2010/08/02/simple-iptables-openvz-setup/#comments Mon, 02 Aug 2010 21:02:28 +0000 dennis http://dennishenry.net/?p=81 /etc/sysconfig/iptables]]> So after looking and failing to find a good article on how to describe the simple process to set up IPTables on an OpenVZ server, I figured I would write one here. The process is incredibly simple and can be broken down into 3 steps:

  1. Empty out the contents of /etc/sysconfig/iptables 
    cat "" > /etc/sysconfig/iptables
  2. Use the following line in /etc/sysconfig/iptables-config: 
    IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
  3. Use the following line in /etc/vz/vz.conf: 
    IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"

After ensuring these three things, just stop both vz and iptables, start iptables, then start vz. You should then be able to use iptables within a virtualized container.

]]> http://dennishenry.net/2010/08/02/simple-iptables-openvz-setup/feed/ 1