So after looking and failing to find a good article on how to describe the simple process to set up IPTables on an OpenVZ server, I figured I would write one here. The process is incredibly simple and can be broken down into 3 steps:
- Empty out the contents of /etc/sysconfig/iptables
cat "" > /etc/sysconfig/iptables
- Use the following line in /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
- Use the following line in /etc/vz/vz.conf:
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
After ensuring these three things, just stop both vz and iptables, start iptables, then start vz. You should then be able to use iptables within a virtualized container.