Enabling iptables on openvz containers

Written by admin on December 24, 2014. Posted in Server Security

This post is directed to those who run their data centres or small virtualised systems. Many times customers want to install firewall on their vps servers and after installation of your openvz system you might find that software firewalls such as csf may not run because the container's iptables are not activated. To correct this you need to do the following:

in ssh enter the following command

nano /etc/vz/vz.conf

Then locate the line which begins with IPTABLES=

uncomment this line if it is commented and edit it. Make sure the following is just one line. The line must now look like

#IPTABLES=”ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrackipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Thats it then just restart openvz by this command

# /etc/init.d/vz restart

Then you can now install CSF on your containers.