IPtables VZ
From Help system
/etc/sysconfig/iptables-config
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"
/etc/sysconfig/vz
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_owner"
service vz restart
vzctl set 101 --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ip_conntrack_ftp --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --iptables ipt_recent --iptables ipt_owner --save
cat /proc/net/ip_tables_targets
MASQUERADE TCPMSS ERROR LOG TOS REJECT
... stop Virtuozzo service and all CTs:
service vz stop
... reconfigure IPtables module "ip_conntrack":
sed -i '/ip_conntrack/ d' /etc/modprobe.conf echo "option ip_conntrack ip_conntrack_disable_ve0=0" >> /etc/modprobe.conf
... restart IPtables service:
service iptables restart
... start Vituozzo service and all CTs:
service vz start
cat /proc/net/ip_tables_targets
DNAT SNAT ERROR TCPMSS LOG TOS REJECT
