Hi all, This is something just for Aventurin{e} 6108R users:
Recently we had some inconsistencies with Iptables usage inside OpenVZ containers. Especially with APF in mind. It turned out that some innards of OpenVZ changed some times ago and access to Iptables modules is no longer configured globally in vz.conf. Instead it's now configured inside the config of each individual VPS. In specific the config line ... NETFILTER="..." ... specifies what access to Iptables modules a VPS might have. If not present it defaults to "stateless", which allows access to all modules but NAT and contrack. Which is a bit of a problem. The Netfilter settings can be applied to a VPS this way from the command line of the node: vzctl set 100 --netfilter full --save --setmode restart That would allow VPS 100 full netfilter access. The following options are supported: - disabled - stateless - stateful - full The "--setmode restart" will restart the VPS, as this change requires a restart. I just published an updated base-vserver module for Aventurin{e} 6108R which allows to configure the Netfilter settings of VPS's via the GUI under "VPS Basic Settings". Please note: If you run a BlueOnyx OpenVZ VPS with APF installed, then you will need to set Netfilter to "full" in order for APF to work correctly. If a VPS is set to only allow "stateless" Iptables usage, then APF might block certain outgoing connections such as SSH sessions to remote destinations and it also might prevent mounting of external resources via SSHfs. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx