2014-02-25 21:46 GMT+04:00 Scott Dowdle <dow...@montanalinux.org>: > Greetings, > > ----- Original Message ----- > > I have several bridged containers I need to run iptables on. I > > assumed since they were bridged it would just work. Are there any > > knobs I must turn to enable iptables on the container? > > There are a few wiki pages on iptables stuff. Have you consulted them. > > I haven't used iptables with OpenVZ for quite a while so I'm surely > rusty... but I think the gist of it is to make sure you have all of the > needed modules loaded on the host node. Some distros use different > kernels... and as a result some of the programs they provide to manage > iptables may or may not work with the iptables modules provided by your > host node kernel. >
Basically, you need this + capability NET_ADMIN turned on. something like this in /etc/vz/conf/123.conf: IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ipt_state ipt_recent " CAPABILITY=" NET_ADMIN:on" > TYL, > -- > Scott Dowdle > 704 Church Street > Belgrade, MT 59714 > (406)388-0827 [home] > (406)994-3931 [work] > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
