> I have several bridged containers I need to run iptables on. I > assumed since they were bridged it would just work. Are there any > knobs I must turn to enable iptables on the container?
In vz.conf I have: ## IPv4 iptables kernel modules to be enabled in CTs by default IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length" Do I need anything else in the 101.conf for it to work on that container? I am starting with trying to get the basic IPTABLES config below to work inside a container. iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
