please read this http://openvz.org/Setting_up_an_iptables_firewall
2014-02-27 2:55 GMT+04:00 Matt <[email protected]>: > > I have several bridged containers I need to run iptables on. I > > assumed since they were bridged it would just work. Are there any > > knobs I must turn to enable iptables on the container? > > In vz.conf I have: > > ## IPv4 iptables kernel modules to be enabled in CTs by default > IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter > iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length" > > Do I need anything else in the 101.conf for it to work on that > container? I am starting with trying to get the basic IPTABLES config > below to work inside a container. > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --set --name SSH > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG > --log-prefix 'SSH attack: ' > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP > _______________________________________________ > Users mailing list > [email protected] > https://lists.openvz.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.openvz.org/mailman/listinfo/users
