Open main menu

OpenVZ Virtuozzo Containers Wiki β

Talk:Setting up an iptables firewall

The directions on this page for Container based firewalling didn't work for me at all. However the Article at the Parallels Virtuozzo Knowledgebase regarding this issue worked perfectly. URL: http://kb.parallels.com/en/746

Hardware Firewall mode not workingEdit

I have tried step by step to enable a hardware lie firewall but i have big issues with existing virtual server that acts as a mailserver. Basically with firewall activated the transaction time is around 48 seconds, with firewall deactivated about 0,700 seconds. What on earth could possible be the cause? The FORWARD rule is that bad on VZ?

Firewall rules in the wrong order?Edit

I've been using the firewall script for a while and it works great. That is until I tried to ban an IP address, and it didn't work.

I'm not an iptables expert, so was a bit wary about messing around too much, but my theory is all the iptables -I (insert) should be iptables -A (append), which has the effect of running the rules in the oposite order to intended. This means the source I wanted to block was matching an OKPORT before getting to the BANNED section.

In fact to fix my problem I just moved the BANNED section between the DMZS and OKPORTS, which had the desired effect.

I'd love to see anyone's comments. Robferrer (talk) 07:16, 14 June 2013 (EDT)

Return to "Setting up an iptables firewall" page.