On Tue, 25 Feb 2014, Matt wrote:
I have several bridged containers I need to run iptables on. I
assumed since they were bridged it would just work. Are there any
knobs I must turn to enable iptables on the container?
1. You need to add the ipt_state and nf_conntrack_ipv6 kernel modules in
/etc/vz/vz.conf
2. Disable sysctl setup.
## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT
nf_conntrack_ipv6"
SKIP_SYSCTL_SETUP=yes
--
Antonio Querubin
e-mail: t...@lavanauts.org
xmpp: antonioqueru...@gmail.com
_______________________________________________
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users
