[Users] IPTABLES on Container

spameden spameden at gmail.com
Tue Feb 25 10:02:16 PST 2014


2014-02-25 21:46 GMT+04:00 Scott Dowdle <dowdle at montanalinux.org>:

> Greetings,
>
> ----- Original Message -----
> > I have several bridged containers I need to run iptables on.  I
> > assumed since they were bridged it would just work.  Are there any
> > knobs I must turn to enable iptables on the container?
>
> There are a few wiki pages on iptables stuff.  Have you consulted them.
>
> I haven't used iptables with OpenVZ for quite a while so I'm surely
> rusty... but I think the gist of it is to make sure you have all of the
> needed modules loaded on the host node.  Some distros use different
> kernels... and as a result some of the programs they provide to manage
> iptables may or may not work with the iptables modules provided by your
> host node kernel.
>

Basically, you need this + capability NET_ADMIN turned on.

something like this in /etc/vz/conf/123.conf:

IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport
ipt_tos ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack
ipt_state ipt_recent "
CAPABILITY=" NET_ADMIN:on"


> TYL,
> --
> Scott Dowdle
> 704 Church Street
> Belgrade, MT 59714
> (406)388-0827 [home]
> (406)994-3931 [work]
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140225/daef0f70/attachment.html>


More information about the Users mailing list