[Users] IPTABLES on Container

Matt matt.mailinglists at gmail.com
Wed Feb 26 14:55:24 PST 2014


> I have several bridged containers I need to run iptables on.  I
> assumed since they were bridged it would just work.  Are there any
> knobs I must turn to enable iptables on the container?

In vz.conf I have:

## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

Do I need anything else in the 101.conf for it to work on that
container?  I am starting with trying to get the basic IPTABLES config
below to work inside a container.

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG
--log-prefix 'SSH attack: '

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP


More information about the Users mailing list