[Users] IPTABLES on Container
spameden
spameden at gmail.com
Wed Feb 26 15:13:15 PST 2014
please read this http://openvz.org/Setting_up_an_iptables_firewall
2014-02-27 2:55 GMT+04:00 Matt <matt.mailinglists at gmail.com>:
> > I have several bridged containers I need to run iptables on. I
> > assumed since they were bridged it would just work. Are there any
> > knobs I must turn to enable iptables on the container?
>
> In vz.conf I have:
>
> ## IPv4 iptables kernel modules to be enabled in CTs by default
> IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
> iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
>
> Do I need anything else in the 101.conf for it to work on that
> container? I am starting with trying to get the basic IPTABLES config
> below to work inside a container.
>
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --set --name SSH
>
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG
> --log-prefix 'SSH attack: '
>
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140227/e2b9547f/attachment.html>
More information about the Users
mailing list