[Users] IPTABLES on Container
Antonio Querubin
tony at lavanauts.org
Wed Feb 26 19:45:53 PST 2014
On Tue, 25 Feb 2014, Matt wrote:
> I have several bridged containers I need to run iptables on. I
> assumed since they were bridged it would just work. Are there any
> knobs I must turn to enable iptables on the container?
1. You need to add the ipt_state and nf_conntrack_ipv6 kernel modules in
/etc/vz/vz.conf
2. Disable sysctl setup.
## IPv4 iptables kernel modules to be enabled in CTs by default
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"
## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT
nf_conntrack_ipv6"
SKIP_SYSCTL_SETUP=yes
--
Antonio Querubin
e-mail: tony at lavanauts.org
xmpp: antonioquerubin at gmail.com
More information about the Users
mailing list