[Users] firewall capability in openVZ/virtuozzo 7
Jehan Procaccia
jehan.procaccia at tem-tsp.eu
Mon Oct 10 12:42:03 PDT 2016
hello
by default firewalld doesn't work on a fresh install container
(centos7-x64)
docs says:
http://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/configuring-capabilities.html?highlight=firewall
I guess I need to enable net_admin
net_admin Allows the administration of IP firewalls and accounting.
off
as it it by default set to off
but the command is deprecated
# vzctl set MyCT11 --capability net_admin --save
Warning: The --capability option is deprecated
So I used prlctl (not proposed in the doc above !?)
# prlctl set MyCT11 --capability net_admin:on
Set capabilities: NET_ADMIN:on
The CT has been successfully configured.
but still in the CT
/# firewall-cmd --get-active-zones
nothing
/# firewall-cmd --reload
Error: '/sbin/iptables -w2 -t filter -I INPUT 1 -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT' failed: iptables: No chain/target/match
by that name.
as if NET_ADMIN capability is not save permanently in the CT definition
what is the equivalent of vzctl --save with prlctl ?
or I mess somewhere else ?
Regards .
More information about the Users
mailing list