<div dir="ltr">please read this <a href="http://openvz.org/Setting_up_an_iptables_firewall">http://openvz.org/Setting_up_an_iptables_firewall</a><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-02-27 2:55 GMT+04:00 Matt <span dir="ltr"><<a href="mailto:matt.mailinglists@gmail.com" target="_blank">matt.mailinglists@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">> I have several bridged containers I need to run iptables on. I<br>
> assumed since they were bridged it would just work. Are there any<br>
> knobs I must turn to enable iptables on the container?<br>
<br>
</div>In vz.conf I have:<br>
<br>
## IPv4 iptables kernel modules to be enabled in CTs by default<br>
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter<br>
iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"<br>
<br>
Do I need anything else in the 101.conf for it to work on that<br>
container? I am starting with trying to get the basic IPTABLES config<br>
below to work inside a container.<br>
<br>
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent<br>
--set --name SSH<br>
<br>
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent<br>
--update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG<br>
--log-prefix 'SSH attack: '<br>
<br>
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent<br>
--update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openvz.org">Users@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/users" target="_blank">https://lists.openvz.org/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div>