Jump to content
Read the Funtoo Newsletter: Summer 2023 ×

IMPORTANT: iptables firewalls in containers


Recommended Posts

  • Funtoo Linux BDFL

Hi everyone,

 

Some people are trying to set up iptables firewalls in their containers, and they are unexpectedly locking themselves out of their containers.

The reason why this is happening is because stateful connection tracking is disabled by default in OpenVZ inside a container, and I need to manually enable it. So rules that track the state of connection (NEW, ESTABLISHED, RELATED), will not work, and then typically you will lose ssh access to your container.

 

The solution (for now) is to contact me directly and have me enable stateful connection tracking if you plan to deploy a firewall, so that these rules will work for you.

 

-Daniel

Link to comment
Share on other sites

  • 1 month later...
  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...