Funtoo Linux BDFL drobbins Posted June 3, 2014 Funtoo Linux BDFL Report Share Posted June 3, 2014 Hi everyone, Some people are trying to set up iptables firewalls in their containers, and they are unexpectedly locking themselves out of their containers. The reason why this is happening is because stateful connection tracking is disabled by default in OpenVZ inside a container, and I need to manually enable it. So rules that track the state of connection (NEW, ESTABLISHED, RELATED), will not work, and then typically you will lose ssh access to your container. The solution (for now) is to contact me directly and have me enable stateful connection tracking if you plan to deploy a firewall, so that these rules will work for you. -Daniel mitzip 1 Link to comment Share on other sites More sharing options...
Andrew Hobden Posted June 9, 2014 Report Share Posted June 9, 2014 Note you also cannot use MASQUERADE either. Link to comment Share on other sites More sharing options...
destroyfx Posted July 16, 2014 Report Share Posted July 16, 2014 It's the reason why I use XEN/KVM for VPN/Nat VM. Using mostly OpenVZ for the rest. Link to comment Share on other sites More sharing options...
Funtoo Linux BDFL drobbins Posted February 6, 2018 Author Funtoo Linux BDFL Report Share Posted February 6, 2018 New LXD containers should allow full use of iptables. We need to ensure the modules you need are loaded but beyond that, things should be pretty well-supported. Link to comment Share on other sites More sharing options...
Recommended Posts