Search

Language:  
Search for:

  • Article for your preferred language does not exist. Below is international version of the article.
Available article translations:

How do I install APF firewall into the VE?

Article ID: 875, created on Oct 6, 2008, last review on May 10, 2014

APPLIES TO:
  • Virtuozzo
  • Virtuozzo containers for Linux 4.7
  • Virtuozzo containers for Linux 4.6
  • Virtuozzo containers for Linux 4.0
  • Virtuozzo hypervisor

Resolution

The installation of APF requires you to complete some additional steps on the Hardware Node.

1. First, you need to define which iptables modules are available for VEs.

Edit /etc/sysconfig/iptables-config file on a Virtuozzo Hardware Node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file on a Virtuozzo Hardware Node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"


Please note: The iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line. No linebreaks are allowed in this parameter.

Restart Virtuozzo. All VEs will be restarted.
# service vz restart

2. Increase "numiptent" parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Try setting it to 400 as in the below example for VE #101:
# vzctl set 101 --numiptent 400 --save

3. Install APF inside the VE. Edit /etc/apf/conf.apf inside the VE, setting the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"

4. Start APF inside the VE:
# /etc/init.d/apf start



e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0c05f0c76fec3dd785e9feafce1099a9 36627b12981f68a16405a79233409a5e 35c16f1fded8e42577cb3df16429c57a a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
Automation
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification