Iptables problems on VPSes

You might have come across issues with csf on VPSes.

CSF requires at least these iptables modules to work properly :
ip_tables
ipt_state
ipt_multiport
iptable_filter
ipt_limit
ipt_LOG
ipt_REJECT
ipt_conntrack
ip_conntrack
ip_conntrack_ftp
iptable_mangle

Other modules for additional functionality:
ipt_owner
ipt_recent
iptable_nat
ipt_REDIRECT

You can check the hosting environment using :

Code: 

/etc/csf/csftest.pl

This should run without any FATAL errors. If any such errors are present, check the module failed and see if it is installed on node. You can use "lsmod" command for that.
Eg :
Code: 

# lsmod | grep ipt_limit

If any of the modules is not present on the node, install it using modprobe command.
Eg :

Code:

# modprobe ipt_limit

Then to enable modules in VPS :

Code:

# vzctl set CT_ID --iptables ip_tbales ipt_multiport --iptables ipt_REJECT 
--iptables ipt_recent --iptables xt_connlimit --iptables ipt_owner --iptables 
ip_conntrack --iptables iptable_nat --iptables iptable_mangle --iptables 
ipt_state --iptables ipt_limit --iptables ipt_LOG --iptables ipt_owner --save 

(Replace CT_ID with container ID)

These changes will be applied after the container restart.

If you get any "memory allocation" errors with iptables on a VPS, make sure that your numiptent setting is set sufficiently high.  Set numiptent  to at least 1000.

Code:

# vzctl set CT_ID --numiptent 1000 --save

(Replace CT_ID with container ID).