No
YesResolution
The installation of APF requires you to complete some additional steps on the Hardware Node.1. First, you need to define which iptables modules are available for VEs.
Edit /etc/sysconfig/iptables-config file on a Virtuozzo Hardware Node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"Edit /etc/sysconfig/vz file on a Virtuozzo Hardware Node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"Please note: The iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line. No linebreaks are allowed in this parameter.
Restart Virtuozzo. All VEs will be restarted.
# service vz restart2. Increase "numiptent" parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Try setting it to 400 as in the below example for VE #101:
# vzctl set 101 --numiptent 400 --save3. Install APF inside the VE. Edit /etc/apf/conf.apf inside the VE, setting the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"4. Start APF inside the VE:
# /etc/init.d/apf start