Search

Language:  
Search for:

  • Article for your preferred language does not exist. Below is international version of the article.
Available article translations:

How do I install APF firewall into the VE?

APPLIES TO:
  • Parallels Cloud Server
  • Parallels Virtuozzo Containers for Linux 4.7
  • Parallels Virtuozzo Containers for Linux 4.6
  • Parallels Virtuozzo Containers for Linux 4.0
  • Parallels Server Bare Metal

Resolution

The installation of APF requires you to complete some additional steps on the Hardware Node.

1. First, you need to define which iptables modules are available for VEs.

Edit /etc/sysconfig/iptables-config file on a Virtuozzo Hardware Node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file on a Virtuozzo Hardware Node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"


Please note: The iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line. No linebreaks are allowed in this parameter.

Restart Virtuozzo. All VEs will be restarted.
# service vz restart

2. Increase "numiptent" parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Try setting it to 400 as in the below example for VE #101:
# vzctl set 101 --numiptent 400 --save

3. Install APF inside the VE. Edit /etc/apf/conf.apf inside the VE, setting the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"

4. Start APF inside the VE:
# /etc/init.d/apf start



eb0ea3b827d18de2329b6477e24c1d59 909d99074e442b52ce54cc7b31cf065d 177dc6fee28957c8ff798197ff2c6602 219be54dff19e220f37105b0000118f4 9bccb04d0396d587d8123e5e12b4740e 38b350a8e16219ab065862b865a4acb0 2897d76d56d2010f4e3a28f864d69223 ca05eaf5b843fbd53589c90d7228a6df bf1c3a170005eae151f49ba2720abde9

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Desktop Virtualization
- Parallels Desktop 9 for Mac
- Parallels Transporter
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac Enterprise Edition
- Parallels Management-Mac for Microsoft SCCM
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0 Beta
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Value-added Services for Hosters
- Parallels Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification