VMmanager OVZ: Firewall

From ISPWiki
Jump to: navigation, search

This article describes some technical details concerning VMmanager OVZ firewall.

The scripts are saved locally in one of the following directories:

  • for IPv4 - /usr/local/mgr5/etc/iptables.rules.d
  • for IPv6 - /usr/local/mgr5/etc/ip6tables.rules.d

In the above directories you can also find pre-installed files, however, we do not recommend that you modify them, as those files contain rules required for correct operation of the control panel. Moreover, updating the control panel will overwrite the files.

If you have to change the pre-installed rules, create a new script and set higher priority than the pre-installed scripts have, and modify the rules (for example, execute the command "iptables -F" to clear the rules).

The rules that you are changing in the corresponding field, are standard iptables rules. Please note, that the iptables rule is not specified (so, you need to create the "-F" rule to clear all the rules)

The changes will update rules on each cluster node, all the scripts in ascending order of priority will be executed.

ОС Debian To save iptables/ip6tables rules and apply them automatically upon server reboot, execute the iptables-save and iptables-restore commands. In the directory /etc/network/if-up.d/ a script will be created, which will be automatically executed once the network interface is booted and will execute the iptables-restore command.