OpenVZ Container – Allow access from only one IP and disable all outbound traffic

Posted on by Shyju Kanaprath

Edit the container configuration and add the config

vi /etc/vz/conf/1123.conf 
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state  ipt_helper  iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT"

Login to container and add IPtable rules for allow access from only one IP

iptables -A INPUT -s 192.168.160.1 -j ACCEPT
iptables -A OUTPUT -d 192.168.160.1 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

Published by Shyju Kanaprath

In our daily life we learn lots of new things. As the time goes we forgets those and we may reach a situation where "Things You Probably Already Know, But Have Forgotten". I’m Shyju Kanaprath, the blogger of "Tech.. Logs.." and I blog here to avoid those kind of situations, at least for myself :) . This blog keep me in track on such times..

Leave a comment