server24535:~# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp"
/var/lib/vz/private/101/etc/sysconfig/iptables-config
/var/lib/vz/private/102/etc/sysconfig/iptables-config
/var/lib/vz/root/101/etc/sysconfig/iptables-config
/var/lib/vz/root/102/etc/sysconfig/iptables-config
## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_le ipt_length ipt_state iptable_nat ip_nat_ftp xt_connlimit"
server24535:~# vzctl enter 101
Warning: Unknown iptable module: ipt_le, skipped
Warning: Unknown iptable module: xt_connlimit, skipped
xxx://xxx.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23
xxx://wiki.openvz.org/Download/kernel/rhel5/028stab095.1
xxx://wiki.openvz.org/Download/kernel/rhel6/042stab044.17
xxx://xxx.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-connlimit
# lsmod | grep connlimit xt_connlimit 3446 1 nf_conntrack 80693 7 vzrst,xt_connlimit,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state # iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT # iptables --list -n | grep conn REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 flags:0x17/0x02 #conn/32 > 2 reject-with icmp-port-unreachable
# vzlist Warning: Unknown iptable module: xt_connlimit, skipped CTID NPROC STATUS IP_ADDR HOSTNAME
open("/etc/vz/vz.conf", O_RDONLY) = 3 stat("/etc/vz/vz.conf", {st_mode=S_IFREG|0644, st_size=1392, ...}) = 0 fstat(3, {st_mode=S_IFREG|0644, st_size=1392, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdafb187000 read(3, "## Global parameters\nVIRTUOZZO=y"..., 4096) = 1392 write(2, "Warning: Unknown iptable module:"..., 54Warning: Unknown iptable module: xt_connlimit, skipped) = 54 write(2, "\n", 1 ) = 1 read(3, "", 4096) = 0 close(3) = 0