~# lsmod
Module                  Size  Used by
ipt_REJECT             13952  1 
ipt_owner              10880  3 
kvm_intel              57960  0 
kvm                   191752  1 kvm_intel
vzethdev               23808  0 
vznetdev               32776  10 
simfs                  14320  5 
vzrst                 155688  0 
vzcpt                 129976  0 
tun                    23168  2 vzrst,vzcpt
vzdquota               58864  5 [permanent]
vzmon                  58520  9 vzethdev,vznetdev,vzrst,vzcpt
vzdev                  13064  6 vzethdev,vznetdev,vzdquota,vzmon
ipt_REDIRECT           11008  0 
nf_nat_irc             11648  0 
nf_conntrack_irc       16544  1 nf_nat_irc
nf_nat_ftp             12544  0 
iptable_nat            19716  2 
nf_nat                 31376  4 ipt_REDIRECT,nf_nat_irc,nf_nat_ftp,iptable_nat
xt_helper              11648  0 
xt_state               11392  26 
nf_conntrack_ftp       19240  1 nf_nat_ftp
nf_conntrack_ipv4      36880  30 iptable_nat
nf_conntrack          101600  9 nf_nat_irc,nf_conntrack_irc,nf_nat_ftp,iptable_nat,nf_nat,xt_helper,xt_state,nf_conntrack_ftp,nf_conntrack_ipv4
xt_length              10752  0 
ipt_LOG                15872  0 
ipt_ttl                10752  0 
xt_tcpmss              11264  0 
ipt_TOS                11136  0 
ipt_tos                10496  0 
xt_multiport           12288  12 
xt_limit               12032  0 
iptable_mangle         13824  5 
iptable_filter         13696  7 
ip_tables              33256  3 iptable_nat,iptable_mangle,iptable_filter
ipv6                  342016  81 vzrst,vzcpt,vzmon
bridge                 73128  0 
raid1                  34944  1 
md_mod                 96924  2 raid1
dm_snapshot            28256  0 
dm_mirror              34432  0 
xt_tcpudp              12288  37 
x_tables               33672  16 ipt_REJECT,ipt_owner,ipt_REDIRECT,iptable_nat,xt_helper,xt_state,xt_length,ipt_LOG,ipt_ttl,xt_tcpmss,ipt_TOS,ipt_tos,xt_multiport,xt_limit,ip_tables,xt_tcpudp
eeprom                 17296  0 
lm85                   43684  0 
hwmon_vid              12416  1 lm85
thermal                27168  0 
e1000                 176068  0 
psmouse                53788  0 
button                 18336  0 
ipmi_msghandler        51704  0 
processor              49768  1 thermal
e1000e                139948  0 
serio_raw              16516  0 
evdev                  22912  0 
pcspkr                 12288  0 
sg                     49432  0 
floppy                 76904  0 
scsi_wait_scan         10112  0 
dm_mod                 79736  9 dm_snapshot,dm_mirror
usbhid                 43616  0 
hid                    52544  1 usbhid
usb_storage            90304  0 
libusual               31072  1 usb_storage
sd_mod                 40448  7 
sr_mod                 27684  0 
ide_disk               26496  0 
ide_generic             9856  0 [permanent]
ide_cd                 43040  0 
cdrom                  48936  2 sr_mod,ide_cd
ide_core              144152  3 ide_disk,ide_generic,ide_cd
uhci_hcd               37408  0 
ehci_hcd               48908  0 
usbcore               178608  6 usbhid,usb_storage,libusual,uhci_hcd,ehci_hcd
iTCO_wdt               22992  0 
iTCO_vendor_support    13188  1 iTCO_wdt
ata_piix               31492  4 
pata_acpi              17152  0 
ata_generic            17412  0 
libata                184496  3 ata_piix,pata_acpi,ata_generic
scsi_mod              187192  6 sg,scsi_wait_scan,usb_storage,sd_mod,sr_mod,libata
i2c_i801               19740  0 
i2c_core               36352  3 eeprom,lm85,i2c_i801
shpchp                 45596  0 
pci_hotplug            43312  1 shpchp
isofs                  47144  0 
msdos                  19712  0 
fat                    67760  1 msdos

:~# cat /etc/vz/vz.conf |grep IPTABLES

IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT ipt_owner"

ve3 [/]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination  
DROP       icmp --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports ftp-data,ftp,smtp,http,pop3,imap,https,smtps,imaps,pop3s 
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports trellisagt,trellissvr,infowave,radsec,nbx-ser,nbx-dir 
ACCEPT     icmp --  anywhere             anywhere            icmp ttl-zero-during-reassembly state NEW 
ACCEPT     icmp --  anywhere             anywhere            icmp ttl-zero-during-transit state NEW 
ACCEPT     icmp --  anywhere             anywhere            icmp type 0 code 0 state NEW 
ACCEPT     icmp --  anywhere             anywhere            icmp type 8 code 0 state NEW 
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable state NEW 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
DROP       icmp --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW multiport dports ntp 
ACCEPT     udp  --  anywhere             anywhere            state NEW multiport dports domain 
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports nicname,http,https,submission,rsync 
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports ftp,ssh,eli,sep OWNER UID match root