OpenVZ Forum


Home » General » Support » vzfirewall and vzctl (vzctl throws parsing errors with vzfirewall-rules in conf-file)
vzfirewall and vzctl [message #46815] Sun, 17 June 2012 16:11 Go to next message
kingfisher is currently offline  kingfisher
Messages: 1
Registered: June 2012
Junior Member
Hello, my first post here. Greetings Smile

On CentOS (2.6.32-042stab055.16) i configured firewall rules with vzfirewall. The ruleset is working fine but vzctl throws parsing errors with FIREWALL="... rules in it:

$ vzctl enter NNN
Warning: can't parse /etc/vz/conf/NNN.conf:62 (unmatched quotes), skipping
Warning: can't parse /etc/vz/conf/NNN.conf:63 ('=' not found), skipping
Warning: can't parse /etc/vz/conf/NNN.conf:64 ('=' not found), skipping
Warning: can't parse /etc/vz/conf/NNN.conf:65 ('=' not found), skipping
entered into CT NNN
$

vzctl version 3.3

Any hints?

Thank you in advance!!

Report message to a moderator

Re: vzfirewall and vzctl [message #47043 is a reply to message #46815] Sat, 30 June 2012 03:43 Go to previous messageGo to next message
koltar is currently offline  koltar
Messages: 2
Registered: June 2012
Junior Member
I had this same issue after running updates on CentOS 6.2. It was frustrating to debug and took out my servers. Here is what I discovered and hopefully this helps someone else to not waste there time.

It appeared to be an issue with space versus tab in my particular situation the /etc/vz/conf files. My original file was something to this effect

FIREWALL="
<space><space>[80,443]
<space><space>*
"

I attmepted
FIREWALL="[80,443]*"
...No Luck..

I changed it to
FIREWALL="
<tab>[80,443]
<tab>*
"

vzfirewall -a
vzfirewall -t
service iptables restart

This solved my issue, vzlist started working and my firewall was back to normal.

Report message to a moderator

Re: vzfirewall and vzctl [message #47044 is a reply to message #46815] Sat, 30 June 2012 03:52 Go to previous message
koltar is currently offline  koltar
Messages: 2
Registered: June 2012
Junior Member
After posting my last post, I went back in ran vzlist, it appears to show the same issue. Currently openvz is not recognizing vzfirewall configuration. If you format it to what openvz wants, your firewall config no longer works with vzfirewall. For now if you ignore the warning vzfirewall will work. Hopefully the Development team will accept vzfirewall configuration in there parse checks. It is a great tool for easy container fireall configuration!

Report message to a moderator

Previous Topic: Adding external (eth0:0) IP to VE - missunderstanding of networking modes
Next Topic: Debian 6.0.4 free -m is very bizarre
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Aug 02 22:13:11 GMT 2024

Total time taken to generate the page: 0.02930 seconds
Powered by FUDforum Powered by Virtuozzo Containers