OpenVZ Forum


Home » General » Support » ufw support in OpenVZ ubuntu container.
Re: ufw support in OpenVZ ubuntu container. [message #39555 is a reply to message #37013] Mon, 10 May 2010 16:07 Go to previous messageGo to previous message
bodhi.zazen is currently offline  bodhi.zazen
Messages: 3
Registered: April 2009
Location: Montana
Junior Member
UFW does not seem to run properly in openvz (Ubuntu) templates.

Part of the problem is that ufw calls modprobe, which will fail.

As a partial work around you can remove modprobe and replace it with a link to /bin/true.

rm /sbin/modprobe
ln -s /bin/true /sbin/modprobe


A second problem is that rsyslog does not run well in openvz templates (rsyslog will not log iptables or ufw). A potential work around is to use syslog-ng

apt-get purge rsyslog
apt-get install syslog-ng


syslog-ng will log to /var/log/messages and /var/log/kern.log but not /var/log/ufw.log

With those work arounds, you can try ufw. You will still get some error messages from ufw-init re: iptables-restore. I do not know how to fix that.

That is about as far as I can get you if you want to use UFW as I personally use iptables.

Others have suggested using shorewall as an alternate (to ufw).

http://www.shorewall.net/OpenVZ.html

With ufw you sometimes need to toggle the defaults, then ufw will start:

ufw default allow
ufw default deny
ufw enable


I highly suggest you use iptables (keep in mind you may need to edit /etc/vz/vz.conf on the HOST) and iptables is not fully functional in openvz guests (the basic functions and logging work, but some functions such as conntrack may not).

To log use iptables + syslog-ng ( /var/log/kern.log is fairly clean).

If you have a busy server, and do not want to review hundreds of thousands of logs, consider using snort or psad.

[Updated on: Mon, 10 May 2010 16:09]

Report message to a moderator

 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Squid on OpenVZ CentsOs container
Next Topic: Port shaping / Rate limit do not work in openvz containers
Goto Forum:
  


Current Time: Mon Aug 19 18:17:56 GMT 2024

Total time taken to generate the page: 0.03089 seconds