OpenVZ Forum


Home » General » Support » Can you use "ipset" with OpenVZ 7 / Virtuozzo 7? (...if so, how can you enable it for CT's?)
Re: Can you use "ipset" with OpenVZ 7 / Virtuozzo 7? [message #53549 is a reply to message #53544] Mon, 17 June 2019 07:18 Go to previous messageGo to previous message
HHawk is currently offline  HHawk
Messages: 32
Registered: September 2017
Location: Europe
Member
Thank you websavers for the reply. Smile

I do have one more question. I am planning to use on our bigger Plesk servers (which will be migrated from OpenVZ 6 to OpenVZ 7 before doing so ofcourse) Juggernaut Security and Firewall.
Now they state that OpenVZ 6 is not working correctly with it. I quote: "Virtuozzo is not the ideal VPS because it does not support ipset for high performance firewall blocking."

However this was based on OpenVZ 6. So it shouldn't apply to OpenVZ 7. Correct?

Furthermore; according to the (old) OpenVZ wiki and I quote: "Also, large numiptent cause considerable slowdown of processing of network packets. It is not recommended to allow containers to create more than 200300 numiptent."

Is it safe to increase the value to 10000 as stated here: https://docs.danami.com/juggernaut/basics/virtuozzo-openvz-c onfig-tasks

Thanks in advance.

//edit 1: I just installed the Juggernaut firewall with 10000 numiptent, but the firewall crashes as it already hit the 10000 entries. So I am going to increase it to 100000 instead. This is a test server, but I am still wondering if this is allowed or not?

//edit 2: Okay, a small edit. Apparently with 3 block lists and 3 countries blocked (including China) it required 12629 numiptent setting. So I am guessing a value around 25000 for numiptent should be enough for servers. But is this a safe value with OpenVZ 7? I cannot seem any real information about this setting or modern values. So I am hoping someone can explain this a bit more.

[Updated on: Mon, 17 June 2019 08:11]

Report message to a moderator

 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: OpenVZ 7 + mdadm slow rebuild
Next Topic: OpenVZ7 - Failed to yum update
Goto Forum:
  


Current Time: Tue Mar 19 03:10:04 GMT 2024

Total time taken to generate the page: 0.02391 seconds