OpenVZ, as a container-based virtualization solution, doesn’t manage own firewall. The main server (Host machine) firewall rules will be applied to all the containers.
You will need to configure the iptables (a user-direcred data packet processing system) on the host machine. If you want to allow/deny access to any port to your OpenVZ container, that should be performed through the host machine.
Here’s an easy step-by-step process how you can configure firewall rules for an OpenVZ container:
1. Connect to your server
First things first, you need SSH access to your server as the root user.
1. Locate the iptables
You need to locate the iptables on the host machine.
1. Write your rule
Next, you would write your iptable rule. Let’s say your container’s IP address is “192.0.2.55” and you want to open port 22 (SSH). Your iptable rule would look like this:
1. Write your rule to save your iptables \`\`\` service iptables save \`\`\`
1. Restart the iptables
The next step would be to restart the iptables so it can apply the new rule.
\`\`\`
service iptables restart
\`\`\`
You have now allowed access to port 22 for your OpenVZ container with IP address 192.0.2.55. To block or deny access, all you simply need to do is replace “-j ACCEPT” with “-j DROP”.
Remember, you need to replace “192.0.2.55” with your Container’s IP address and “22” with the port you want to allow/deny.
Creating an iptables rule will allow you to control the network traffic for your OpenVZ containers. Please do understand the functions without fully knowing the implications can disrupt your server’s communication with all networks – including your own.
