Search Engine: Elastic

Article ID: 131342, created on Aug 22, 2017, last review on Aug 22, 2017

  • Applies to:
  • Operations Automation 7.1

Symptoms

After adding a firewall rule for an OACI Virtual Environment, located on a Virtuozzo 7 hardware node, the rule is not applied, and the connection is still (im)possible (depending on the rule being added).

For example, setting the rule to allow only SSH traffic will not block HTTP/FTP/etc traffic to the VE.

The same steps work fine for Virtual Environments located on Virtuozzo 6 nodes.

Cause

By default, bridge-nf-call-* sysctl settings are turned off on Virtuozzo 7 nodes.

Resolution

Enable the sysctl settings on all Virtuozzo nodes in OACI:

# echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
# echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
# sysctl -p

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 8c199f0ee4305da1a577740620df4a51 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF