Revisiting the "The VPS iptables rule limit (numiptent) is too low" error

[Travis Banger]

After I installed csf (which comes with 115 deny rules) I was able to add only 2 additional ones of my own, for a total of 117.

Code: Select all

You have an unresolved error when starting csf:
Error: The VPS iptables rule limit (numiptent) is too low (396/405) -
stopping firewall to prevent iptables blocking all connections, at line 3041 in /usr/sbin/csf

In theory, the solution seems to be straightforward: increase the iptables rule limit. The question is: how? This seems to be dependent on the virtualization technology used by my VPS provider.

I found several solutions like this:
https://tricks4linux.wordpress.com/2014 ... srsbincsf/

However, it only works under openvz virtualization.

My provider is 1and1.com. Apparently they use VMWare:

http://newsroom.1and1.com/2016/09/21/11 ... -platform/

TIA

[marcele]

Your provider needs to raise the limit to something workable. The command they run on the hardware node is:

Code: Select all

vzctl set CID --numiptent 10000 --save

Any numiptent limit under 1000 is really unusable for a firewall. If they won't raise the limit for you then I suggest moving to another provider. OpenVZ and Virtuozzo 6 is really old tech. Most good providers have switched to using KVM anyway as it also supports ipset.

I hope this helps.