ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Revisiting the "The VPS iptables rule limit (numiptent) is too low" error

https://mail.forum.configserver.com/viewtopic.php?t=9963

Page 1 of 1

Revisiting the "The VPS iptables rule limit (numiptent) is too low" error

Posted: 14 Dec 2016, 21:01
by Travis Banger
After I installed csf (which comes with 115 deny rules) I was able to add only 2 additional ones of my own, for a total of 117.

Code: Select all

You have an unresolved error when starting csf:
Error: The VPS iptables rule limit (numiptent) is too low (396/405) -
stopping firewall to prevent iptables blocking all connections, at line 3041 in /usr/sbin/csf
In theory, the solution seems to be straightforward: increase the iptables rule limit. The question is: how? This seems to be dependent on the virtualization technology used by my VPS provider.

I found several solutions like this:
https://tricks4linux.wordpress.com/2014 ... srsbincsf/

However, it only works under openvz virtualization.

My provider is 1and1.com. Apparently they use VMWare:

http://newsroom.1and1.com/2016/09/21/11 ... -platform/

TIA

Re: Revisiting the "The VPS iptables rule limit (numiptent) is too low" error

Posted: 16 Dec 2016, 13:19
by marcele
Your provider needs to raise the limit to something workable. The command they run on the hardware node is:

Code: Select all

vzctl set CID --numiptent 10000 --save
Any numiptent limit under 1000 is really unusable for a firewall. If they won't raise the limit for you then I suggest moving to another provider. OpenVZ and Virtuozzo 6 is really old tech. Most good providers have switched to using KVM anyway as it also supports ipset.

I hope this helps.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited