LXC Container CSF
- Thread starter Flegma
- Start date
Ok,
i think i managed to get it to work.
I installed clean CentOS 6.7 x64, updated it with yum -y update, and after that i used following commands to install newer iptables version.
After that, i tested CSF and it says that it will work.
Im gonna test it again once more, and let you know if everything is ok.
i think i managed to get it to work.
I installed clean CentOS 6.7 x64, updated it with yum -y update, and after that i used following commands to install newer iptables version.
Code:
# compile iptables from source and install to /usr/local
mkdir -p /tmp/iptables
wget "http://www.netfilter.org/projects/iptables/files/iptables-1.4.21.tar.bz2" -qO- | tar --strip-components=1 -C /tmp/iptables -xvj
cd /tmp/iptables
./configure
make
make install
# set alternatives
sudo alternatives --install /sbin/iptables iptables.x86_64 /usr/local/sbin/iptables 100 \
--slave /bin/iptables-xml bin-iptables-xml.x86_64 /usr/local/bin/iptables-xml \
--slave /sbin/iptables-multi sbin-iptables-multi.x86_64 /usr/local/sbin/iptables-multi \
--slave /sbin/iptables-restore sbin-iptables-restore.x86_64 /usr/local/sbin/iptables-restore \
--slave /sbin/iptables-save sbin-iptables-save.x86_64 /usr/local/sbin/iptables-save \
--slave /usr/share/man/man8/iptables-restore.8.gz man-iptables-restore.x86_64 /usr/local/share/man/man8/iptables-restore.8.gz \
--slave /usr/share/man/man8/iptables-save.8.gz man-iptables-save.x86_64 /usr/share/man/man8/iptables-save.8.gz \
--slave /usr/share/man/man8/iptables-xml.8.gz man-iptables-xml.x86_64 /usr/share/man/man8/iptables-xml.8.gz \
--slave /usr/share/man/man8/iptables.8.gz man-iptables.x86_64 /usr/share/man/man8/iptables.8.gz
sudo alternatives --set iptables.x86_64 /usr/local/sbin/iptables
sudo alternatives --install /sbin/ip6tables ip6tables.x86_64 /usr/local/sbin/ip6tables 100 \
--slave /sbin/ip6tables-multi sbin-ip6tables-multi.x86_64 /usr/local/sbin/ip6tables-multi \
--slave /sbin/ip6tables-restore sbin-ip6tables-restore.x86_64 /usr/localsbin/ip6tables-restore \
--slave /sbin/ip6tables-save sbin-ip6tables-save.x86_64 /usr/local/sbin/ip6tables-save \
--slave /usr/share/man/man8/ip6tables-restore.8.gz man-ip6tables-restore.x86_64 /usr/local/share/man/man8/ip6tables-restore.8.gz \
--slave /usr/share/man/man8/ip6tables-save.8.gz man-ip6tables-save.x86_64 /usr/local/share/man/man8/ip6tables-save.8.gz \
--slave /usr/share/man/man8/ip6tables.8.gz man-ip6tables.x86_64 /usr/local/share/man/man8/ip6tables.8.gz
sudo alternatives --set ip6tables.x86_64 /usr/local/sbin/ip6tablesAfter that, i tested CSF and it says that it will work.
Im gonna test it again once more, and let you know if everything is ok.
Now, im having problems with pure-ftpd. While starting it says that
Starting pure-ftpd: 421 Unable to switch capabilities : Operation not permitted
[FAILED]
Do you know maybe which modprobe kernel mod should i enable for this to work? modprobe capabilites doesnt work.
Starting pure-ftpd: 421 Unable to switch capabilities : Operation not permitted
[FAILED]
Do you know maybe which modprobe kernel mod should i enable for this to work? modprobe capabilites doesnt work.
See http://dikant.de/2009/01/22/setting-up-pureftpd-on-a-virtual-server/
EDIT: Although I find it would make more sense to just remove CAP_SYS_NICE from caps_p.h rather than disabling capabilities entirely.
EDIT: Although I find it would make more sense to just remove CAP_SYS_NICE from caps_p.h rather than disabling capabilities entirely.
Last edited: