How can I fix the error: The VPS iptables rule limit (numiptent) is too low?

This error means that your service provider is limiting the amount if iptables rules (numiptent)  that your VPS is allowed to create. Your provider can easily raise this limit using the command below on the hardware note (it can't be run inside your VPS). If your provider refuses to raise this limit then it's time to look for a new service provider as they do not really care about your security.

vzctl set CID --numiptent 10000 --save

Users using Virtuozzo with a limit set will not be able to use the country or blocklists as they will usually put them over their limit.

  1. Users can limit the amount of rules that Juggernaut will create by setting the deny permanently limit and deny temporarily limit under Juggernaut -> Settings -> General Settings. Juggernaut will rotate out older entries to stay under the limit set unless the entry is marked with "do not delete".
  2. You can also try to limit the number of iptables rules used for country block lists under Juggernaut -> Settings -> Country Settings -> Ignore CIDR blocks smaller than (set it to something like /24). This will allow you to still block the majority of the country while ignoring the smaller networks.

Note
Virtuozzo 6 and below is not the ideal VPS because it does not support ipset for high performance firewall blocking. Most of the larger VPS providers like OVH, Digital Ocean, and Linode have long switched away from using Virtuozzo and now use KVM which fully supports ipset. Even Virtuozzo themselves have switched over to using KVM in Virtuozzo 7.

  • numiptent, virtuozzo
  • 0 Users Found This Useful
この回答はお役に立ちましたか?

Related Articles

How can I fix the error: Kohana_Exception [ 0 ]: Directory APPPATH/cache must be writable?

This error means that the permissions on the Plesk extension are not set properly. Running the...

How can I fix the error: The domain limit of this license key has been reached?

The admin and pro versions of our products are limited to the number of domains you can have in...

How can I fix the error: AH01630: client denied by server configuration after enabling the messenger v3 service?

After enabling the messenger v3 service you just get the default Apache page when testing the...