The firewall inside a container is not enabled.

A similar error is observed:

~# ip6tables -L
FATAL: Module ip6_tables not found.
ip6tables v1.4.7: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.


Most likely, ip6tables and ip6table_filter are not loaded on the node and are not enabled in the container.


Enable ip6tables and ip6table_filter inside the container.

  1. Check whether these modules are loaded on the node:

    ~# lsmod | grep ip6table
  2. If the modules are not loaded, add them to the /etc/vz/vz.conf file:

    ~# grep IPTABLES /etc/vz/vz.conf
    IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip6tables ip6tables_filter"
  3. Reboot the node

  4. If the container has some modules specified via the --iptables option, enable the ip6tables and ip6tables_filter modules as well:

    ~# vzctl set CTID --iptables ip6tables,ip6tables_filter --save

