Webmin's Linux-Firewall will not 'Activate at Boot' inside a Virtuozzo/OpenVZ VPS

Webmin's Linux-Firewall will not 'Activate at Boot' inside a Virtuozzo/OpenVZ VPS when running on Debian Lenny. I was surprised to find out, that my firewall had disappeared even after setting it in Webmin to start automatically during reboot. This has changed from Debian 4 to Debian 5, and may apply to other distros.

The setting will be lost after reboot due to interference from Virtuozzo/OpenVZ. The setting is recorded inside the file /etc/network/interfaces (as marked):

# This configuration file is auto-generated.
# WARNING: Do not edit this file, otherwise your changes will be lost.
# Please edit template /etc/network/interfaces.template instead.

auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0
broadcast 127.255.255.255
up ip route replace 127.0.0.0/8 dev lo
post-up iptables-restore < /etc/iptables.up.rules
# Auto generated venet0 interfaces
auto venet0
...

In Virtuozzo/OpenVZ, the file is overwritten at each reboot, as documented here: http://wiki.vpslink.com/Differences_between_Virtual_Private_Servers_and_Dedicated_Servers

Webmin does not take this into account, as it has no awareness of the VPS environment. As a result the Webmin setting cannot be used inside the VPS. A workaround is to manually append the setting to /etc/network/interfaces.template in the applicable location:

post-up iptables-restore < /etc/iptables.up.rules

Status: 
Closed (fixed)

Comments

There is a work-around for this - in the Linux Firewall module, click on Module Config and set the 'IPtables save file to edit' to /etc/iptables.up.rules . Then enable the firewall at boot.

This will cause Webmin to create a separate init script to run iptables-restore at boot.

Automatically closed -- issue fixed for 2 weeks with no activity.