How can I fix the error: The VPS iptables rule limit (numiptent) is too low?

This error means that your service provider is limiting the amount if iptables rules (numiptent)  that your VPS is allowed to create. Your provider can easily raise this limit using the command below on the hardware note (it can't be run inside your VPS). If your provider refuses to raise this limit then it's time to look for a new service provider as they do not really care about your security.

vzctl set CID --numiptent 10000 --save

Users using Virtuozzo with a limit set will not be able to use the country or blocklists as they will usually put them over their limit.

  1. Users can limit the amount of rules that Juggernaut will create by setting the deny permanently limit and deny temporarily limit under Juggernaut -> Settings -> General Settings. Juggernaut will rotate out older entries to stay under the limit set unless the entry is marked with "do not delete".
  2. You can also try to limit the number of iptables rules used for country block lists under Juggernaut -> Settings -> Country Settings -> Ignore CIDR blocks smaller than (set it to something like /24). This will allow you to still block the majority of the country while ignoring the smaller networks.

Note
Virtuozzo 6 and below is not the ideal VPS because it does not support ipset for high performance firewall blocking. Most of the larger VPS providers like OVH, Digital Ocean, and Linode have long switched away from using Virtuozzo and now use KVM which fully supports ipset. Even Virtuozzo themselves have switched over to using KVM in Virtuozzo 7.

  • numiptent, virtuozzo
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Can I use Juggernaut Firewall to block Wordpress bruteforce attacks?

Yes we support blocking attacks like these very easily. See the howto for how to enable a custom...

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I only allow SSH from my IP address and block it on the firewall for everyone else?

First make sure that your IP address is whitelisted on the firewall so you do not accidentally...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...