A client of mine purchased a GoDaddy "dedicated" server, which is bad enough on it's own. But they are providing a malfunctioning product, and refuse to fix it.
When CentOS 7 is running under a Virtuozzo or OpenVZ virtual container, without netfilter full, iptables refuses to boot up.
Journalctl -xe states iptables: Applying firewall rules: iptables-restore: line 14 failed
Which if you dig further indicates that the ebtables module is not running, stating The kernel doesn't support the ebtables 'nat' table.
So in short, iptables doesn't work, cannot be made operable, and the hosting environment cannot be changed to support it.
My question is, are there any alternative non iptables based firewall software that can be used as a replacement?
Right now the ports cannot be blocked, and services cannot be restricted to an ip whitelist for safety. It's wide open.
Ref: https://www.centos.org/forums/viewtopic.php?f=51&t=54469&start=20
See also(godaddy "vds"): GoDaddy virtual dedicated servers
