Because OpenVZ based VPS’ share a common kernel, some of the more advanced features of iptables such as connection state tracking etc aren’t available. This breaks many of the common firewall packages/scripts included in most distros such as shorewall and ufw that rely on such stuff to work.

The following is a basic init script to set up a simple iptables firewall, originally from here, with some modifications. By default all outgoing traffic is permitted, incoming responses are permitted on ports >1024 and connection requests are permitted for SSH, POP3(s), IMAP(s), SMTP(s) and HTTP(s). It’s a basic Red Hat style init script so you can sling it in /etc/init.d on Debian/Ubuntu.

Download: fw.txt