To install famous linux software firewall CSF (Config Server Firewall), use this manual (open in a new window). BUT, you will get an errors probably, so to finish installation properly

Do this from the root server:

modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT
Instead of:

modprobe iptables_module
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_SAME
modprobe ipt_REJECT
modprobe ipt_helper
modprobe ipt_owner
modprobe ip_tables
modprobe ipt_MASQUERADE
modprobe ipt_multiport/xt_multiport
modprobe ipt_state/xt_state
modprobe ipt_limit/xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner/xt_owner
modprobe iptable_nat/ipt_DNAT
modprobe iptable_nat/ipt_REDIRECT
It should be without slashes (/) - these caused failure because module name has no slashes. ipt_multiport/xt_multiport means two modules probably..?

ISSUE

Validation script perl /etc/csf/csftest.pl (executed from VPS can return one error:
Testing ipt_state/xt_state...FAILED [FATAL Error: iptables: Unknown error 18446744073709551615] - Required for csf to function
SOLVING

For anyone reading this, if failed too, just repeat the process, but instead of whole modprobe block, just do these remaining:


modprobe ipt_multiport
modprobe xt_multiport
modprobe ipt_state
modprobe xt_state
modprobe ipt_limit
modprobe xt_limit
modprobe ipt_recent
modprobe xt_connlimit
modprobe ipt_owner
modprobe xt_owner
modprobe iptable_nat
modprobe ipt_DNAT
modprobe iptable_nat
modprobe ipt_REDIRECT


That helped to run perl /etc/csf/csftest.pl without any error.

Here is how to assign above iptables modules into virtual machine of OpenVZ VPS virtualisation:
vzctl set CTID --netfilter full --save --setmode restart
(consider --netfilter statefull ; read "man vzctl")