To enable iptable inside containers, you must first make sure the proper modules are loaded on the host:
modprobe xt_state
modprobe xt_tcpudp
modprobe ip_conntrack
Don’t forget to add them to /etc/modules
Them inside the /etc/vz/vz.conf setting file, add the following line:
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state"Then restart the vz service.