NUMIPTENT is too low to add 5333 rules (CSF firewall error)

Horace asked:

The VPS iptables rule limit (numiptent) is too low to add 5333 rules (19469/24000)

CSF stopped working spontaneously today.

Saying it can’t start because it can’t add 5333 rules to an apparent total of 24,000.

The firewall has been configured to keep at most 100 IP addresses, 100 temporary addresses.

There is nowhere that anyone has configured 24000, and certainly no list of 24000 IPtables rules to be found on the server.

How do I fix this problem?

My answer:


You’re running into a hard limit set by your VPS hosting provider which limits iptables entries on OpenVZ containers. The provider is unlikely to change this for you, so you should consider obtaining a new VPS, which does not use OpenVZ.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.