I recently upgraded Proxmox and noticed iptables was not working in the guests.

Turns out a small edit is required to /etc/vz/vz.conf (we need to add some more modules to be used in the openvz guests).

Using any editor, open /etc/vz/vz.conf and change and find the “IPTABLES=” line

Change:

IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

To:

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Then reboot (you can probably just re-start your guests).