Shorewall and OpenVZ

A pretty basic Shorewall configuration can consume about 190 iptent (iptable entries) and the default limit is 128. So, if you are getting 'iptables: Cannot allocate memory' error message, check your /proc/user_beancounters because you might have hit the numiptent (number of iptable entries) limit.