But definitively, KVM is a great deal extra practical for every thing than an OpenVZ pr any container system for just a VPS.netfilter iptables (soon to get replaced by nftables) is usually a person-space command line utility to configure kernel packet filtering regulations produced by netfilter.The above mentioned iptables rule blocks new packets (