In the webmin linux firewall module I was manually adding rules and when I tried to add a State Established rule I would get an error when trying to apply the configuration so I figured that I had done something and added rules that confliced is some way so I reset the firewall which cleared out the iptables file and took me to the inital setup page.

here I selected:

"Block all except ports used for virtual hosting, on interface"
And selected venet0 as the interface.

Clicked Setup Firewall.

The page with all the pre-configured rules appeared.
I clicked Apply Configuration and got an error again!!!!!

This is the iptables file that was generated:

# Generated by iptables-save v1.2.11 on Tue Jan 15 05:39:43 2008
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Jan 15 05:39:43 2008
# Generated by iptables-save v1.2.11 on Tue Jan 15 05:39:43 2008
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Accept traffic from internal interfaces
-A INPUT ! -i venet0 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow incoming data that is part of a connection we established
-A INPUT -m state --state ESTABLISHED -j ACCEPT
# Allow data that is related to existing connections
-A INPUT -m state --state RELATED -j ACCEPT
# Accept responses to DNS queries
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
# Allow connections to our SSH server
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
# Allow connections to our IDENT server
-A INPUT -p tcp -m tcp --dport auth -j ACCEPT
# Respond to pings
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
# Allow connections to webserver
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Allow SSL connections to webserver
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Allow connections to mail server
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# Allow connections to FTP server
-A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
# Allow connections to POP3 server
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# Allow connections to IMAP server
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# Allow connections to Webmin
-A INPUT -p tcp -m tcp --dport 10000:10010 -j ACCEPT
# Allow connections to Usermin
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
COMMIT
# Completed on Tue Jan 15 05:39:43 2008
# Generated by iptables-save v1.2.11 on Tue Jan 15 05:39:43 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Jan 15 05:39:43 2008

I tried again by starting over with all open and just adding State Established as the only rule and that gets an error.

So what is wrong?
Could this be a kernel issue?

This is:
webmin 1.390
CentOS 4.6
kernel 2.6.9-023stab044.4-enterprise
iptables 1.2.11

After a little research I belive this issue is because I am on a virtuozzo VPS wich apparently has an issue with how the iptables module for the kernel interacts with the VPS VE space.

Is anybody else using webmin on virtuozzo VPS running CentOS 4.6?

If so how did you get arround this issue?