System administration

How to set up iptables VPS from firstvds, swears at COMMIT?

Subject.
I tried to set up the simplest rules:

*mangle
:PREROUTING ACCEPT [7:364]
:INPUT ACCEPT [7:364]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:OUTPUT ACCEPT [0:0]
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
-A INPUT ! -i venet0:0 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 22,80,443,10000
-A INPUT -p tcp -m tcp --dport auth -j ACCEPT
COMMIT

And invariably received an error indicating the last line. I
iptables-restore: line 39 failed
began to suspect a problem on the host side, the work is under openvz and perhaps there is no "conntrack"
Asked a question to the support service and received a response:

From: Alexey Atamanov - 2016-07-09 04:53:56
Hello, yes, the error occurs because the conntrack module is not enabled for virtual servers.
--
Sincerely,
Alexey Atamanov,
FirstVDS Technical Support Consultant
From: - 2016-07-09 04:55:41
And what are the solutions? )
From: Alexey Atamanov - 2016-07-09 05:02:31
Use KVM virtualization
--
Sincerely,
Alexey Atamanov,
FirstVDS Technical Support Consultant

Actually, the fact that the hoster does not care about the problems of the client and these restrictions are not documented anywhere is understandable and God be their judge.
But I do not want to deal with the transfer of the server. Is there a way to solve this problem without migrating VDS to KVM?