phadell wrote on Nov 15 at 02:44 : > I think I was not so clear. Sorry, but my english is poor. > I'll try to explain better. > > my policy is drop all INPUT, OUTPUT and FORWARD. > So, I must to open all the services that I'm using, that are: > ssh, ftp, ftp-data, smtp, pop3, http, https > > In all services, I'm having a long delay if the iptables rules are set. >
I would assume that your DROP default policy causes the delay. At least most smtp- and ftp-servers will send an ident query back to your host if you try to connect to them. If you simply ignore the queries, those servers will wait until a timeout occurs. Try to use the --state RELATED match, or change your default policy to REJECT if you like to have ident queries blocked. Just my 2 cents, Boris
