On Fri, Dec 20, 2002 at 05:59:23AM -0800, lester lasad wrote: > > I am running redhat 7.3 everything is working properly until loading the iptables >rules. After loading the rules I am taking a big performance hit. It can take >anywhere from 10 - 30 seconds for my server to display the results of "iptables -L". >This wasn't happening prior to the rules being loaded. Trying to open a shell has >the same results as well as many other things. > > I am loading the iptables rules from webmin. After disabling the rules using >"iptables -P INPUT ACCEPT" and "iptables -F" I no longer have a performance issue. I >have included the contents of iptables below. > > *filter > :FORWARD ACCEPT [0:0] > :INPUT DROP [0:0] > :Inbound - [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -j Inbound > -A Inbound -p tcp -m tcp -m state --state ESTABLISHED -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 22 -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 25 -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 10000 -j ACCEPT > -A Inbound -i lo -j ACCEPT > -A Inbound -p tcp -m tcp -j DROP > -A Inbound -p udp -m udp -j DROP > -A Inbound -p icmp -j DROP > COMMIT > # Generated by webmin > *mangle > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed > # Generated by webmin > *nat > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed
Please change the first ACCEPT rule to ESTABLISHED, RELATED to enable one of the finer abilities of netfilter code. And your problem is undoubtedly name resolution. By making your command "iptables -L-n -v", you will be spared the long wait. -- Jack Bowling mailto: [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
