| View previous topic :: View next topic |
| Author |
Message |
Meow the Catz
Tux's lil' helper
Joined: 28 Feb 2005
Posts: 77
|
 Posted: Tue Apr 03, 2007 12:21 pm Post subject: [iptables] Computer slow down while doing some stuff |
 |
|
Hi,
I have setup some firewall rules, and now my computer is slowed down... I mean it seems it works as usual, except that when I do a "iptables -L" it takes a looong time to display every firewall rule lines.
I guess there is a problem with my rules, I should probably open some other stuff...
Here is what a iptables -L gives me:
| Code: |
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- LSt-Amand-152-31-6-123.w82-127.abo.wanadoo.fr anywhere tcp dpt:ssh
ACCEPT tcp -- cache.ovh.net anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- 192.168.0.0/16 anywhere
ACCEPT udp -- 192.168.0.0/16 anywhere
ACCEPT icmp -- proxy.ovh.net anywhere
ACCEPT icmp -- proxy.p19.ovh.net anywhere
ACCEPT icmp -- proxy.rbx.ovh.net anywhere
ACCEPT icmp -- ping.ovh.net anywhere
ACCEPT icmp -- xxx.xxx.xxx.250 anywhere
ACCEPT icmp -- xx.xxx.xxx.249 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
But if I change those rules, and set the default policy to ACCEPT, and then I add a new firewall rule:
DROP all -- anywhere anywhere
Then it works fine.
Any idea why? Is there problem with DROP as default policy?
Thanks |
|
| Back to top |
|
 |
frostschutz
Advocate
Joined: 22 Feb 2005
Posts: 2977
Location: Germany
|
| Posted: Tue Apr 03, 2007 12:38 pm Post subject: |
|
|
Yes, iptables -L is slow, has been on every system I set up iptables. Is it not normal?
I hardly ever use iptables -L so I never cared much for it. Filtering itself works and is not slow. |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Apr 03, 2007 2:29 pm Post subject: |
|
|
on my systems it's not slow
is it faster if you don't request reverse dns lookups?
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
Meow the Catz
Tux's lil' helper
Joined: 28 Feb 2005
Posts: 77
|
| Posted: Tue Apr 03, 2007 2:32 pm Post subject: |
|
|
Yes without reverse dns lookups it is fast... so does it mean my iptables rules block reverse dns lookups? How can I enable'em ? (and should I enable'em ? Btw I prefer the iptables -L -n because I hate when iptables display the dns name rather than the IP... is there a way to have the -n option by default with the -L one?)
Thanks |
|
| Back to top |
|
|
|
Networking & Security
