Re: is iptables slow?

To: phadell <fadel@siteplanet.com.br>
Cc: debian-security@lists.debian.org
Subject: Re: is iptables slow?
From: Boris Bierwald <boris@eddy.uni-duisburg.de>
Date: Thu, 15 Nov 2001 11:31:15 +0100
Message-id: <[🔎] 20011115113115.B18754@eddy.uni-duisburg.de>
In-reply-to: <[🔎] 01111502445700.00330@phadell>; from fadel@siteplanet.com.br on Thu, Nov 15, 2001 at 02:44:57AM -0200
References: <[🔎] 01111417331404.00339@phadell> <[🔎] 01111502445700.00330@phadell>

phadell wrote on Nov 15 at 02:44 :
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
> 
> my policy is drop all INPUT, OUTPUT and FORWARD.
> So, I must to open all the services that I'm using, that are:
> ssh, ftp, ftp-data, smtp, pop3, http, https
> 
> In all services, I'm having a long delay if the iptables rules are set.
> 

I would assume that your DROP default policy causes the delay. At least
most smtp- and ftp-servers will send an ident query back to your host
if you try to connect to them. If you simply ignore the queries, those
servers will wait until a timeout occurs. Try to use the --state
RELATED match, or change your default policy to REJECT if you like to
have ident queries blocked. 

Just my 2 cents,
Boris

Reply to:

Follow-Ups:
- Re: is iptables slow?
  - From: Einar Karttunen <ekarttun@cs.Helsinki.FI>

References:
- is iptables slow?
  - From: phadell <fadel@siteplanet.com.br>
- Re: is iptables slow?
  - From: phadell <fadel@siteplanet.com.br>

Prev by Date: Re: 2.4.x boot floppies, was: Vulnerable SSH versions
Next by Date: Re: is iptables slow?
Previous by thread: Re: is iptables slow?
Next by thread: Re: is iptables slow?
Index(es):
- Date
- Thread