Re: is iptables slow?
phadell wrote on Nov 15 at 02:44 :
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
>
> my policy is drop all INPUT, OUTPUT and FORWARD.
> So, I must to open all the services that I'm using, that are:
> ssh, ftp, ftp-data, smtp, pop3, http, https
>
> In all services, I'm having a long delay if the iptables rules are set.
>
I would assume that your DROP default policy causes the delay. At least
most smtp- and ftp-servers will send an ident query back to your host
if you try to connect to them. If you simply ignore the queries, those
servers will wait until a timeout occurs. Try to use the --state
RELATED match, or change your default policy to REJECT if you like to
have ident queries blocked.
Just my 2 cents,
Boris
Reply to: