iptables -L will try to reverse resolve IPs to FQDNs...you're probably seeing a delay due to the DNS query time outs.
On Fri, 20 Dec 2002, lester lasad wrote: > > I am running redhat 7.3 everything is working properly until loading the iptables >rules. After loading the rules I am taking a big performance hit. It can take >anywhere from 10 - 30 seconds for my server to display the results of "iptables -L". >This wasn't happening prior to the rules being loaded. Trying to open a shell has >the same results as well as many other things. > > I am loading the iptables rules from webmin. After disabling the rules using >"iptables -P INPUT ACCEPT" and "iptables -F" I no longer have a performance issue. I >have included the contents of iptables below. > > *filter > :FORWARD ACCEPT [0:0] > :INPUT DROP [0:0] > :Inbound - [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -j Inbound > -A Inbound -p tcp -m tcp -m state --state ESTABLISHED -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 22 -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 25 -j ACCEPT > -A Inbound -p tcp -m tcp -d 10.96.8.96 --dport 10000 -j ACCEPT > -A Inbound -i lo -j ACCEPT > -A Inbound -p tcp -m tcp -j DROP > -A Inbound -p udp -m udp -j DROP > -A Inbound -p icmp -j DROP > COMMIT > # Generated by webmin > *mangle > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed > # Generated by webmin > *nat > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed > > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
