Iptables rules make communication so slow

view story

http://serverfault.com – When I have send a request to an application running on a machine which following firewall rules are applied, it waits so long. When I have deactivated the iptables rule, it responses immediately. What makes communication so slow? -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -i ppp+ -j ACCEPT -A INPUT -p udp -m udp --dport 500 -j ACCEPT -A INPUT -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -p udp -m udp --dport 1701 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i lo -m state --state NEW,RELATED,ESTABLISH (HowTos)

Submitted by dayu on 10/10/2012

Login or register to post comments
Email this page

Stories similar to Iptables rules make communication so slow

Iptables blocks outgoing HTTP connection 29 weeks 1 day ago

I've setup IPTables with the following script...

Restricting ICMP using iptables 7 weeks 1 day ago

I have the following rule,which i believe will restrict icmp packets to 1/s.

open Ports in IP tables 3 years 16 weeks ago

Hi I would like to open some port from IN to OUT

pop3,smtp. whenever i tried to add some rules to existing iptables it gives me an error Applying iptables firewall rules: iptables-restore: line 21 failed

I am using the Cent OS 5.3

how do i open the ports?

INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0]

iptables problem with input connections 3 weeks 3 days ago

# Generated by iptables-save v1.4.8 on Sat Apr 27 19:02:58 2013 *filter :INPUT ACCEPT [812:348051] :FORWARD ACCEPT [154:112203] :OUTPUT ACCEPT [1781:859968] -A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -s 192.168.0.60/32

[ubuntu] IPTables problems 26 weeks 5 days ago

I'm having some problems with my VPS running Ubuntu Server 11.04 x64.

IPTABLES allow mail with DROP policy [closed] 21 weeks 6 days ago

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

Using nmap to scan open ports. iptables default policy affects other rules? 36 weeks 4 days ago

I'm trying to find out why changing my default iptables policy is affecting what nmap sees when it scans my host.

Consider the following iptables setup:

iptables -F iptables -A INPUT -p tcp -s 10.1.0.0/20 --dport 22 -j ACCEPT

iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j AC

Sendmail doesn't work with iptables, even though smtp and dns are allowed 46 weeks 3 hours ago

I have sendmail installed on Ubuntu 10.04 solely for the use of the php mail() function.

Chrony and iptables 46 weeks 1 day ago

This is my iptables configuration (only allow chronyd for NTP):

*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p tcp --dport 53 -m owner --uid-owner chrony -j ACCEPT -A OUTPUT -p udp --dport 53 -m owner --uid-owner chrony -j ACCEPT -A OUTPUT -p

Iptables rules make communication so slow

Search

Best published stories

Beautiful linux wallpapers

Tags