On Monday 2010-12-06 14:38, Ferenc Wagner wrote: > >>> This is indeed true if you only use a local passwd and group database. >> >> (Is your LDAP _that_ slow?) > >It's dog slow until the network is brought up... But maybe there's some >misunderstanding here. My problem isn't slowness, it's the fundamental >impossibility of resolving the user names to numbers before the network >is up. If the network is not up, the potential connections to the database immediately terminate with "No route to host". >And that's the very time to install firewall rules, isn't it? Yes indeed. >> The change is now in git://dev.medozas.de/iptables . > >How cool! So you decided to change the default behaviour after all! I just like to light up more corners before making decisions. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html