Hi there! I have a problem, and I think it is the same as one posted earlier, but the solution given is not correct. I run kernel 2.4.20, iptables 1.2.7a. I have this, as a test: iptables -P INPUT DROP iptables -A INPUT -p tcp -j ACCEPT And this will hang my system for about 1 minute. In that time, I noticed (with the use of tcpdump) that iptables tries to connect to port 111 on my box using udp. Why? Anyway, because the policy is DROP, it won't connect, and an ICMP message is not sent back. If I take a policy of ACCEPT, ICMP messages will be sent and iptables behaves fine. When I want to list my rules using iptables -L, it again hangs for some time (trying to connect to 111) and finally gives the list. The rule mentioned above is added, it only took some time. If I do iptables -nL (notice the 'n') it all works fine. Why is this? It is very annoying, particulary since another linux partition on my box doesn't have this problem. If I chroot to that partition, so using the same kernel version, iptables does not hang. Same version of iptables, same version of libc. What is going on here? Am I missing a configuration file somewhere? What does iptables want with udp port 111? If someone can clear this up for me, I'd be very happy to hear about it. Regards, David
