Re: IP Tables slows network response times

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Michael Hallager <michael@xxxxxxxxxxxxxxxxxx>
Subject: Re: IP Tables slows network response times
From: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Mon, 15 Aug 2005 08:14:54 +0200 (MEST)
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200508142133.57867.michael@xxxxxxxxxxxxxxxxxx>
References: <200508142133.57867.michael@xxxxxxxxxxxxxxxxxx>
Sender: netfilter-bounces@xxxxxxxxxxxxxxxxxxx

>iptables -P INPUT DROP
>iptables -A INPUT -p tcp --destination-port 53 -j ACCEPT
>iptables -A INPUT -p udp --destination-port 53 -j ACCEPT

"Think before you rule."

If your NAMED makes a query to the outside world, its _DEFAULT configuration 
will NOT use_ 53 as source port, so --destination-port 53 cannot match.

(Use -m state --state ESTABLISHED)

References:
- IP Tables slows network response times
  - From: Michael Hallager

Prev by Date: Re: iptables + ebtables + snat question
Next by Date: RE: Blocking Google Earth
Previous by thread: Re: IP Tables slows network response times
Next by thread: RE: IP Tables slows network response times
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]

Powered by Linux