IP Tables slows network response times

Jan Engelhardt jengelh at linux01.gwdg.de
Mon Aug 15 08:14:54 CEST 2005

>iptables -P INPUT DROP
>iptables -A INPUT -p tcp --destination-port 53 -j ACCEPT
>iptables -A INPUT -p udp --destination-port 53 -j ACCEPT

"Think before you rule."

If your NAMED makes a query to the outside world, its _DEFAULT configuration 
will NOT use_ 53 as source port, so --destination-port 53 cannot match.

(Use -m state --state ESTABLISHED)

More information about the netfilter mailing list