Fwd: Re: IP Tables slows network response times

Michael Hallager michael at networkstuff.co.nz
Mon Aug 15 10:18:33 CEST 2005


> I think correct should be:
> itpables -I INPUT -i lo -j ACCEPT (guess you misspeled it in the hurry)
> forward rule for loopback is not necesary, as long as i remember
> iptables -I OUTPUT -o lo -j ACCEPT;

HOLD ON,
This creates the following:
chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  202.71.136.166       anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Looking at the first and last rule displayed here, dosn't this have the effect 
of negating everything else?
Eg: Allow all, from anywhere to anywhere....

Am I missing something?

Michael Hallager
networkStuff ltd
www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883



More information about the netfilter mailing list