Fwd: Re: IP Tables slows network response times

Michael Hallager michael at networkstuff.co.nz
Mon Aug 15 13:32:15 CEST 2005


AS FOLLOWS: (Opps. my mistake!)

root at 202-150-101-225:/home/michael# iptables-save
# Generated by iptables-save v1.3.3 on Mon Aug 15 23:29:05 2005
*mangle
:PREROUTING ACCEPT [26426:1982742]
:INPUT ACCEPT [26426:1982742]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24934:3548792]
:POSTROUTING ACCEPT [24934:3548792]
COMMIT
# Completed on Mon Aug 15 23:29:05 2005
# Generated by iptables-save v1.3.3 on Mon Aug 15 23:29:05 2005
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24885:3543903]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 202.150.101.225 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 202.150.101.225 -p tcp -m layer7 --l7proto smtp -m tcp --dport 25 
-j ACCEPT
-A INPUT -d 202.150.101.225 -p tcp -m layer7 --l7proto dns -m tcp --dport 53 
-j ACCEPT
-A INPUT -d 202.150.101.225 -p udp -m layer7 --l7proto dns -m udp --dport 53 
-j ACCEPT
-A INPUT -d 202.150.101.235 -p tcp -m layer7 --l7proto dns -m tcp --dport 53 
-j ACCEPT
-A INPUT -d 202.150.101.235 -p udp -m layer7 --l7proto dns -m udp --dport 53 
-j ACCEPT
-A INPUT -d 202.150.101.225 -p tcp -m layer7 --l7proto http -m tcp --dport 80 
-j ACCEPT
-A INPUT -d 202.150.101.225 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -d 202.150.101.226 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 202.150.101.227 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 129.223.123.249 -d 202.150.101.225 -p tcp -m tcp --dport 9050 -j 
ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Mon Aug 15 23:29:05 2005
root at 202-150-101-225:/home/michael#     



Michael Hallager
networkStuff ltd
www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883



More information about the netfilter mailing list