Delay in responding caused by netfilter ?

Taylor, Grant gtaylor at riverviewtech.net
Sat Apr 30 06:01:31 CEST 2005


> i'd second that notion.  setup the OUTPUT chain to allow everything and
> see if that fixes it.  if it does--figure out what traffic you need to
> be allowing out to prevent the delay.

Rather than allowing ident would it be possible to do a REJECT (via iptables -t filter -A OUTPUT -j REJECT) (I'm not sure if this can be a policy or not) that way the ident will fail immediately verses timing out?  That is if you don't want the ident to happen.  Seeing as how a LOT of servers don't even support ident any more this might just as well be an option.



Grant. . . .



More information about the netfilter mailing list