Delay in responding caused by netfilter ?
gtaylor at riverviewtech.net
Sat Apr 30 06:01:31 CEST 2005
> i'd second that notion. setup the OUTPUT chain to allow everything and
> see if that fixes it. if it does--figure out what traffic you need to
> be allowing out to prevent the delay.
Rather than allowing ident would it be possible to do a REJECT (via iptables -t filter -A OUTPUT -j REJECT) (I'm not sure if this can be a policy or not) that way the ident will fail immediately verses timing out? That is if you don't want the ident to happen. Seeing as how a LOT of servers don't even support ident any more this might just as well be an option.
Grant. . . .
More information about the netfilter