-i $lo
do you mean -i lo , or from your previous script:
-i $LO_IFACE
All the Best / Mit Freundlichen Gruessen
Mark G. Perry
IBM Germany Development GmbH / IBM Deutschland Entwicklung GmbH
Schoenaicher Strasse 220, 71032 Boeblingen, Germany
Email/Sametime: perry@de.ibm.com
Office Tel: (+49)-7031-16-3626
|---------+---------------------------->
| | "Knut Erik |
| | Hauslo" |
| |
-------------------------------------------------------------------------------------------------------------------------------| | | | To: Mark Perry/Germany/Contr/IBM@IBMDE | | cc:
| | Subject: RE: [suse-security] IPTABLES Command slows down the machine | | | -------------------------------------------------------------------------------------------------------------------------------|
Well, after addiing "$IPTABLES -a INPUT -i $lo -j ACCEPT" and rebooting, speed have not improved... By the way, if I manually start the script (not via /etc/init.d/boot.local) things are performing at normal speed.... :-S (confused smiley) Cheers Knut Erik -----Original Message----- From: Mark Perry [mailto:PERRY@de.ibm.com] Sent: Friday, July 25, 2003 1:20 PM To: Knut Erik Hauslo Cc: suse-security@suse.com Subject: RE: [suse-security] IPTABLES Command slows down the machine I don't see any allowance for INPUT on IFC=lo? I always start my scripts by allowing the local loopback interface - I'll allow others on the List to make the own comments ;-) But here's how my iptable scripts start: # # Enable all I/O to/from the local loopback interface # iptables --append INPUT \ --in-interface lo \ --jump ACCEPT iptables --append OUTPUT \ --out-interface lo \ --jump ACCEPT #--------------------------------# # # Establish our harsh drop-all default policies # iptables --policy INPUT DROP iptables --policy OUTPUT DROP iptables --policy FORWARD DROP <SNIP> -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here