Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Ipchains Issue
Thanks Stefan,

Is the same thing happening when I connect? If I'm allowing my host say,
172.16.0.5 to connect (speficied in the input rule) and the "deny the rest"
command set, it takes about 30 seconds-1 minute for me to connect. Once I'm
connected there's no problem. I checked the man pages and there's no option
(if in fact it's also doing lookups on a connect). Any ideas?

Thanks
Terence
----- Original Message -----
From: "Stefan Nauber" <stefan.nauber@xxxxxxxxxxxxxxxxx>
To: "'Terence'" <terencel@xxxxxxxxxxxxx>; <suse-security@xxxxxxxx>
Sent: Friday, June 07, 2002 6:22 PM
Subject: RE: [suse-security] Ipchains Issue


Hi,

yes you are right. Just do ipchains -L -n to avoid reverse lookups.

Greetings,
Stefan


> -----Original Message-----
> From: Terence [mailto:terencel@xxxxxxxxxxxxx]
> Sent: Friday, June 07, 2002 12:09 PM
> To: suse-security@xxxxxxxx
> Subject: [suse-security] Ipchains Issue
>
>
> hi,
>
> I have the following setup on ipchains (simplified)
>
> step 1: Set all policies to deny
> ipchains -A input -i ! lo -j DENY
> ipchains -A output -i ! lo -j DENY
>
> step 2: Allow whatever else.
> ipchains -A input ...... ACCEPT
>
> step 3: Add the following line (to reject everything else):
>
> ipchains -A input -j REJECT
>
> step 4: Restore default policies
>
> The problem is with step 3. After I run the script, I type in
> "ipchains -L"
> which takes forever to execute. The same when I try to
> connect to my box.
> Now I suspect that it might be doing reverse lookups on the
> dns. Am I right
> or is thre something wrong with my assumption of ipchains?
>
> thanks to anyone who can help
> rgds
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>


< Previous Next >