Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] IPTABLES Command slows down the machine
  • From: "Mark Perry" <PERRY@xxxxxxxxxx>
  • Date: Fri, 25 Jul 2003 14:00:26 +0200
  • Message-id: <OF137C630E.FA7C5E0B-ONC1256D6E.00420931-C1256D6E.004223EC@xxxxxxxxxx>
-i $lo

do you mean -i lo , or from your previous script:

-i $LO_IFACE

All the Best / Mit Freundlichen Gruessen
Mark G. Perry

IBM Germany Development GmbH / IBM Deutschland Entwicklung GmbH
Schoenaicher Strasse 220, 71032 Boeblingen, Germany
Email/Sametime: perry@xxxxxxxxxx
Office Tel: (+49)-7031-16-3626


|---------+---------------------------->
| | "Knut Erik |
| | Hauslo" |
| | <KNUTH@xxxxxxxxxx|
| | om> |
| | |
| | 25/07/2003 13:37 |
| | |
|---------+---------------------------->
>-------------------------------------------------------------------------------------------------------------------------------|
| |
| To: Mark Perry/Germany/Contr/IBM@IBMDE |
| cc: <suse-security@xxxxxxxx> |
| Subject: RE: [suse-security] IPTABLES Command slows down the machine |
| |
>-------------------------------------------------------------------------------------------------------------------------------|




Well, after addiing "$IPTABLES -a INPUT -i $lo -j ACCEPT" and rebooting,
speed have not improved... By the way, if I manually start the script
(not via /etc/init.d/boot.local) things are performing at normal
speed.... :-S (confused smiley)

Cheers
Knut Erik


-----Original Message-----
From: Mark Perry [mailto:PERRY@xxxxxxxxxx]
Sent: Friday, July 25, 2003 1:20 PM
To: Knut Erik Hauslo
Cc: suse-security@xxxxxxxx
Subject: RE: [suse-security] IPTABLES Command slows down the machine



I don't see any allowance for INPUT on IFC=lo?

I always start my scripts by allowing the local loopback interface -
I'll allow others on the List to make the own comments ;-) But here's
how my iptable scripts start:

#
# Enable all I/O to/from the local loopback interface
#
iptables --append INPUT \
--in-interface lo \
--jump ACCEPT

iptables --append OUTPUT \
--out-interface lo \
--jump ACCEPT

#--------------------------------#

#
# Establish our harsh drop-all default policies
#
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

<SNIP>

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here






< Previous Next >