RE: [suse-security] IPTABLES Command slows down the machine

["Mark Perry" <PERRY@xxxxxxxxxx>]

-i $lo

do you mean -i lo , or from your previous script:

-i $LO_IFACE

All the Best / Mit Freundlichen Gruessen
Mark G. Perry

IBM Germany Development GmbH / IBM Deutschland Entwicklung GmbH
Schoenaicher Strasse 220, 71032 Boeblingen, Germany
Email/Sametime: perry@xxxxxxxxxx
Office Tel: (+49)-7031-16-3626


|---------+---------------------------->
|         |           "Knut Erik       |
|         |           Hauslo"          |
|         |           <KNUTH@xxxxxxxxxx|
|         |           om>              |
|         |                            |
|         |           25/07/2003 13:37 |
|         |                            |
|---------+---------------------------->
  >-------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                               |
  |       To:       Mark Perry/Germany/Contr/IBM@IBMDE                                                                            |
  |       cc:       <suse-security@xxxxxxxx>                                                                                      |
  |       Subject:  RE: [suse-security] IPTABLES Command slows down the machine                                                   |
  |                                                                                                                               |
  >-------------------------------------------------------------------------------------------------------------------------------|




Well, after addiing "$IPTABLES -a INPUT -i $lo -j ACCEPT" and rebooting,
speed have not improved... By the way, if I manually start the script
(not via /etc/init.d/boot.local) things are performing at normal
speed.... :-S (confused smiley)

Cheers
Knut Erik


-----Original Message-----
From: Mark Perry [mailto:PERRY@xxxxxxxxxx]
Sent: Friday, July 25, 2003 1:20 PM
To: Knut Erik Hauslo
Cc: suse-security@xxxxxxxx
Subject: RE: [suse-security] IPTABLES Command slows down the machine



I don't see any allowance for INPUT on IFC=lo?

I always start my scripts by allowing the local loopback interface -
I'll allow others on the List to make the own comments ;-) But here's
how my iptable scripts start:

   #
   # Enable all I/O to/from the local loopback interface
   #
   iptables --append INPUT \
      --in-interface lo \
      --jump ACCEPT

   iptables --append OUTPUT \
      --out-interface lo \
      --jump ACCEPT

   #--------------------------------#

   #
   # Establish our harsh drop-all default policies
   #
   iptables --policy INPUT   DROP
   iptables --policy OUTPUT  DROP
   iptables --policy FORWARD DROP

<SNIP>

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here






-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here