[PLUG] iptables question

Mike Sheinberg on 31 Jan 2011 08:57:59 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] iptables question

From: Mike Sheinberg <m.sheiny@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: [PLUG] iptables question
Date: Mon, 31 Jan 2011 11:57:52 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=lOibpUmI2eu1D9JsLUaPkBEeaJfDno1Dy5lr1vt303U=; b=V24uP6tEypI1h7uELHbxduIhYxLnV6jGwPuRg+DlgZNPI9ThFciVwYqiMg0HvUD00g +QVgbizaqiikoik4GxFEVZSYLvQOC4UUitInw/aqai6gEPuQltvwySO40Oe0ofifeg1t ymNQAHYYkMkJVAZFsUMjj15aFM+2oSiKAC1nU=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

Hey potential iptables wranglers,

*** DISCLAIMER IPTABLES NEWBIE ****

I'm trying to setup a new firewall config on a web server and was curious about something I noticed. Specifically, after I changed the INPUT chain policy to default DROP it seems that whenever I do an 'iptables -L' it takes a good 30 seconds to dump to output. Previously this only took about 1 second. Is there something funky in my config that may cause something like this?

Here's my current dump of /etc/sysconfig/iptables:

# Generated by iptables-save v1.3.5 on Mon Jan 31 10:36:35 2011

*filter
:INPUT DROP [33:5345]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [129:15384]
:fail2ban-ApacheAuth - [0:0]

:fail2ban-ApachePHPbot - [0:0]
:fail2ban-BadBots - [0:0]
:fail2ban-SSH - [0:0]
-A INPUT -s XXXXXXXXXXXXX -j ACCEPT
-A INPUT -s XXXXXXXXXXX/255.255.255.224 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-ApacheAuth
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-ApachePHPbot

-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
-A INPUT -i lo -j ACCEPT

-A OUTPUT -d XXXXXXXX/255.255.255.224 -j ACCEPT
-A fail2ban-ApacheAuth -j RETURN
-A fail2ban-ApachePHPbot -j RETURN

-A fail2ban-BadBots -j RETURN
-A fail2ban-SSH -s XXXXXXXXXX -j DROP
-A fail2ban-SSH -j RETURN
COMMIT
# Completed on Mon Jan 31 10:36:35 2011

A couple of things to point out, I'm using fail2ban so I have some extra chains in there that it added. The top two INPUT rules are IPs of the servers that need access to everything (that's why they are first). I didn't build this config by hand but instead added rules manually in CLI and then did 'service iptables save'. Oh yeah... I'm on CentOS 5.5 if it's relevant to anyone. The blanked out XXXXs are IP addresses (not hostname).

I saw similar issues of this in Google but wasn't able to peg down an answer.

Thanks!

Mike

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] iptables question
  - From: "Kyle R. Burton" <kyle.burton@gmail.com>
- Re: [PLUG] iptables question
  - From: David Coulson <david@davidcoulson.net>
- Re: [PLUG] iptables question
  - From: Robert Spangler <mlists@zoominternet.net>

Prev by Date: Re: [PLUG] Web Cam Recommendation
Next by Date: Re: [PLUG] iptables question
Previous by thread: Re: [PLUG] Web Cam Recommendation
Next by thread: Re: [PLUG] iptables question
Index(es):
- Date
- Thread