[ale] iptables slowing down the website?
Christopher Bergeron
christopher at bergeron.com
Sat Mar 13 13:26:59 EST 2004
I tried it with dns on udp, but it still does the same thing.
Here are my rules:
iptables -P INPUT DROP #drop everything by default
iptables -P OUTPUT ACCEPT #let anything out
# allow some incoming requests
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
When these rules are enabled, the pages take about 10 seconds to load.
When the rules are disabled, the pages display almost instantly.
Anyone have any ideas?
Thanks again,
CB
Stephan Uphoff wrote:
>Try adding udp for dns.
>
>Christopher Bergeron wrote:
>
>
>>Does anyone know why the usage of iptables could slow down a webserver?
>>
>>My website uses mysql, httpd, and dns.
>>
>>My rules are similar to the following:
>>
>>DROP all INPUT by default
>>let any output flow (OUTPUT ACCEPT)
>>INPUT from dns accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from httpd accepted (INPUT -p tcp -j ACCEPT)
>>INPUT from mysql accepted (INPUT -p tcp -j ACCEPT)
>>
>>I'm no iptables guru, but my rules make sense (at least to me). Is
>>there something that I'm missing?
>>
>>Thanks in advance,
>>CB
>>
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale
>>
>>
>>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>
>
>
More information about the Ale
mailing list