Iptables REJECT taking 3 seconds
Tyler Aviss
tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Apr 8 16:14:18 UTC 2013
I've noticed that even when a rule exists to REJECT outgoing connections,
it still takes about 3 seconds to process.
While DROP rules should depend on the timeout of the connecting app,
shouldn't anything that is REJECT'ed be immediately blocked and end the
connection attempt?
# iptables -A OUTPUT -m state --state INVALID -j REJECT
# date; telnet 10.1.1.1 80; date
Mon Apr 8 09:08:40 PDT 2013
Trying 10.1.1.1...
telnet: connect to address 10.1.1.1: Connection refused
Mon Apr 8 09:08:43 PDT 2013
It always seems to be a solid 3 seconds. I don't remember this being the
normal behaviour previously. Perhaps it's something that is configured
somewhere?
RHEL-5.9
--
Tyler Aviss
Systems Support
LPIC/LPIC-2/DCTS/CLA
"Computers don't make mistakes. They can, however, execute those provided
to them very quickly"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130408/fd97fa7f/attachment.html>
More information about the Legacy
mailing list