iptables-config says IPTABLES_STATUS_NUMERIC="yes", but output still not numeric

[bennetthaselton]

My /etc/sysconfig/iptables-config file contains these four lines (and it's always been this way; I didn't just change it and forget to restart the service):

# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

However, if I type "iptables -L", it still outputs the rules while doing a reverse-lookup on IP addresses (which slows down the output):

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- [here be a hostname] anywhere tcp dpt:ssh
[etc.]

If I type "iptables -L -n", it outputs in IP address format (instantly, with no delays for reverse-lookups):

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- [here be an IP address] 0.0.0.0/0 tcp dpt:22
[etc.]

So, I can get the output I want by adding "-n", but since I have the line IPTABLES_STATUS_NUMERIC="yes" in iptables-config, why doesn't it do that by default anyway?

Google turns up a lot of threads with people asking "why is iptables output so slow?", and people replying that it's slow because of the delay for reverse-lookups, and you can avoid that by using "-n" or adding IPTABLES_STATUS_NUMERIC="yes" to iptables-config -- but I can't find any thread with anyone saying that IPTABLES_STATUS_NUMERIC="yes" is not having the intended effect, or giving a solution to this problem.

[TrevorH]

The file you're talking about, /etc/sysconfig/iptables-config, only affects the service iptables status command. To do the same thing for the iptables command you need to specify -n as one of the switches to it.