Need Explanation On Iptables Rules Slow On Startup

ratangy · Post by **ratangy** » 2012/11/28 19:21:15

Hello,

Someone here can explain me why iptables is slow to load iptables rules from a script after a reboot?

it can take up to 2 minutes to make iptables start loading rules

thanks.

here is the code I'm using

[code]
###############################################################################
# Load required kernel modules
#------------------------------------------------------------------------------
#$MODPROBE ip_conntrack_ftp
#$MODPROBE ip_conntrack_irc
#$MODPROBE ip_nat_ftp
$MODPROBE xt_connlimit
$MODPROBE ipt_connlimit
$MODPROBE ipt_limit

$RMMOD ipt_recent
$MODPROBE ipt_recent

###############################################################################
# Default policies.
#------------------------------------------------------------------------------

echo "# Drop everything by default."
# Drop everything by default.
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

echo "# Set the nat/mangle/raw tables' chains to ACCEPT"
# Set the nat/mangle/raw tables' chains to ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT

$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT

# Cleanup.
#------------------------------------------------------------------------------

echo "# Delete all"
# Delete all
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F

# Delete all
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

# Zero all packets and counters.
$IPTABLES -Z
$IPTABLES -t nat -Z
$IPTABLES -t mangle -Z
[/code]