59

Quick question but Gooling has not revealed an answer. When I do iptables -L, it seems to lag on displaying items in where I have limited the source to internal ips 192.168.0.0/24

The whole listing takes about 30 seconds to display.

I just want to know: Does this affect the speed of my incoming connections or is this simply a side effect of having all these ranges within my iptables rules?

Thanks!

Bartek
  • 799
  • 2
  • 8
  • 12

3 Answers3

88

Include the -n option so it doesn't try to use DNS to resolve names for every ip address, network and port. Then it will be fast.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • 16
    I generally like `iptables -vnL --line-numbers` for my listing command. Keep in mind by default you don't see all the tables, for instance, the nat table. To see that nat table: `-t nat` – Kyle Brandt Nov 17 '09 at 17:50
  • `-t mangle` & `-t raw` also are not displayed by default – Stuart Cardall Apr 06 '18 at 18:28
1

For me it was slow and also I was getting this error 

sudo: unable to resolve host selleraz-proxy-service: Resource temporarily unavailable

I add 

127.0.0.1   machine-hostname

to /etc/hosts It worked so well like a charm :)

indianwebdevil
  • 220
  • 1
  • 6
0

I've personally seen this happen on a server that was configured for LDAP authentication, but could not reach the LDAP server (this was SLED 10). In my case, "netstat -a" and "iptables -L" were both exhibiting the same behavior you describe. An "strace" of the netstat showed it hanging on a connection to port 636 (LDAP-Secure). Turning off the LDAP (which, for me, was not needed on this platform) fixed the problem.

NoisyHeathen
  • 1