iptables --list is very slow

[Jonathan Wilson]

I just tried using iptables --list on one of my servers and it took about 4
minutes for it to list all the rules, pausing several seconds between each
batch of lines. There are a lot of rules, but if all those lines were in a
text file it would only take a fraction of a second to cat them. So the
slowness is not from printing a lot of lines to the console.

Is this normal behaviour? Is there a way to make it print faster?

The actual rules were generated by firehol. Using Debian Etch netinstall -
nothing abnormal.

JW

--

----------------------
System Administrator - Cedar Creek Software http://www.cedarcreeksoftware.com
http://jwadmin.blogspot.com/

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

[Mike Bird]

On Monday 15 October 2007 16:17, Jonathan Wilson wrote:
> I just tried using iptables --list on one of my servers and it took about 4
> minutes for it to list all the rules, pausing several seconds between each
> batch of lines. There are a lot of rules, but if all those lines were in a
> text file it would only take a fraction of a second to cat them. So the
> slowness is not from printing a lot of lines to the console.
>
> Is this normal behaviour? Is there a way to make it print faster?
>
> The actual rules were generated by firehol. Using Debian Etch netinstall -
> nothing abnormal.

See if "iptables --list -n" is fast. If so, it's the reverse DNS lookups
that are slowing down "iptables --list", so you'll need to check DNS settings.