6
edits
Changes
→Firewall rules in the wrong order?: new section
Basically with firewall activated the transaction time is around 48 seconds, with firewall deactivated about 0,700 seconds.
What on earth could possible be the cause? The FORWARD rule is that bad on VZ?
== Firewall rules in the wrong order? ==
I've been using the firewall script for a while and it works great. That is until I tried to ban an IP address, and it didn't work.
I'm not an iptables expert, so was a bit wary about messing around too much, but my theory is all the iptables -I (insert) should be iptables -A (append), which has the effect of running the rules in the oposite order to intended. This means the source I wanted to block was matching an OKPORT before getting to the BANNED section.
In fact to fix my problem I just moved the BANNED section between the DMZS and OKPORTS, which had the desired effect.
I'd love to see anyone's comments. [[User:Robferrer|Robferrer]] ([[User talk:Robferrer|talk]]) 07:16, 14 June 2013 (EDT)