Menu
▾
▴
[webmin-l] iptables slow to list "Networking/Linux Firewall"
|
From: Darryl E. <en...@al...> - 2004-01-08 15:14:50
|
<html>
<font face="Courier New, Courier">I'm having a problem with a few of my
firewall box that use Webmin to admin. If there are a lot NAT rules
and/or fire wall rules it takes a long time to list them. I think it is
because Iptables is doing a reverse lookup on all the address and most of
them are 10.x.x.x or 192.168.x.x so all the lookups fail. Is there a way
to change the module so that it doesn't do the reverse lookups before it
creates the page in Webmin? From the man page for Iptables I
find...<br><br>
"-L, --list [chain] <br>
List all rules in the selected chain. If no chain is selected, all chains
are listed. As every other iptables command, it applies to the specified
table (filter is the default), so NAT rules get listed by<br><br>
iptables -t nat -n -L<br>
Please note that it is often used with the -n option, in order to avoid
long reverse DNS lookups. It is legal to specify the -Z (zero) option as
well, in which case the chain(s) will be atomically listed and zeroed.
The exact output is affected by the other arguments
given."<br><br>
...So I know it is possible to have iptables not do the lookups. I am on
a RedHat 8.0 system with the latest version of Webmin. I did search the
list archive and found nothing that helped. I poked around in
"/usr/libexec/webmin/firewall" and found the
"index.cgi" and in it I found...<br><br>
# Check if the save file exists. If not, check for any existing firewall
# rules, and offer to create a save file from them<br><br>
---------SNIP--------------<br><br>
foreach $t (@known_tables)
{<br>
system("iptables -t $t -L >/dev/null") if
(!$hastable{$t});<br>
}<br><br>
...but adding a "-n" doesn't speed it up.<br><br>
Sorry to ramble on , any ideas?<br><br>
<br>
Darryl Engle<br><br>
</font><x-sigsep><p></x-sigsep>
"Man, I haven't had a Schlitz beer since elementary
school.."<br><br>
</html>
|