From: Darryl E. <en...@al...> - 2004-01-08 15:14:50
|
<html> <font face="Courier New, Courier">I'm having a problem with a few of my firewall box that use Webmin to admin. If there are a lot NAT rules and/or fire wall rules it takes a long time to list them. I think it is because Iptables is doing a reverse lookup on all the address and most of them are 10.x.x.x or 192.168.x.x so all the lookups fail. Is there a way to change the module so that it doesn't do the reverse lookups before it creates the page in Webmin? From the man page for Iptables I find...<br><br> "-L, --list [chain] <br> List all rules in the selected chain. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table (filter is the default), so NAT rules get listed by<br><br> iptables -t nat -n -L<br> Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given."<br><br> ...So I know it is possible to have iptables not do the lookups. I am on a RedHat 8.0 system with the latest version of Webmin. I did search the list archive and found nothing that helped. I poked around in "/usr/libexec/webmin/firewall" and found the "index.cgi" and in it I found...<br><br> # Check if the save file exists. If not, check for any existing firewall # rules, and offer to create a save file from them<br><br> ---------SNIP--------------<br><br> foreach $t (@known_tables) {<br> system("iptables -t $t -L >/dev/null") if (!$hastable{$t});<br> }<br><br> ...but adding a "-n" doesn't speed it up.<br><br> Sorry to ramble on , any ideas?<br><br> <br> Darryl Engle<br><br> </font><x-sigsep><p></x-sigsep> "Man, I haven't had a Schlitz beer since elementary school.."<br><br> </html> |