The linux firewall module keeps querying the DNS when
any IP address is found in a iptables rule. This
includes address/mask blocks, i.e. if there is a rule
about 10.0.0.0/8 then a "0.0.0.10.in-addr.arpa. IN PTR"
query is submitted to DNS. This makes the firewall
interface very slow if there are many IP addresses or
blocks in the rules, especially if they don't have
reverse dns (like 10.0.0.0). I think this is a bug but
I never found any reference to this problem. These
queries are perfectly useless.
Logged In: YES
user_id=129364
The problem here is that the module runs
/etc/init.d/iptables status on redhat systems to check if
IPtables is working. Unfortunately, this can take a long
time, as that script calls iptables without the -n option to
disable DNS lookups.
The next Webmin release will call that script only once ..