Menu
▾
▴
RE: [webmin-l] iptables slow to list "Networking/Linux Firewall"
|
From: E. K. (D. ICT) <E.K...@do...> - 2004-01-08 15:49:02
|
=20
-----Oorspronkelijk bericht-----
Van: web...@li... =
[mailto:web...@li...]Namens Darryl Engle
Verzonden: donderdag 8 januari 2004 16:16
Aan: web...@li...
Onderwerp: [webmin-l] iptables slow to list "Networking/Linux Firewall"
I'm having a problem with a few of my firewall box that use Webmin to =
admin. If there are a lot NAT rules and/or fire wall rules it takes a =
long time to list them. I think it is because Iptables is doing a =
reverse lookup on all the address and most of them are 10.x.x.x or =
192.168.x.x so all the lookups fail. Is there a way to change the module =
so that it doesn't do the reverse lookups before it creates the page in =
Webmin? From the man page for Iptables I find...
"-L, --list [chain]=20
List all rules in the selected chain. If no chain is selected, all =
chains are listed. As every other iptables command, it applies to the =
specified table (filter is the default), so NAT rules get listed by
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid =
long reverse DNS lookups. It is legal to specify the -Z (zero) option as =
well, in which case the chain(s) will be atomically listed and zeroed. =
The exact output is affected by the other arguments given."
...So I know it is possible to have iptables not do the lookups. I am on =
a RedHat 8.0 system with the latest version of Webmin. I did search the =
list archive and found nothing that helped. I poked around in =
"/usr/libexec/webmin/firewall" and found the "index.cgi" and in it I =
found...
# Check if the save file exists. If not, check for any existing firewall =
# rules, and offer to create a save file from them
---------SNIP--------------
foreach $t (@known_tables) {
system("iptables -t $t -L >/dev/null") if =
(!$hastable{$t});
}
...but adding a "-n" doesn't speed it up.
Sorry to ramble on , any ideas?
Darryl Engle
"Man, I haven't had a Schlitz beer since elementary school.."
------------------------------------------------------- This SF.net =
email is sponsored by: Perforce Software. Perforce is the Fast Software =
Configuration Management System offering advanced branching capabilities =
and atomic changes on 50+ platforms. Free Eval! =
http://www.perforce.com/perforce/loadprog.html - Forwarded by the Webmin =
mailing list at web...@li... To remove yourself =
from this list, go to =
http://lists.sourceforge.net/lists/listinfo/webadmin-list=20
|
