Sites loading slows down after applying iptables rules

V

v2t2012-07-11 15:46:39

linux

v2t, 2012-07-11 15:46:39

Good afternoon!
There is a server on CentOS 6.2. Nginx is configured as front-end to apache. I write iptables rules in /etc/sysconfig/iptables. I start iptables. After applying the rules, I notice a decrease in the speed of loading sites. To check if this is really the case, I do a check through tools.pingdom.com/fpt/ (from the same server, 5 attempts with and without iptables running). Result: loading time increases by an average of 1 s. At the same time, the Wait parameter increases (the browser is waiting for data from the server). List of rules:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
...
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Tell me, in which direction to dig? Maybe someone faced a similar situation? Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Semyon Dubina, 2012-07-11
@v2t

And none of the internal services, by chance, was cut? Look at nmap-ohm that hangs, that answers without rules.

B

bear11, 2012-07-11
@bear11

1) take wireshark and see how and what goes
2) What about DNS queries? Did you kill UDP port 53?

V

v2t, 2012-07-12
@v2t

bear11 , sam002 , thanks for your answers! DNS (53/TCP, UDP) is definitely not filtered. For the rest, I'll watch.