Iptables Hangs when listing rules
If I do iptables -L to list out all the rules in iptables, it will randomly hang at different ip addresses before continueing to print the list. It hangs for a few seconds, and at different ip addresses each time. My general rules are listed below. then I have a couple local IPs and a few remote IPs that are allowed. Is there a rule I forgot relating to lookups?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
The iptables command will attempt a reverse lookup on ip addresses. This will produce exactly the behavior you describe. You can inhibit the reverse lookup with the -n flag, which is why I always list rules like this:
iptables -vnL
This fact and many other useful tidbits can be found in the iptables man page. The relevant section concerning -n reads:
-L, --list [chain]
List all rules in the selected chain. If no chain is selected, all chains
are listed. Like every other iptables command, it applies to the specified
table (filter is the default), so NAT rules get listed by
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid
long reverse DNS lookups. It is legal to specify the -Z (zero) option as
well, in which case the chain(s) will be atomically listed and zeroed. The
exact output is affected by the other arguments given. The exact rules are
suppressed until you use
iptables -L -v