Iptables rules slow down loggining in via SSH

I am trying to build some basic iptables rules for my VDS:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -P INPUT DROP

I want to block any incoming traffic except for traffic SSH and WEB. But after applying the rules and rebooting the system, it takes 30 seconds to login via SSH, the login process is very slow, but it works perfectly after I connect.

What rules should I add to make loggining in via SSH faster?

From iptables --help:

--numeric   -n      numeric output of addresses and ports

https://serverfault.com/questions/85602/iptables-l-pretty-slow-is-this-normal

Include the -n option so it doesn't try to use DNS to resolve names for every IP address, network and port. Then it will be fast.

https://help.ubuntu.com/community/IptablesHowTo

Allowing Established Sessions

We can allow established sessions to receive traffic:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

If the line above doesn't work, you may be on a castrated VPS whose provider has not made available the extension, in which case an inferior version can be used as last resort:

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

edited out because help.ubuntu.com offers a better and completer sollution ignore below

https://serverfault.com/questions/416537/why-does-a-valid-set-of-iptables-rules-slow-my-server-to-a-crawl

Rule to accept traffic based on existing traffic

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Iptables rules slow down loggining in via SSH

Related

Recent Posts