Quote:> I am using a web server on an intranet and want to close all unnecessary
> ports. When I use a general policy for my OUTPUT chain like Reject or Deny
> - the access time to my webserver is very long. I have only allowed tcp on
> port 80 - what am I missing?
One thing to check is to make sure you have DNS lookups turned off on
your web server, i.e. your log files just contain the ip numbers of machines
making requests, not their names. If lookups are on, it will attempt to do
DNS lookups and those may be blocked by your setup, causing them to timeout
and slow down the whole show.
John Murtari Software Workshop Inc.