Why does a valid set of iptables rules slow my server to a crawl?

HackToHell asked:

So I implemented some a different set of iptables rules and now if i enable them, then lighttpd simply takes forever to load php enabled pages(like wp). There is no load on the server, processor usage stays low.

Here is my config, what could be the cause of this ?

*filter

:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 2012 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -i lo -j ACCEPT 


-A OUTPUT -j ACCEPT 

-A INPUT -j DROP 
COMMIT

My answer:


You’re missing a rule to accept traffic based on existing traffic (the rule that makes iptables stateful). This should be your very first rule:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.