My LAMP webserver started lagging while serving up pages. After poking around I noticed iptables -L was taking a good 2-5 seconds to complete - I'm used to this happening a lot quicker.
So I restarted iptables and it fixed my lag problem.
Question: is it bad practice to restart iptables on a regular basis?
I know it disables the firewall so I'm unprotected for a matter of seconds, but it seems that after about a week of running time the iptables -L command tends to take longer and longer to execute. So I figured a weekly cron would suffice, but wanted to know if this was a bad idea. Instead there may be a iptables specific conf option I should be setting instead?
There is nothing inherent in the
iptablescommand that should take that long. You didn't say how you restartediptables(even though that is not an accurate phrase) - but I'll assume you did this:If this is true, then you are using Red Hat Enterprise Linux or something similar (you didn't say).
The documentation for
iptables -Lsays this:Try using
iptables -L -v -n(a favorite invocation of mine) to display the details of your rules.This does not I would guess relate to your web server lag problem. You didn't say what web server, what operating system, what symptoms, etc. Your web server lag should not be related to any lag of the display of firewall rules. However, reverse DNS can bite there too: check for configuration that turns off reverse DNS lookups.