VPS and iptables

[thisisit3]

I noticed that iptables is kinda "slow" on a VPS, compared to a normal system.

When i ban an IP address, the rule is inserted instantly in the iptables chain, but it will take effect after 5 seconds or so.

Anyone noticed this behaviour?

[JPC-Jawad]

I tried to reproduce this one. I pinged one of our testing VPS from another server and blocked the pinging server's IP in iptables of the testing VPS and instantly noticed the ping stopped. It was way less than a second. I also tried an ip from outside the network in asia and it was also blocked instantly. If this is crucial for you, you may open a ticket so that we will have a look.

[thisisit3]

Here is what i also noticed, when portsentry bans someone for accessing an "illegal" port, it looks like this:

Code:

Jan  5 16:19:12 server portsentry[9270]: attackalert: Connect from host: 216.77.98.254/216.77.98.254 to TCP port: 22
Jan  5 16:19:12 server portsentry[9270]: attackalert: External command run for host: 216.77.98.254 using command: "/sbin/iptables -I INPUT -s 216.77.98.254 -j DROP"
Jan  5 16:19:12 server portsentry[9270]: attackalert: Connect from host: 216.77.98.254/216.77.98.254 to TCP port: 22
Jan  5 16:19:12 server portsentry[9270]: attackalert: Host: 216.77.98.254 is already blocked. Ignoring
...

Notice how the "Host X is already blocked", this appears even up to 10 times after the first iptables rule has already been executed.

Howard, i don't think this is a major problem, maybe something related to buffers processing packets with a delay... so i'll ignore it for the moment.

PS:
i also noticed this problem with modsec, it keeps blocking packets from an IP address that iptables should have already blocked (i'm using modsec to execute iptables to ban IPs in real-time).