Hi Luca,<br><br>Its not so uncommon, the -n option forces iptables to show the list in numeric output. If you do not give the option iptables will try and resolve everything.<br><br><i> -n, --numeric<br> Numeric output. IP addresses and port numbers will be printed in numeric format. By default, the program will try to display them as host names, network names, or services (whenever applicable).</i><br>
<br>If your system does not have a properly configured DNS server (resolver) iptables will wait for the dns timeout on each line(not sure if its for each line or that it tries to resolve everything at once). And this can as you have noticed take some time. So there probably is something wrong with your DNS configuration.<br>
<br>Kind regards,<br><br>Adrian.<br><br><br><div class="gmail_quote">On Fri, Jul 16, 2010 at 8:55 AM, Luca Dionisi <span dir="ltr"><<a href="mailto:luca.dionisi@gmail.com">luca.dionisi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Little improvement in starting a vm.<br>
In my system a iptables command without the flag -n takes alot of time, eg:<br>
iptables -vL FORWARD<br>
takes 10.171s, while<br>
iptables -vL FORWARD -n<br>
takes 0.022s.<br>
<br>
I'm not aware if this is common, or just a weird problem in my system.<br>
Anyway, the use of that flag in some point of your scripts (eg<br>
manage_tuntap) may be worth.<br>
_______________________________________________<br>
Netkit.users mailing list<br>
<a href="mailto:Netkit.users@list.dia.uniroma3.it">Netkit.users@list.dia.uniroma3.it</a><br>
<a href="http://list.dia.uniroma3.it/mailman/listinfo/netkit.users" target="_blank">http://list.dia.uniroma3.it/mailman/listinfo/netkit.users</a><br>
</blockquote></div><br>