Dan Halbert
2008-Jan-28 21:20 UTC
[CentOS] boot slow at "Applying ip6tables firewall rules"
I have a fairly vanilla install of Centos5 on a desktop box (with a Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process hangs at "Applying ip6tables firewall rules" for 30-60 seconds before proceeding, which is annoying. I have not tried to turn off ipv6 networking. I guess I could, but is this slowness to be expected? Is it waiting for some ipv6 response? Thanks, Dan
Dan Halbert wrote:> I have a fairly vanilla install of Centos5 on a desktop box (with a > Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot process > hangs at "Applying ip6tables firewall rules" for 30-60 seconds before > proceeding, which is annoying. I have not tried to turn off ipv6 > networking. I guess I could, but is this slowness to be expected? Is it > waiting for some ipv6 response?Do you use iptables on the system? On my systems I don't install the ip6tables package, and disable iptables in my %post in kickstart, and disable IPv6 during %post as well - sed -i s'/^NETWORKING_IPV6=yes/NETWORKING_IPV6=no/'g /etc/sysconfig/network If you don't need IPv6 iptables I'd suggest disabling it, perhaps something like chkconfig --level 2345 ip6tables off (since I don't have the package installed I'm not certain what the init script name is) nate
John R Pierce
2008-Jan-28 21:29 UTC
[CentOS] boot slow at "Applying ip6tables firewall rules"
Dan Halbert wrote:> I have a fairly vanilla install of Centos5 on a desktop box (with a > Broadcom NetXtreme BCM5752 Gigabit NIC). When booting, the boot > process hangs at "Applying ip6tables firewall rules" for 30-60 seconds > before proceeding, which is annoying. I have not tried to turn off > ipv6 networking. I guess I could, but is this slowness to be expected? > Is it waiting for some ipv6 response?# chkconfig ip6tables off will probably stop this from occurring. looks like /etc/init.d/ip6tables invokes /etc/sysconfig/ip6tables-config then if it finds them, /etc/sysconfig/ip6tables .. the -config file just sets some environment variables, so probably doesn't take more than a blink, while /etc/sysconfig/ip6tables is going to attempt to set whatever firewall rules are in there.