I use filtcfg on nw65 servers(only 1 nic) to firewall. I used to only do
Permit rules,,,but started doing Deny All and permit exceptions.

I noticed that my tls connections are very slow to initiate with my
firwall on---here we can see 8 seconds to initiate.


[2006/04/18 10:17:18] Work info status: Total:1 Peak:1 Busy:0
[2006/04/18 10:17:18] Thread pool status: Total:4 Peak:4 Busy:3
[2006/04/18 10:17:30] New TLS connection 0x46826540 from ip:57192, monitor = 0x2d5, index = 1
[2006/04/18 10:17:38] Monitor 0x2d5 initiating TLS handshake on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0000:0x00) DoTLSHandshake on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0000:0x00) Completed TLS handshake on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0001:0x60) DoBind on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0001:0x60) Bind name:cn=xxxxxxx, version:3, authentication:simple
[2006/04/18 10:17:38] (ip:57192)(0x0001:0x60) Sending operation result 0:"":"" to connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0002:0x63) DoSearch on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0002:0x63) Search request:
base: "ou=xxxxxxxxxxx"
scope:1 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=*)(uid=xxxx))"
attribute: "uid"
[2006/04/18 10:17:38] (ip:57192)(0x0002:0x63) Sending search result entry "uid=xxxxxxxxx" to connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0003:0x60) DoBind on connection 0x46826540
[2006/04/18 10:17:38] (ip:57192)(0x0003:0x60) Bind name:uid=xxxxxxxxxxx, version:3, authentication:simple
[2006/04/18 10:17:38] (ip:57192)(0x0003:0x60) Sending operation

I cannot dupliate this with my firewall off. I am allowing port 636 stateful from this machine. Using filter debug
I cannot find where any packets from this box are dropping. Is Deny more
intensive than Permit? I guess I can build these rules with Permit
instea of Deny and see what happens. Comments? Thanks!