1.   March 29, 2026  
    sspirit's Avatar
    sspirit
    Member

    set up iptables properly

    Hi there!,

    I have question about configuring firewall on debian 13 using iptables to ensure game have no high latency. Whatever I tried still have high latency. Game runs fine when firewall turned off and ping is fine, about 30ms. With FW on - 500 - 1500ms.

    Not sendin whole fw settings, but core is displayed:

    Chain INPUT (policy ACCEPT 22401 packets, 11M bytes)
    num pkts bytes target prot opt in out source destination
    1 3553 917K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8093
    2 365 89292 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
    3 414 39569 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy DROP 975 packets, 249K bytes)
    pkts bytes target prot opt in out source destination
    135K 20M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED

    tried allow tcp connections 145.239.161.30.8093 but no success. Something is missing in input chain, cuz when allow INPUT for all traffic, no high ping.
    Edited: March 29, 2026
    Quote Quote
  2.   March 29, 2026  
    Shred's Avatar
    Shred
    Rock n' Roll Racing Champion
    You should add rules to the INPUT chain one by one until you start lagging. You have probably added a rule that is creating high load.
    Quote Quote
  3.   March 29, 2026  
    Shred's Avatar
    Shred
    Rock n' Roll Racing Champion
    Also now that I look more into it, a default accept policy for INPUT and a default drop for OUTPUT is kinda the opposite of what it should be.

    It should be default drop for INPUT (plus "-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT" for existing outgoing connections) and default accept for OUTPUT (unless you want to block your computer from connecting to something specific)
    Quote Quote
  4.   March 30, 2026  
    sspirit's Avatar
    sspirit
    Member
    already have this minimal configuration and ping vary from 30 - 800ms

    iptables -L -nv --line-numbers
    Chain INPUT (policy DROP 145 packets, 12354 bytes)
    num pkts bytes target prot opt in out source destination
    1 7923 1557K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    num pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 1236K packets, 96M bytes)
    num pkts bytes target prot opt in out source destination
    Quote Quote
  5.   March 30, 2026  
    sspirit's Avatar
    sspirit
    Member
    tried insert loopback interface into INPUT chain and for now, its running smooth with FW on at 30ms.
    Quote Quote
  6.   March 30, 2026  
    Shred's Avatar
    Shred
    Rock n' Roll Racing Champion
    Oh yes, you can't block the loopback interface in the firewall, since lots of programs in your computer use it to communicate to other programs or even themselves, and you will have weird freezes all the time.
    Quote Quote
« Previous Topic | Next Topic »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules