Why do some sites take forever to load when using Pi-hole? (for versions < v4.0)

iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset

This rule sets up on the INPUT chain, all TCP traffic on port 443 (TLS/SSL/HTTPS) will get a message that the port is not available and will be sent a reset packet. This helps with slow loading of SSL/TLS pages since the client won't be waiting for a reply, the will get an immediate closed and will not be open message.

iptables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable

This is another INPUT chain rule, but this is a new one. The QUIC protocol sends over UDP as opposed to what we normally see as TCP traffic. So to block the QUIC and it's DNS traffic over QUIC, this rule sets another rejection notice to the client. It tells the client that QUIC is not available and ends the process.

iptables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable

That one is a combination of the two, reject QUIC TLS/SSL/HTTPS traffic.

3 Likes