just as the title says.
thanks.

#General Rule Sets
/sbin/ipfw add 0300 check-state
/sbin/ipfw add 0301 deny tcp from any to any in established
/sbin/ipfw add 0302 pass tcp from any to any out setup keep-state
/sbin/ipfw add 0303 pass udp from any to any out

#SSH FTP
/sbin/ipfw add 0400 pass tcp from any to any 22 in setup keep-state
/sbin/ipfw add 0401 pass tcp from any to any 21 in setup keep-state

#HTTP HTTPS
/sbin/ipfw add 0500 pass tcp from any to any 80 in setup keep-state
/sbin/ipfw add 0501 pass tcp from any to any 443 in setup keep-state

#IMAP IMAPS POP3 SMTP
/sbin/ipfw add 0600 pass udp from any to any 25 in
/sbin/ipfw add 0601 pass tcp from any to any 25 in setup keep-state
/sbin/ipfw add 0602 pass tcp from any to any 143 in setup keep-state
/sbin/ipfw add 0603 pass udp from any to any 143 in
/sbin/ipfw add 0604 pass tcp from any to any 993 in setup keep-state
/sbin/ipfw add 0605 pass tcp from any to any 110 in setup keep-state
/sbin/ipfw add 0606 pass udp from any to any 110 in

#DNS
/sbin/ipfw add 0700 pass udp from any to any 53 in
/sbin/ipfw add 0701 pass tcp from any to any 53 in setup keep-state
/sbin/ipfw add 0702 pass udp from xxx.xxx.xxx.xxx to any in
/sbin/ipfw add 0703 pass udp from xxx.xxx.xxx.xxx to any in

no ideas anyone ? dns is not an issue, when connecting with the IP of this box logging in is still slow.

After you connect to the box, from that box, do a reverse dns lookup on the ip address that you originate from. Is that is slow, then this is a dns issue.

the reverse lookup took about 8-9 seconds.

Well, how does that compare with the login delay? The box will do a reverse dns lookup to log the connection.

about the same, so should i double check my reverse dns configuration on the ssh server ?

That is a little slow for dns, I would check out the dns setup to try and find out why. I guess...actually 8 or 9 seconds probably wouldn't be much motivation. You can do stuff like setting up a caching-only name server on the target box. Or even use a hosts file. You probably can also configure your ftp server and ssh server to log ip addresses only. There are lots of options now that you know where the delay is.

I use DNSmasq on my FreeBSD box and on all my Slackware-Linux machines, its a simple DNS cache to setup.
It should be available in the ports collection.

What would be causing the slow reverse lookups? When this box wasn't running ipfw my ssh and ftp logins were quick. Also isn't my ISP responsible for my reverse dns?

Also, can I not configure BIND to do the caching ?

this is what I have tried so far.

I started an ssh connection to my server at work.

then i did a reverse lookup back to the client from my server.

# host 23.44.55.66
66.55.44.23.IN-ADDR.ARPA domain name pointer s23-44-55-66.ab.hsia.telus.net

then i tried adding an entry into /etc/hosts

23.44.55.66 s23-44-55-66.ab.hsia.telus.net

still slow logins..

this server is running bind, and a reverse zone file is made, why am i getting a reverse lookup from my isp ?

also, from users i have talked to in #freebsdhelp on efnet, bind caches by default.

to add further..
i added localhost to /etc/resolv.conf

nslookup even on www.google.ca dies...

# nslookup www.google.ca
*** Can't find server name for address 127.0.0.1: Timed out
*** Can't find server name for address 154.11.129.59: Timed out

something wrong, and im lost......

i still think its my firewall guys...

thanks all! figured it out allowed connections from me to my loopback device