OpenVAS hangs at 1% on Linux hosts when the following rules ends the INPUT table of iptables


When I have this rule ending my INPUT table GVM spends forever on 1% for that host before completing after several hours. Removing the rule allows the scan to finish in minutes.

-A INPUT -j REJECT --reject-with icmp-port-unreachable

I have modified the PING category of the Full and Fast in an attempt to remediate the issue, toggling the use of ICMP has no effect on the scan times.

I think the rejection of all packets is slowing down the scan. Is this a fundamental that I am not understanding or is there a way to get these scans up to speed?