Results 1 to 2 of 2

Thread: IPTABLES [ dont't accept Https connections]

  1. #1
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    10

    Default IPTABLES [ dont't accept Https connections]

    hello!
    ive one big problem with the configuration of iptables !
    he don't accept the https configuration ( i can't login in fb for example , or in account of my mail (with browser) ) ,


    i use router , but if i do IPTABLES -F all work good , therefore there is one mistake in my configuration


    this is my firewall




    #Default bloccare tutto e consentire quello che conosciamo
    iptables -P INPUT -j DROP
    iptables -P FORWARD -j DROP
    iptables -P OUTPUT -j DROP



    # Frammenti e pacchetti non validi
    iptables -A INPUT -f -j DROP
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A OUTPUT -f -j DROP
    iptables -A OUTPUT -m state --state INVALID -j DROP


    #Si permette alla rete locale di dialogare con il firewall e di accedere #all’esterno:
    iptables -A INPUT -s 127.0.0.1 -j ACCEPT
    iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT



    # anti-spoofing rules
    iptables -A INPUT -i eth0 -s ! $INT_NET -j LOG --log-prefix "SPOOFED PKT "
    iptables -A INPUT -i eth0 -s ! $INT_NET -j DROP



    #abilito porte web
    iptables -A OUTPUT -m state --state NEW -p tcp --dport 8118 -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -p udp --dport 80 -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -m state --state NEW -p udp --dport 53 -j ACCEPT


    #abilitazione traffico relativo a pacchetti in risposta
    iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
    iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 443 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
    iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 8118 -j ACCEPT





    #pacchetti icmp
    iptables -A INPUT -p icmp -j DROP


    # Drop invalid packets immediately
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A FORWARD -m state --state INVALID -j DROP
    iptables -A OUTPUT -m state --state INVALID -j DROP


    #rifiuta i seguenti pacchetti

    iptables -A INPUT -s 10.0.0.0/8 -j DROP
    iptables -A INPUT -s 169.254.0.0/16 -j DROP
    iptables -A INPUT -s 172.16.0.0/12 -j DROP
    iptables -A INPUT -s 127.0.0.0/8 -j DROP
    iptables -A INPUT -s 224.0.0.0/4 -j DROP
    iptables -A INPUT -d 224.0.0.0/4 -j DROP
    iptables -A INPUT -s 240.0.0.0/5 -j DROP
    iptables -A INPUT -d 240.0.0.0/5 -j DROP
    iptables -A INPUT -s 0.0.0.0/8 -j DROP
    iptables -A INPUT -d 0.0.0.0/8 -j DROP
    iptables -A INPUT -d 239.255.255.0/24 -j DROP
    iptables -A INPUT -d 255.255.255.255 -j DROP





    #Drop & log dei pacchetti pericolosi bad
    iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
    iptables -A INPUT -p tcp -m state --state INVALID -j DROP
    iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
    iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
    iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
    iptables -A INPUT -p tcp -m tcp --dport 137:139 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 137:139 -j DROP
    iptables -A INPUT -p tcp -m tcp --dport 2049 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 2049 -j DROP
    iptables -A INPUT -p tcp -m tcp --dport 6000:6063 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 6000:6063 -j DROP
    iptables -A INPUT -p tcp -m tcp --dport 20034 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 20034 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 12345:12346 -j DROP
    iptables -A INPUT -p tcp -m tcp --dport 27374 -j DROP
    iptables -A INPUT -p tcp -m tcp --sport 27374 -j DROP


    # chiusura porte non necessarie
    iptables -A INPUT -p tcp --sport 1:52 -j DROP
    iptables -A INPUT -p tcp --sport 54:79 -j DROP
    iptables -A INPUT -p tcp --sport 81:442 -j DROP
    iptables -A INPUT -p tcp --sport 444:8117 -j DROP
    iptables -A INPUT -p tcp --sport 8119:65535 -j DROP
    iptables -A INPUT -p udp --sport 1:52 -j DROP
    iptables -A INPUT -p udp --sport 54:79 -j DROP
    iptables -A INPUT -p udp --sport 81:442 -j DROP
    iptables -A INPUT -p udp --sport 444:8117 -j DROP
    iptables -A INPUT -p udp --sport 8119:65535 -j DROP



    where is the problem?

    ive another question : close the highter doors ( 10000-65535) can put problem on a router configuration?

  2. #2
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    19

    Default Re: IPTABLES [ dont't accept Https connections]

    You shouldn't need to tamper with any, all you should need todo is make sure you forward the correct traffic as your SSL Strip should auto send the https through filterd.

Similar Threads

  1. Can't get Xorg to accept my resolution
    By Spud420 in forum Beginners Forum
    Replies: 1
    Last Post: 11-05-2010, 07:21 PM
  2. sceman accept
    By diaguu in forum Supporto Software
    Replies: 1
    Last Post: 10-08-2010, 07:15 AM
  3. Medusa HTTPS
    By iassael in forum OLD Newbie Area
    Replies: 2
    Last Post: 02-25-2010, 08:36 AM
  4. does hydra accept a stdin?
    By otkaz in forum OLD Newbie Area
    Replies: 4
    Last Post: 05-05-2009, 03:03 AM
  5. Does BT3 Final accept WPA2-PSK and AES pairwise?
    By JibberingJ in forum OLD Newbie Area
    Replies: 1
    Last Post: 04-15-2009, 02:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •