IPTABLES [ dont't accept Https connections]

**toni00c** · 06-21-2011, 12:33 PM

hello!
ive one big problem with the configuration of iptables !
he don't accept the https configuration ( i can't login in fb for example , or in account of my mail (with browser) ) ,

i use router , but if i do IPTABLES -F all work good , therefore there is one mistake in my configuration

this is my firewall

#Default bloccare tutto e consentire quello che conosciamo
iptables -P INPUT -j DROP
iptables -P FORWARD -j DROP
iptables -P OUTPUT -j DROP

# Frammenti e pacchetti non validi
iptables -A INPUT -f -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -f -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

#Si permette alla rete locale di dialogare con il firewall e di accedere #all’esterno:
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT

# anti-spoofing rules
iptables -A INPUT -i eth0 -s ! $INT_NET -j LOG --log-prefix "SPOOFED PKT "
iptables -A INPUT -i eth0 -s ! $INT_NET -j DROP

#abilito porte web
iptables -A OUTPUT -m state --state NEW -p tcp --dport 8118 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p udp --dport 80 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p udp --dport 53 -j ACCEPT

#abilitazione traffico relativo a pacchetti in risposta
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 8118 -j ACCEPT

#pacchetti icmp
iptables -A INPUT -p icmp -j DROP

# Drop invalid packets immediately
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

#rifiuta i seguenti pacchetti

iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 224.0.0.0/4 -j DROP
iptables -A INPUT -d 224.0.0.0/4 -j DROP
iptables -A INPUT -s 240.0.0.0/5 -j DROP
iptables -A INPUT -d 240.0.0.0/5 -j DROP
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -d 0.0.0.0/8 -j DROP
iptables -A INPUT -d 239.255.255.0/24 -j DROP
iptables -A INPUT -d 255.255.255.255 -j DROP

#Drop & log dei pacchetti pericolosi bad
iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m state --state INVALID -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -p tcp -m tcp --dport 137:139 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 137:139 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 2049 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 2049 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 6000:6063 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 6000:6063 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 20034 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 20034 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 12345:12346 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 27374 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 27374 -j DROP

# chiusura porte non necessarie
iptables -A INPUT -p tcp --sport 1:52 -j DROP
iptables -A INPUT -p tcp --sport 54:79 -j DROP
iptables -A INPUT -p tcp --sport 81:442 -j DROP
iptables -A INPUT -p tcp --sport 444:8117 -j DROP
iptables -A INPUT -p tcp --sport 8119:65535 -j DROP
iptables -A INPUT -p udp --sport 1:52 -j DROP
iptables -A INPUT -p udp --sport 54:79 -j DROP
iptables -A INPUT -p udp --sport 81:442 -j DROP
iptables -A INPUT -p udp --sport 444:8117 -j DROP
iptables -A INPUT -p udp --sport 8119:65535 -j DROP

where is the problem?

ive another question : close the highter doors ( 10000-65535) can put problem on a router configuration?

**Stan464** · 07-24-2011, 04:07 PM

You shouldn't need to tamper with any, all you should need todo is make sure you forward the correct traffic as your SSL Strip should auto send the https through filterd.

BackTrack Linux - Penetration Testing Distribution

Thread: IPTABLES [ dont't accept Https connections]

Thread Tools

Search Thread

Display

IPTABLES [ dont't accept Https connections]

Re: IPTABLES [ dont't accept Https connections]

Similar Threads

Can't get Xorg to accept my resolution

sceman accept

Medusa HTTPS

does hydra accept a stdin?

Does BT3 Final accept WPA2-PSK and AES pairwise?

Posting Permissions