hello!
ive one big problem with the configuration of iptables !
he don't accept the https configuration ( i can't login in fb for example , or in account of my mail (with browser) ) ,


i use router , but if i do IPTABLES -F all work good , therefore there is one mistake in my configuration


this is my firewall




#Default bloccare tutto e consentire quello che conosciamo
iptables -P INPUT -j DROP
iptables -P FORWARD -j DROP
iptables -P OUTPUT -j DROP



# Frammenti e pacchetti non validi
iptables -A INPUT -f -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -f -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


#Si permette alla rete locale di dialogare con il firewall e di accedere #all’esterno:
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT



# anti-spoofing rules
iptables -A INPUT -i eth0 -s ! $INT_NET -j LOG --log-prefix "SPOOFED PKT "
iptables -A INPUT -i eth0 -s ! $INT_NET -j DROP



#abilito porte web
iptables -A OUTPUT -m state --state NEW -p tcp --dport 8118 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p udp --dport 80 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p udp --dport 53 -j ACCEPT


#abilitazione traffico relativo a pacchetti in risposta
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED --sport 8118 -j ACCEPT





#pacchetti icmp
iptables -A INPUT -p icmp -j DROP


# Drop invalid packets immediately
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


#rifiuta i seguenti pacchetti

iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 224.0.0.0/4 -j DROP
iptables -A INPUT -d 224.0.0.0/4 -j DROP
iptables -A INPUT -s 240.0.0.0/5 -j DROP
iptables -A INPUT -d 240.0.0.0/5 -j DROP
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -d 0.0.0.0/8 -j DROP
iptables -A INPUT -d 239.255.255.0/24 -j DROP
iptables -A INPUT -d 255.255.255.255 -j DROP





#Drop & log dei pacchetti pericolosi bad
iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m state --state INVALID -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -p tcp -m tcp --dport 137:139 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 137:139 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 2049 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 2049 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 6000:6063 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 6000:6063 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 20034 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 20034 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 12345:12346 -j DROP
iptables -A INPUT -p tcp -m tcp --dport 27374 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 27374 -j DROP


# chiusura porte non necessarie
iptables -A INPUT -p tcp --sport 1:52 -j DROP
iptables -A INPUT -p tcp --sport 54:79 -j DROP
iptables -A INPUT -p tcp --sport 81:442 -j DROP
iptables -A INPUT -p tcp --sport 444:8117 -j DROP
iptables -A INPUT -p tcp --sport 8119:65535 -j DROP
iptables -A INPUT -p udp --sport 1:52 -j DROP
iptables -A INPUT -p udp --sport 54:79 -j DROP
iptables -A INPUT -p udp --sport 81:442 -j DROP
iptables -A INPUT -p udp --sport 444:8117 -j DROP
iptables -A INPUT -p udp --sport 8119:65535 -j DROP



where is the problem?

ive another question : close the highter doors ( 10000-65535) can put problem on a router configuration?