Problema com IPTables

thi
(usa Ubuntu)

Enviado em 09/09/2011 - 19:43h

Boa noite,

Bom.... estou sendo alvo de problema constante no fórum, saindo de um prob, entrando em outro ... rsrs

Na esperança de bloquear sites https (meu proxy é transparente)

Adicionei a seguinte regra no iptables:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128

Legal tudo lindo. Porém agora não ENTRA NENHUM SITE HTTPS.

O que fazer? Ou melhor, tem como desfazer essa regra? Abs.

Segue meu iptables abaixo:

# Generated by iptables-save v1.4.2 on Fri Sep 9 20:16:39 2011
*filter
:INPUT ACCEPT [9052:4419256]
:FORWARD ACCEPT [73:3349]
:OUTPUT ACCEPT [19346:8984713]
:VALID_CHECK - [0:0]
-A INPUT -s 74.125.234.61/32 -j DROP
-A INPUT -s 72.14.204.189/32 -j DROP
-A INPUT -s ! 127.0.0.1/32 -p tcp -m tcp --dport 3128 -j DROP
-A INPUT -i eth0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -d 64.13.161.61/32 -j DROP
-A INPUT -d 208.70.188.17/32 -j DROP
-A FORWARD -d 74.125.234.61/32 -j DROP
-A FORWARD -d 72.14.204.189/32 -j DROP
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j DROP
-A FORWARD -d 64.13.161.61/32 -j DROP
-A FORWARD -d 208.70.188.17/32 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -d 72.14.204.189/32 -j DROP
-A OUTPUT -d 74.125.234.61/32 -j DROP
-A OUTPUT -d 64.13.161.61/32 -j DROP
-A OUTPUT -d 208.70.188.17/32 -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
COMMIT
# Completed on Fri Sep 9 20:16:39 2011
# Generated by iptables-save v1.4.2 on Fri Sep 9 20:16:39 2011
*nat
:PREROUTING ACCEPT [180:28916]
:POSTROUTING ACCEPT [274:16789]
:OUTPUT ACCEPT [543:34325]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 80
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 80
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 443 -j MASQUERADE
COMMIT
# Completed on Fri Sep 9 20:16:39 2011