Aproveitando a dica do amigo: carlos_silvasantos
http://www.brazilfw.com.br/forum/viewtopic.php?f=2&t=83181
Resolvi alterar o scripts lendo os ip´s liberados em: /etc/brazilfw/dansguardian/exceptioniplist.
Permitindo somente estes ip´s acesso ao https facebook 443
- Código: Selecionar todos
#
## HTTPS:443 REGRAS DE BLOQUEIO
#
#Bloqueio do https://imo.im
iptables -A FORWARD -p tcp -d imo.im --dport 443 -j DROP
iptables -A FORWARD -p udp -d imo.im --dport 443 -j DROP
iptables -A FORWARD -p tcp -d imo.im --dport 448 -j DROP
iptables -A FORWARD -p udp -d imo.im --dport 448 -j DROP
iptables -A FORWARD -p tcp -d 64.13.128.0/18 --dport 443 -j DROP
iptables -A FORWARD -p udp -d 64.13.128.0/18 --dport 443 -j DROP
iptables -A FORWARD -p tcp -d 64.13.128.0/18 --dport 448 -j DROP
iptables -A FORWARD -p udp -d 64.13.128.0/18 --dport 448 -j DROP
#Desbloqueio do https://facebook.com para IP´s especifico
#PEGA LISTA DE IP´S LIBERADOS NO DANSGUARDIAN
for IPList in `grep -v "^#" /etc/brazilfw/dansguardian/exceptioniplist`; do
iptables -A FORWARD -p tcp -s $IPList -d 69.63.176.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s $IPList -d 69.63.176.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s $IPList -d 66.220.144.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s $IPList -d 66.220.144.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s $IPList -d 66.220.158.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s $IPList -d 66.220.158.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s $IPList -d 69.171.224.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s $IPList -d 69.171.224.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s $IPList -d 69.171.229.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s $IPList -d 69.171.229.0/19 --dport 443 -j ACCEPT
done
#Bloqueio do https://www.facebook.com (bloqueio geral)
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 69.63.176.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 69.63.176.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 66.220.144.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 66.220.144.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 66.220.158.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 66.220.158.0/20 --dport 443 -j REJECT
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 69.171.224.0/19 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 69.171.224.0/19 --dport 443 -j REJECT
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 69.171.229.0/19 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 69.171.229.0/19 --dport 443 -j REJECT
#
#Bloqueio do orkut https
iptables -A FORWARD -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -A INPUT -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d orkut.com -p tcp --dport 443 -j DROP
iptables -A INPUT -d orkut.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d https://orkut.com -p tcp --dport 443 -j DROP
iptables -A INPUT -d https://orkut.com -p tcp --dport 443 -j DROP
#
#Desbloqueio do twitter para IP especifico
#
iptables -A FORWARD -p tcp -s 10.2.62.12 -d 199.59.148.0/22 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -s 10.2.62.12 -d 199.59.148.0/22 --dport 443 -j ACCEPT
#
#Bloqueio do twitter (bloqueio geral)
iptables -A FORWARD -p tcp -s 10.2.62.0/24 -d 199.59.148.0/22 --dport 443 -j REJECT
iptables -A FORWARD -p udp -s 10.2.62.0/24 -d 199.59.148.0/22 --dport 443 -j REJECT
ESTA FUNCIONANDO BEM !!!
Claro que falta ainda alguns ajustes,
Fica ai a Dica, espero que seja útil !!
Abraço a todos.
Versão do Firewall: 3.0.256
Kernel: 3.1.1
Iptables: 1.4.10
Compilado em: 2012-02-12 11:34:16