juntando tais combinacoes. alguem que entenda veja onde eu possa estar errando
- Código: Selecionar todos
##############################
# HTTPS - Lista Branca
##############################
iptables -I FORWARD -p tcp --dport 443 -j DROP
for URL in `grep -v "^#" /etc/https.wl`; do
iptables -I FORWARD -p tcp --dport 443 -d $URL -j ACCEPT
done
##############################
#BLOQUEIA HTTPS E LIBERA PARA APENAS OS PCS/DOMÍNIOS DEFINIDOS
#CRIA A REGRA DROPHTTPS
iptables -t mangle -N DROPHTTPS
#REDIRECIONA O TRÁFEGO DA PORTA 443 PARA A NOSSA REGRA DROPHTTPS
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j DROPHTTPS
#LIBERA IPS PARA ACESSAR
iptables -t mangle -A DROPHTTPS -s 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 192.168.5.0/24 192.168.6.0/24 192.168.7.0/24 192.168.8.0/24 192.168.9.0/24 192.168.10.0/24 192.168.11.0/24 192.168.12.0/24 -j RETURN
#LIBERA DOMÍNIOS PARA ACESSAR
iptables -t mangle -A DROPHTTPS -d login.live.com -j RETURN
iptables -t mangle -A DROPHTTPS -d accountservices.passport.net -j RETURN
iptables -t mangle -A DROPHTTPS -d account.live.com -j RETURN
iptables -t mangle -A DROPHTTPS -d www.google.com -j RETURN
iptables -t mangle -A DROPHTTPS -d login.yahoo.com -j RETURN
iptables -t mangle -A DROPHTTPS -d www.youtube.com -j RETURN
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.63.176.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.63.176.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 66.220.144.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 66.220.144.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 66.220.158.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 66.220.158.0/20 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.171.224.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.171.224.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.171.229.0/19 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 -d 69.171.229.0/19 --dport 443 -j ACCEPT
#DERRUBA TODO O RESTO DO TRÁFEGO
iptables -t mangle -A DROPHTTPS -s 192.168.0.0/24 -j DROP
#DERRUBA CONECÇÕES OUTRAS USADAS PELO SOFTWARE
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 28630 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -d 64.233.163.104 -p tcp --dport 80 -j DROP
obs: a lista branca funciona perfeitamente nos sites com "RETURN" ja editando mais "uma" linha e colocando o face.. no embalo ele nao entra... sendo assim continuando as pesquisas acrescentei essas regras com o "accept" e ainda nao tive exito...
alguem tem alguma dica. para o facebook funcionar ?
bfw 3.258 / squid / haro /