Original Poster Posted June 5, 2014 Share Posted June 5, 2014 hi i am trying to block https via my proxy server... but https continues to be allowed any ideas on what i am doing wrong? 443 = 3130 when passed via squid target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:icpv2 state NEW,RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp spt:https state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:3128 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp dpt:https state NEW,RELATED,ESTABLISHED DROP tcp -- anywhere anywhere tcp spt:https state NEW,RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http state RELATED,ESTABLISHED Link to comment Share on other sites More sharing options...
ZeroFearX Posted June 5, 2014 Share Posted June 5, 2014 Can't you just block the port 3130 ? /sbin/iptables -A INPUT -p tcp --destination-port 3130 -j DROP Link to comment Share on other sites More sharing options...
Original Poster Posted June 5, 2014 Author Share Posted June 5, 2014 Can't you just block the port 3130 ? /sbin/iptables -A INPUT -p tcp --destination-port 3130 -j DROP yea but this is more me playing around with command right now to see if im actually accepting the 443 or not... it appears i am not Link to comment Share on other sites More sharing options...
Sikh Posted June 5, 2014 Share Posted June 5, 2014 yea but this is more me playing around with command right now to see if im actually accepting the 443 or not... it appears i am not Why do you think your not accepting it? Your blocking HTTPS but its blocking 443 most likely as the default and not blocking the port you are using which is 3130. If you put a specific iptables rule in for 3130, i bet it would work. Also don't forget to save the iptables after running the command so after a reboot they are persistent. Link to comment Share on other sites More sharing options...
Original Poster Posted June 5, 2014 Author Share Posted June 5, 2014 Why do you think your not accepting it? Your blocking HTTPS but its blocking 443 most likely as the default and not blocking the port you are using which is 3130. If you put a specific iptables rule in for 3130, i bet it would work. Also don't forget to save the iptables after running the command so after a reboot they are persistent. ye they are going over reboot (watch i forgot about a second ago opps....system lock out) Link to comment Share on other sites More sharing options...
Recommended Posts