Funcionou porem o sites com https nao acessam +
?
segue meu script fw
## INDICAR O INICIO/REINICIO DO FIREWALL
case $1 in
start|restart)
echo "Firewall ATIVADO "
## VARIAVEIS DAS PLACAS DE REDE
NET=eth0
RLOCAL=eth1
REDE="192.168.1.0/16"
## CARREGAR MODULOS
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ipt_MASQUERADE
modprobe ipt_LOG
## LIMPAR REGRAS ANTERIORES
iptables -F
iptables -t nat -F
# DEFINIR POLITICA PADRAO (NEGAR TUDO)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
## COMPARTILHAR CONEXAO DE INTERNET
## IP DINAMICO
iptables -t nat -A POSTROUTING -o $NET -j MASQUERADE
## ATIVAR ROTEAMENTO
echo "1" > /proc/sys/net/ipv4/ip_forward
## LIBERAR A PROPRIA MAQUINA LOOPBACK PARA ACESSO A INTERNET
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
### Aceita entrada DNS ###
iptables -A OUTPUT -o $NET -p UDP --dport 53 -j ACCEPT
## Estabilizar conexoes
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
## LIBERAR/BLOQUEAR A REDE LOCAL
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
######################Protege contra pacotes danificados
#Portscanners, Ping of Death, ataques DoS, Syb-flood e Etc
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
### Libera Windows Update
iptables -A INPUT -i $NET -p tcp -s 69.44.123.167/32 --sport 80 -j ACCEPT
iptables -A OUTPUT -o $NET -p tcp -d 69.44.123.167/32 --dport 80 -j ACCEPT
iptables -A FORWARD -o $NET -p tcp -d 69.44.123.167/32 --dport 80 -j ACCEPT
iptables -A INPUT -i $NET -p tcp -s 69.44.123.167/32 --sport 443 -j ACCEPT
iptables -A OUTPUT -o $NET -p tcp -d 69.44.123.167/32 --dport 443 -j ACCEPT
iptables -A FORWARD -o $NET -p tcp -d 69.44.123.167/32 --dport 443 -j ACCEPT
iptables -A INPUT -i $NET -p tcp -s 207.46.198.93/32 --sport 443 -j ACCEPT
iptables -A OUTPUT -o $NET -p tcp -d 207.46.198.93/32 --dport 443 -j ACCEPT
iptables -A FORWARD -o $NET -p tcp -d 207.46.198.93/32 --dport 443 -j ACCEPT
## Download 8081
iptables -A OUTPUT -o $NET -p TCP --dport 8081 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 8084 -j ACCEPT
### Libera trafego ping rede externa ###
iptables -A INPUT -i $NET -p icmp -j DROP
iptables -A OUTPUT -o $NET -p icmp -j ACCEPT
iptables -A FORWARD -o $NET -p icmp -j ACCEPT
### Libera trafego ping rede interna ###
iptables -A INPUT -i $RLOCAL -p icmp -j ACCEPT
iptables -A OUTPUT -o $RLOCAL -p icmp -j ACCEPT
# LIBERAR A PORTA 3128
iptables -t nat -A PREROUTING -s $REDE -p tcp --dport 80 -j REDIRECT --to-port 3128
###Acesso a navegacao ###
iptables -A OUTPUT -o $NET -p TCP --dport 80 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 800 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 1880 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 443 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 21 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 20 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 8080 -j ACCEPT
iptables -A OUTPUT -o $NET -p TCP --dport 3389 -j ACCEPT
## LIbera acesso ao BITline ##
iptables -A FORWARD -o $NET -p TCP --dport 9200:9250 -j ACCEPT
## LIbera acesso ao FTP ##
iptables -A FORWARD -o $NET -p TCP --dport 20 -j ACCEPT
iptables -A FORWARD -o $NET -p TCP --dport 21 -j ACCEPT
iptables -A FORWARD -o $RLOCAL -p TCP --dport 21 -j ACCEPT
## Servidor de E-mail SMTP (25) POP3 (110)##
iptables -A FORWARD -o $NET -p TCP --dport 25 -j ACCEPT
iptables -A FORWARD -o $NET -p TCP --dport 110 -j ACCEPT
iptables -A FORWARD -o $NET -p TCP --dport 995 -j ACCEPT
iptables -A FORWARD -o $NET -p TCP --dport 465 -j ACCEPT
## Servidor TS
iptables -A FORWARD -o $NET -p TCP --dport 3389 -j ACCEPT
iptables -A FORWARD -o $RLOCAL -p TCP --dport 3389 -j ACCEPT
## Servidor SSH
iptables -A FORWARD -o $NET -p TCP --dport 22 -j ACCEPT
iptables -A FORWARD -o $RLOCAL -p TCP --dport 22 -j ACCEPT
iptables -A FORWARD -o $NET -p TCP --dport 2424 -j ACCEPT
#Liberar MYSQL vistasoft
iptables -A FORWARD -o $NET -p TCP --dport 3306 -j ACCEPT
iptables -A FORWARD -o $RLOCAL -p TCP --dport 3306 -j ACCEPT
## Serasa Conecte ##
iptables -t filter -A FORWARD -o $NET -p TCP -s $REDE -d sitenet.serasa.com.br --dport 443 -j ACCEPT
#iptables -t filter -A FORWARD -o $NET -p TCP -s $REDE -d login.live.com --dport 443 -j REJECT
##Liberar Postgresql
iptables -A FORWARD -o $NET -p TCP --dport 5432 -j ACCEPT
## Protocolo TCP entrada ##
iptables -A INPUT -i $RLOCAL -p TCP -s $REDE -d $REDE -j ACCEPT
## Protocolo UDP saida ##
iptables -A OUTPUT -o $RLOCAL -p UDP -s $REDE -d $REDE -j ACCEPT
## Protocolo TCP saida ##
iptables -A OUTPUT -o $RLOCAL -p TCP -s $REDE -d $REDE -j ACCEPT
#Ponto Chave do firewall! Se nao entrar em nenhuma regra acima rejeita tudo!
iptables -A INPUT -i $NET -p tcp --syn -j DROP
# Mesmo assim fechar todas as portas abaixo de 32000
iptables -A INPUT -i $NET -p tcp --dport :32000 -j DROP
;;
stop)
echo "CUIDADO SUA MAQUINA ESTA SEM FIREWALL - ATENCAO!!!..."
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -F
iptables -t nat -F
## COMPARTILHAR CONEXAO DE INTERNET
## IP DINAMICO
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
## ATIVAR ROTEAMENTO
echo "1" > /proc/sys/net/ipv4/ip_forward
## LIBERAR A PROPRIA MAQUINA LOOPBACK PARA ACESSO A INTERNET
iptables -A INPUT -i lo -j ACCEPT
;;
*)
echo "Digite start, restart ou stop para ativar/reativar/desativar"
exit 1
;;
esac
oq q esta errado ou pode ser melhorado?