Heres my output of the table iptables -I FORWARD 1 -p tcp —dport 443 -j REJECT —reject-with tcp-reset
using the scripts page the rule does apply, but not to my virtual wireless.
as a system command applies to both networks.
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp — !192.168.1.10 anywhere tcp dpt:https
DROP all — anywhere anywhere state INVALID
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp — anywhere anywhere tcp dpt:ssh state NEW
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT udp — anywhere anywhere udp spt:bootps dpt:bootpc
Chain FORWARD (policy DROP)
target prot opt source destination
NoCat all — anywhere anywhere
REJECT tcp — anywhere anywhere tcp dpt:https reject-with tcp-reset
all — anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
all — anywhere anywhere account: network/netmask: 10.2.1.0/255.255.255.0 name: lan1
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
DROP all — anywhere anywhere state INVALID
TCPMSS tcp — anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
restrict all — anywhere anywhere
monitor all — anywhere anywhere
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
DROP all — anywhere anywhere
DROP all — anywhere anywhere
wanin all — anywhere anywhere
wanout all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain NoCat (1 references)
target prot opt source destination
NoCat_Upload all — anywhere anywhere
NoCat_Download all — anywhere anywhere
NoCat_Ports all — anywhere anywhere
NoCat_Inbound all — anywhere anywhere
ACCEPT all — 10.2.1.0/24 anywhere MARK match 0x1
ACCEPT all — 10.2.1.0/24 anywhere MARK match 0x2
ACCEPT all — 10.2.1.0/24 anywhere MARK match 0x3
ACCEPT tcp — 10.2.1.0/24 unknown tcp dpt:www
ACCEPT tcp — 10.2.1.0/24 unknown tcp dpt:https
ACCEPT tcp — anywhere 10.2.1.0/24 tcp spt:domain
ACCEPT tcp — 10.2.1.0/24 anywhere tcp dpt:domain
ACCEPT udp — anywhere 10.2.1.0/24 udp spt:domain
ACCEPT udp — 10.2.1.0/24 anywhere udp dpt:domain
DROP all — anywhere anywhere
DROP all — anywhere anywhere
Chain NoCat_Download (1 references)
target prot opt source destination
RETURN all — anywhere 10.2.1.170
Chain NoCat_Inbound (1 references)
target prot opt source destination
ACCEPT all — anywhere 10.2.1.170 state RELATED,ESTABLISHED
Chain NoCat_Ports (1 references)
target prot opt source destination
DROP tcp — anywhere anywhere tcp dpt:1863 MARK match 0x3
DROP udp — anywhere anywhere udp dpt:1863 MARK match 0x3
Chain NoCat_Upload (1 references)
target prot opt source destination
RETURN all — 10.2.1.170 anywhere
Chain monitor (1 references)
target prot opt source destination
RETURN tcp — anywhere anywhere WEBMON —max_domains 300 —max_searches 300
Chain rdev01 (1 references)
target prot opt source destination
rres01 all — anywhere anywhere [goto] source IP range 10.2.1.100-10.2.1.255
Chain restrict (1 references)
target prot opt source destination
rdev01 all — anywhere anywhere
Chain rres01 (1 references)
target prot opt source destination
DROP tcp — anywhere anywhere multiport dports tcpmux:52,54:finger,81:442
DROP udp — anywhere anywhere multiport dports 1:52,54:79,81:442
DROP all — anywhere anywhere destination IP range 192.168.1.1-192.168.1.255
DROP tcp — anywhere anywhere multiport dports snpp:5279,5281:59999
DROP udp — anywhere anywhere multiport dports snpp:5279,5281:59999
Chain shlimit (1 references)
target prot opt source destination
all — anywhere anywhere recent: SET name: shlimit side: source
DROP all — anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination