iptables not allowing HTTP traffic

iptables ubuntu-20.04

I have some issues that I am trying to troubleshoot with an iptables rules.

When I run the below and try to test out connecting to Git via Curl got Git CLI the connection hangs. The problem seems to be limited to HTTPS as when I allow HTTPS via ufw the connection goes through no problem.

From what I understand the below rules should allow HTTPS out on 443 and allow 9418 required for Git to work.

I have just allowed outbound connection with a default DROP policy with INBOUND connection being allowed by the following:

iptables -I INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

What is missing from the below to make HTTPS work properly?

# Flush tables
iptables -F
ip6tables -F

# Whitelist my address 
iptables -I INPUT -p tcp  --dport 22 -s $whitelisted -j ACCEPT

# Set a default policy of DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Accept any related or established connections
iptables -I INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow all traffic on the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow outbound DHCP request
iptables -A OUTPUT -o eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

# Allow inbound SSH
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW  -j ACCEPT

# Allow inbound HTTPS
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW  -j ACCEPT

# Allow GIT
iptables -A OUTPUT -o eth0 -p tcp --dport 9418 -m state --state NEW -j ACCEPT

# Allow inbound HTTP
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW  -j ACCEPT


# Outbound DNS lookups
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT

# Outbound PING requests
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT

# Outbound Network Time Protocol (NTP) requests
iptables -A OUTPUT -o eth0 -p udp --dport 123 --sport 123 -j ACCEPT

#### IPv6 Rules
# Drop all IPv6
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT DROP

# Must allow loopback interface
ip6tables -A INPUT -i lo -j ACCEPT

# Reject connection attempts not initiated from the host
ip6tables -A INPUT -p tcp --syn -j DROP

# Allow return connections initiated from the host
ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

My server in Ubuntu 20.04


There is no rule allowing outgoing HTTPS traffic:

# Allow HTTPS
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW -j ACCEPT

Related

500 Internal Server Error when adding a line in the .htaccess file
Does Ansible offer a way to build/compile on the control node, and then deploy to managed nodes?
How to set the SPN for Postgres SSPI
Linux header 4.9.0-11-amd64 is missing in debian
How to find out PID of the container using crictl
Routing Rules with VPN
Why do Fortnite's building hotkeys not work?
Zodiac Age - What to consider when choosing job combinations?
Do I lose reputation when I repair the enemy artifact vault?
Locked out of the account my Skyrim saves were under - How do I recover it?
Highest possible right hand ATK weapon?
Weapons' upgrades unavailable in Metal Gear Rising