That is some firewall script you have there!
I didn't try to analyze the whole thing, but I did notice that you have rules in the ULTRABLOCK that can specifically block --dport 443 for some IP addresses. I also noticed in the PREROUTING chain that you have a rule that does a DNAT for --dport 80 but you have the corresponding rule for --dport 443 commented out. Along with those being a possible source of the problem, I wondered if one or more of the rules that drop packets based on string matching could be a problem.
If you have not already done so, you might check your system log for DPT=443 and SPT=443 and see if you it gives a clue why such packets were dropped. It also might be worth while to look at the packet counts of your firewall rules:
Code:
iptables -nvL | less
iptables -t nat -nvL | less
iptables -t mangle -nvL | less
The first column will show you whether any packets had matched a particular rule. You can also use regular expressions to search for various things. For example, to search for rules with a target of DROP that had any matches, you might do the following search:
Code:
/^[[:blank:]]*[1-9].*DROP
BTW, do you
really want to REJECT (rather than DROP) packets with illegal combinations of flags?