I experience the same when running a client locally on the machine running firehol and kaid daemon. Same exact thing. I can post network traffic logs if needed.

Sorry shookone! I forgot about your PM. I was too tired to answer you when i first saw it...
These config files always hurt my brain :)
Why have you gotserver_xlinkx_ports="udp/34522"
server_1024_ports="udp/1024" if you are not using them in the interfaces?

If your deamon (on computer) is using xlink port against internet, shouldnt xlink be a server in "internet" interface?

You're not making any sense i'm afraid. You need to clarify like this:

xbox:
which port need to be accessed from the internet? (I assume some of them only use lan = already open...)

computer:
which ports does the daemon need to be accessed from the internet (not from lan, because lan is already fully open...)

So Im running edgy i386, and when I tried to install moblock-nfq but It was giving me a break install. moblock-ipq installed fine, however. This seemed odd to me since moblock-ipq seems to be for older systems. Is this normal, or am I doing something wrong?

Also, is moblock-ipq as up to date, and secure as moblock-nfq?

Sorry shookone! I forgot about your PM. I was too tired to answer you when i first saw it...
These config files always hurt my brain :)
Why have you gotserver_xlinkx_ports="udp/34522"
server_1024_ports="udp/1024" if you are not using them in the interfaces?

If your deamon (on computer) is using xlink port against internet, shouldnt xlink be a server in "internet" interface?

You're not making any sense i'm afraid. You need to clarify like this:

xbox:
which port need to be accessed from the internet? (I assume some of them only use lan = already open...)

computer:
which ports does the daemon need to be accessed from the internet (not from lan, because lan is already fully open...)


Sorry about that pelle.k was probably drinking and such that evening :).

Xbox:
The xbox has no direct port to access from the internet. Only needs to communicate to my pc via port 34522. xbox does use the internet for my web browsing apps.

Computer:
ports needed by the internet:

kaid = 35700, 34525, and 34523


----

The above mentioned ports i have them defined just in case i needed to use them. Is that a bad idea?

I'm basically having a problems staying connected to the orbital servers. It connects but after so much data is received it just times out. It works fine with firehol down.

There is alot of traffic coming into my lan. Ping responces ... people enter and leaving arena... so protection can't allow to drop packets.

Today's update in edgy seems to break moblock: there's an unsatisfied dependence on libnetfilter-queue (requires >=0.0.12, has 0.0.11-1.1)

Any suggestions?
Do we have a solution? ](*,)

The xbox has no direct port to access from the internet. Only needs to communicate to my pc via port 34522
Why have you nat:ed port 37500 to your xbox (from the internet) then? If what you say is true, This is what it should look like;
version 5

#specify ports here
## type: client or server
## label: label port
## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
#format: type_label_ports="type/port"

server_kaid1_ports="udp/37500"
client_kaid1_ports="default"

server_kaid2_ports="udp/34525"
client_kaid2_ports="default"

server_kaid3_ports="udp/34523"
client_kaid3_ports="default"

iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE


# The network of eth1
home_ips=192.168.100.2/24


# Your internet interface
interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
server "ssh ftp kaid1 kaid2 kaid3" accept
# This will send http traffic directly to accept instead of moblock thus whitelisting it...
client "http https" accept
client all MOBLOCK

# Local network
interface eth1 home src "${home_ips}" #this is only in your lan...
policy accept
client all accept
server all accept

#Routing information
router home2internet inface eth0 outface eth1
masquerade reverse
client all accept

pelle.k.

you helped me put that setup together. I now understand that this is not port forwarding as if i had a route/modem connecting to my machine. This computer is my firewal and it is also running daemons. I was trying to port forward eth0 (WAN) to eth1 (LAN)

eth0 = external ip
eth1 = local net (192.168.100.2)
xbox = 192.168.100.10

I just tried your setup and it connects but my problem still continues. It appears that im receiving information then it stops.

I am supposed to receive lots of information, ping request and who ever enters and leaves the arena. I think that its dropping packets. What would happen if i remove protection? is it a big difference.

Why have you nat:ed port 37500 to your xbox (from the internet) then? If what you say is true, This is what it should look like;
version 5

#specify ports here
## type: client or server
## label: label port
## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
#format: type_label_ports="type/port"

server_kaid1_ports="udp/37500"
client_kaid1_ports="default"

server_kaid2_ports="udp/34525"
client_kaid2_ports="default"

server_kaid3_ports="udp/34523"
client_kaid3_ports="default"

iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE


# The network of eth1
home_ips=192.168.100.2/24


# Your internet interface
interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
server "ssh ftp kaid1 kaid2 kaid3" accept
# This will send http traffic directly to accept instead of moblock thus whitelisting it...
client "http https" accept
client all MOBLOCK

# Local network
interface eth1 home src "${home_ips}" #this is only in your lan...
policy accept
client all accept
server all accept

#Routing information
router home2internet inface eth0 outface eth1
masquerade reverse
client all accept

Using Xubuntu 6.06. I cannot install. Where correct repos? I got only:
apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies.
moblock-nfq: Depends: libc6 (>= 2.3.6-6) but 2.3.6-0ubuntu20 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.12) but it is not installable
Depends: libnfnetlink1 (>= 0.0.16) but it is not installable
Depends: libnetfilter-queue1 but it is not installable
E: Broken packages

I was trying to port forward eth0 (WAN) to eth1 (LAN)

eth0 = external ip
eth1 = local net (192.168.100.2)
xbox = 192.168.100.10
OMG, can't belive i didn't see that before. You cant NAT a port to a sub-network so that it is valid for any machine on 192.168.100.2-99. You have to choose a target. like you xbox for example. not 192.168.100.2 but rather 192.168.100.10 if you wanted the port forwarded there. But this is still not important as you say your xbox is expecting no connections from the internet...

Shouldn't these ports be included
server_kaid4_ports="udp/37501"
client_kaid4_ports="default"

server_kaid5_ports="udp/34522"
client_kaid5_ports="default"

As you might have figured by now out, this is not an moblock issue though...

You are correct. This isn't moblock issue. But using moblock led me to firehol ... which is stopping something i could do without a firewall.

Unless there is another option to use a moblock inconjunction with another firewall by all means please let me know. But i was using ubuntu-firewall prior to using moblock. So if i'm not in the right place to discuss my issue let me know.. I have opened up a thread but no replies.. just views.

I'll look into those other ports... something is not making sense here.

shook-

Using Xubuntu 6.06. I cannot install. Where correct repos? I got only:
apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies.
moblock-nfq: Depends: libc6 (>= 2.3.6-6) but 2.3.6-0ubuntu20 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.12) but it is not installable
Depends: libnfnetlink1 (>= 0.0.16) but it is not installable
Depends: libnetfilter-queue1 but it is not installable
E: Broken packages

I have the same problem, preventing me from upgrading.

xlink issue SOLVED

My problems with kaid was not really related to firehol and moblock what so ever.

I was thinking about my ip setup and realized the port i chose to use was on the cable modems network. So that subnet was messing me up. I switched to a different subnet and now xbox sees all games on xlink. Sorry for the headaches and thanks for the 101 with firehol.

i have a Webstar cable modem that uses the subnet 192.168.100.0 (ISP SETUP?) and my network was in the 100's for some reason. Bad luck?.

So i went to traditional 192.168.1.0 network and im all up and running.

way to go! :)
It's always like that. You try to solve this _evil_ problem, and it always turn out you were doing it the wrong way :P

Spookrock, and all other having problems installing moblock, http://www.ubuntuforums.org/showpost.php?p=1650147&postcount=239
This is not a very nice solution, but hey... it'll get you by for now.

well luckily for me I was able to install it on edgy beta, however it wont let me upgrade but thanks for the debs.

way to go! :)
It's always like that. You try to solve this _evil_ problem, and it always turn out you were doing it the wrong way :P

Spookrock, and all other having problems installing moblock, http://www.ubuntuforums.org/showpost.php?p=1650147&postcount=239
This is not a very nice solution, but hey... it'll get you by for now.

I think i may have spoke too soon. I get drops still, i tried it with firehol off and got excited. But i am going to try logging features to see what exactly is happening. Any tips for logging. Applications to help me view log files and such? log settings.?

I wrote this a while ago...

Apparently, the nipfilter.dat no longer does what it is supposed to, and that is include level1 level2 and other stuff..
Edit /etc/cron.d/moblock-nfq and use the old line with blocklists which is commented out just above the "new" one (i think)

As of now, moblock is a mess. Wait for a new version to come out, or use an old version (and make the necessary changes to load all blocklists).

OK, I'll try
BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware bogon hijacked temp"

OK, I'll try
BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware bogon hijacked temp"
level1 and level2 should be enough in most cases. bogon contains LAN ips (don't ask me why) so i wouldn't use it.

I think i may have spoke too soon. I get drops still, i tried it with firehol off and got excited. But i am going to try logging features to see what exactly is happening. Any tips for logging. Applications to help me view log files and such? log settings.?

Use ulog in firehol. There are instructions about it if you search these forums.

Wouldn't it be easier to add the Debian repository which has what the dependency is looking for, install it the old way and then delete that repository? Just a thought, I'm somewhat new to linux and still learning.

I added these:
deb ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free
deb-src ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free

and then installed moblock, I ignored the auto update icon, and then I took them out of my list.

Is this kosher, or is it going to mess everything up?


BTW...How many ranges are supposed to load? I get 2023, is that the full amount or am I missing lists?

Wouldn't it be easier to add the Debian repository which has what the dependency is looking for, install it the old way and then delete that repository? Just a thought, I'm somewhat new to linux and still learning. Then i would say you're learning fast. Good initiative. This is one way to get around it, even though ubuntu has it's own version of libc, probably for some reason. This way, you can't blame ubuntu if your computer becomes unstable in any way, but i guess that can be said of just about any software ;)

moblock-nfq: Depends: libc6 (>= 2.3.6-6) but 2.3.6-0ubuntu20 is to be installed

The default blocklist is definitely messed up. I changed mine to the following:
BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware "

and now I get 163,405 ranges instead of 2023.

How come it doesn't block the default ranges it used to?

Wouldn't it be easier to add the Debian repository which has what the dependency is looking for, install it the old way and then delete that repository? Just a thought, I'm somewhat new to linux and still learning.

I added these:
deb ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free
deb-src ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free

and then installed moblock, I ignored the auto update icon, and then I took them out of my list.
Nice, never thought about that... thank you :-D

Then i would say you're learning fast. Good initiative. This is one way to get around it, even though ubuntu has it's own version of libc, probably for some reason. This way, you can't blame ubuntu if your computer becomes unstable in any way, but i guess that can be said of just about any software ;)

moblock-nfq: Depends: libc6 (>= 2.3.6-6) but 2.3.6-0ubuntu20 is to be installed
I installed that way the latest version in Edgy and everything works just fine! :mrgreen:

Can you add that in your first message, if someone wants to add the latest version in Edgy? ;)

Those deb files are only if you are installing fresh in to edgy right.. i have dapper and i installed it.

the debian source way is the fastest and the most risky one, but it does work :P

I don't think it's risky, I've been stable for the past week and Moblock is running great. Just make sure that if you try this method, you must remove the deb sources before running Ubuntu's update feature (because just about every file in these sources is a higher version than Ubuntu uses). This should work for dapper too.

Change your blocklist too, I don't think moblock's default works anymore. It should read:
BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware "

the debian source way is the fastest and the most risky one, but it does work :P

Honestly, I would never add an official debian repo to your ubuntu sources.list.. If it installs libc6 you might get away fine for now, but when you try to upgrade ubuntu while your using external packages, then you might get a big list of errors. It might work now, but break later on, I would not suggest using the debian sources.list period. Its asking for trouble, the files i posted a few weeks ago work fine, and get the job done, there is absolutely no need in upgrading to the latest and greatest release of moblock-nfq, the only change was a dep that fixed debian installs, and broke ubuntu installs.. I hope those of you who might have installed the debian sources dont end up with problems later on down the road. I'm just posting my two sense worth, its just not good practice, and a lot of people don't need to get in the habit of doing things like that. sorry for the long paste, just concerned :)

I agree that installing moblock from Debian repo is not a good idea. lib6c is one of the libraries after all. Saying that I have to admit that I lived with Debian's libraries on Hoary without any major issues.

I tried to build moblock from source but failed in doing it. To build it you need two development libraries: libnetfilter-queue and libnfnetlink, which are not in Ubuntu. So I put the source repo in my sources.list:
deb-src ftp://sunsite.cnlab-switch.ch/mirror/debian/ unstable main contrib non-free

and did the following:
sudo apt-get build-dep libnfnetlink
apt-get source libnfnetlink
cd libnfnetlink-0.0.16
dpkg-buildpackage -rfakeroot

But it the end it was not built:
touch install-stamp
dh_testdir -i
dh_testdir: I have no package to build
make: *** [binary-indep] Error 1

Any idea why it that?

Hi,

I used pelle.k's temporary solution to install moblock on edgy. But I have the bad feeling, that the block-lists don't update daily. I was browsing through my log-files (auth.log etc) and only found those updates I did manually (sudo /etc/cron.daily/moblock-nfq). My manual updates always download new lists.

So, there are a few questions:

a) How can I find out, if the updates work?

b) If they don't work, what did I possibly do wrong and what can be done?

If you need more data, please let me know.

Thanks in advance,

yours,
moopoo

I have the one installed from debs, but it seems to be killing my internet connection - at least it seems to be connected -

I have a terminal open all the time with the tail command so I can track what it's blocking in real time...


starting the computer everythng works as normal, HOWEVER from time to time I get to the office (i.e. every two to three days) and the computer is not connected to the internet I can't get any pings or anything, and the terminal with the tail command shows that moblock has just been updated ---- is it moblock or maybe cron and is it even at all connected I just don't know, but I could really use some help on the subject.

Through ifconfig I see that the network adapter is still correctly configured with the static IP and I even tried ifconfig down and up again, but nothing changes - I need to REBOOT (not just restart X) to get net again....

PLEASE HELP!!!](*,)

Honestly, I would never add an official debian repo to your ubuntu sources.list.. If it installs libc6 you might get away fine for now, but when you try to upgrade ubuntu while your using external packages, then you might get a big list of errors.

Nobody every suggested leaving that deb in the source list, in fact the importance of removing it after installation was stated several times.

Nobody every suggested leaving that deb in the source list, in fact the importance of removing it after installation was stated several times.

I am a bit confused on this now. I did just as was suggested by adding the debian source list temporarily to get moblock installed and then removing it immediately after moblock was on my system. I did no upgrades with these source lists. Is this still potentially dangerous to my ubuntu installation?

I am a bit confused on this now. I did just as was suggested by adding the debian source list temporarily to get moblock installed and then removing it immediately after moblock was on my system. I did no upgrades with these source lists. Is this still potentially dangerous to my ubuntu installation?

In addition to moblock it will upgrade some of your system libraries, which potentially may cause certain problems in future.

I have the one installed from debs, but it seems to be killing my internet connection - at least it seems to be connected -

I have a terminal open all the time with the tail command so I can track what it's blocking in real time...


starting the computer everythng works as normal, HOWEVER from time to time I get to the office (i.e. every two to three days) and the computer is not connected to the internet I can't get any pings or anything, and the terminal with the tail command shows that moblock has just been updated ---- is it moblock or maybe cron and is it even at all connected I just don't know, but I could really use some help on the subject.

Through ifconfig I see that the network adapter is still correctly configured with the static IP and I even tried ifconfig down and up again, but nothing changes - I need to REBOOT (not just restart X) to get net again....

PLEASE HELP!!!


here's a bit more info... sometimes when cron starts updating firefox, I can see in my terminal with the tail command on moblock log that it starts running loads of lines with skipped range and duplicate range etc...


in the end it finishes with several lines:
Ranges loaded
Merged ranges
Skipped useless range
NFQUEE: Binding to queue '0'


this is all good and nice and works... however, I loose all internet connection due to moblock on some occasions when it's updating, I tried updating it manually several times in a row and what I came up is that when it KILLS my internet connection, the updating process ends at Ranges loaded line... it never gets to merged ranges, skipped and nfquee...

now... what can I do about it exept turn of the auto updating via cron?


thanks!


Addon: The only way to get back my network is to killall moblock and restart it... or reboot

Hello. :)

I have amule and lopster connection problem with moblock.

Amule servers "low id" when moblock works, if i stop moblock and reconnecting, the id value is high....same thing with lopster, traffic is low and upload is drop for all ip...


Router rules is ok (atlantis web share), firewall and virtual server(dmz able on ip adress of ethernet card).

Iptables rules :

sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW



Moblock is installed and configured by this tutorial(with default blocklist on line 34).
(Thanks pelle.K ;) )



Ranges loaded: 191101
Merged ranges: 243
Skipped useless ranges: 7065
NFQUEUE: binding to queue '0'



Other users have this problem?

Thanks :) (and excuse my english).

I am sorry for not helping you all out in the thread since some time back, especially with recent events in mind. I have been working too much lately. Also i was kindof dissappointed with the latest ubuntu release (edgy) so i've been running arch most of the time.

We should really put our own repository up, with moblock build specific to ubuntu. Or at least build it for ubuntu and post the debs here, since the version on moblock-deb is turning away from ubuntu.
If, and i say _if_, i have the time i will build it myself as soon as possible.

If you wan't to remove the updater, then 'sudo chmod -x /etc/cron.daily/moblock-nfq'
This will make it "not" executable. the opposite of +x that is...
I belive that is the most common reason for many of the latest moblock issues
To manually run this update script 'sudo sh /etc/cron.daily/moblock-nfq' then reboot the computer (or stop/start the deamon) to have it load the ranges in a clean fasion

Amule servers "low id" when moblock works, if i stop moblock and reconnecting, the id value is high
OK, then you have a connection, but uploads are being dropped? I can't really say for sure what is the problem. It shouldn't be happening. Either way you can filter ip:s in amule with a nipfilter.dat list. get it at bluetack.co.uk
That's it... for now.

In addition to moblock it will upgrade some of your system libraries, which potentially may cause certain problems in future.

If you remove the debs or even put a "#" in front of them and then sudo apt-get update, there is no chance of upgrading the system libraries, except for the one file which moblock depends on. The way you phrase that it makes it sound as if numerous files are being changed, when it really only downloads the one file. I agree with Pelle though, we really need to start our own repository, but even if we did it would essentially do the same thing I did, unless someone goes into moblock and alters its dependencies. As of now we can't get around using a different file than that which is found in the Ubuntu repository.

If you remove the debs or even put a "#" in front of them and then sudo apt-get update, there is no chance of upgrading the system libraries, except for the one file which moblock depends on. The way you phrase that it makes it sound as if numerous files are being changed, when it really only downloads the one file. I agree with Pelle though, we really need to start our own repository, but even if we did it would essentially do the same thing I did, unless someone goes into moblock and alters its dependencies. As of now we can't get around using a different file than that which is found in the Ubuntu repository.

because of dependency. moblock depends on some libraries like libc6 and will update it to Debian version if you use Debian repo to install moblock. t is not a big deal, but people should be aware about it.

hi all

i've problems with moblock. i'm using it for home network with firehol. i've some important rules in firehol config. i've ports 25 and 53 open but i only want home network to access them. the problem is when i activate moblock, the blocking rules don't work. when i nmap, i can see all of the open ports and i can connect them. but when moblock isn't working, my rules do what they have to do. i can't see the open ports which i don't want and also i can't connect them.

i'm running edgy and here is my firehol.conf

version 5

iptables --new moblock
iptables -A moblock -j NFQUEUE

server_e2dk_ports="tcp/3604 udp/3608"
client_e2dk_ports="default"

server_kad_ports="tcp/8466 udp/8466"
client_kad_ports="default"

server_mlnet_ports="tcp/4080"
client_mlnet_ports="default"

interface ppp0 internet
policy drop
protection strong

server ident reject with tcp-reset
server "ftp ssh http" accept with limit 5/s 50 overflow drop
server "e2dk kad mlnet" moblock

client all accept

interface eth0 home
policy accept

server all accept
client all accept

Hey cool guide, just wondering after installing from the 3 debs will my software be automatically protected, for instance I use ktorrent, will the IP's on my blocklist be blocked from use in ktorrent and other BT/P2P programs?

Roadboy: It's very important that moblock starts first, then firehol. This happens at bootup, so no worries about that. If you want to restart moblock you _have_ to restart firehol after that as well. That _might_ be the problem. I dont know. I suggest you do what i wrote some posts above to also remove the automatic updater,as it might restart moblock without restarting firehol afterwards.If you wan't to remove the updater, then 'sudo chmod -x /etc/cron.daily/moblock-nfq'
This will make it "not" executable. the opposite of +x that is...
I belive that is the most common reason for many of the latest moblock issues
OrganicPanda: Yes, you >should< be completely protected... As long as you don't install an iptables firewall that will mess up the rules that make moblock inspect your traffic.

Hi,

I used pelle.k's temporary solution to install moblock on edgy. But I have the bad feeling, that the block-lists don't update daily. I was browsing through my log-files (auth.log etc) and only found those updates I did manually (sudo /etc/cron.daily/moblock-nfq). My manual updates always download new lists.

So, there are a few questions:

a) How can I find out, if the updates work?

b) If they don't work, what did I possibly do wrong and what can be done?

If you need more data, please let me know.

Thanks in advance,

yours,
moopoo

BUMP
(Moopoo hopes this way of bumping doesn't bother anyone.)

if you can execute the script manually, and it does work; there's nothing wrong with the cron job.

ive given up on the /etc/cron.daily/moblock-nfq instead i have my own script which is basically a copy of the moblock-nfq that i run daily via crontab. it sends me an email telling me the update was successful etc. it probably does the same with the cron.daily one but im not convinced so im using the crontab way to make sure and ive deleted the cron.daily one.
to read the email that u get after each update u need to install the package called mailx (choose local only and the default domain or host or what its called when it asks u to configure) and then type 'mail' in terminal - it may not work until you receive the first system mail

thanks to both of you. maybe i will have a look at the mail-solution later.

I have the one installed from debs, but it seems to be killing my internet connection - at least it seems to be connected -

I have a terminal open all the time with the tail command so I can track what it's blocking in real time...


starting the computer everythng works as normal, HOWEVER from time to time I get to the office (i.e. every two to three days) and the computer is not connected to the internet I can't get any pings or anything, and the terminal with the tail command shows that moblock has just been updated ---- is it moblock or maybe cron and is it even at all connected I just don't know, but I could really use some help on the subject.

Through ifconfig I see that the network adapter is still correctly configured with the static IP and I even tried ifconfig down and up again, but nothing changes - I need to REBOOT (not just restart X) to get net again....

PLEASE HELP!!!](*,)

I have been having a similar problem. After some time of having moblock running, the host machine loses the ability to originate or accept any connections.

I've traced it down to iptables. (I noticed during a reboot to reestablish connectivity that something in the shutdown mentioned that there were gobs of queued packets [or something like that] disposed of from iptables.) In talking to the office *nix guru, we devised a plan to diagnose this, and flushing iptables (sudo iptables -F) instantly resurrected my connection.

For the record, I'm using Ubuntu Dapper (now KDE-ified) and I dpkg installed moblock from the tar.gz posted here.

Now, I'm not at all sure WHY iptables is getting 'clogged,' but it apparently is. It *could* have been due to the fact that I was using the original guarding.p2p list that relies on nipfilter.dat, and moblock seems to very dislike this list, reporting many skipped bad ranges, short lines, and duplicate ranges, ultimately installing only about 2k ranges. I've had much more success using the commented-out line in /etc/cron.daily/moblock-nfq, which gives me somewhere over 160k ranges.

So, it appears that, for the time being -- unless I discover that using the other blocklist list magically stops iptables from getting clogged -- it seems I need to periodically flush iptables and force moblock to run only when I want to P2P. (Any better suggestion from you *nix or *buntu geniuses would be appreciated.)

Finally, I recall seeing a few pages back someone asking about using blocklists from peerguardian.sourceforge.net/lists. I note that they are very similar to the ones gotten from the above "other" list inside moblock's update script (and I happened to compare the lists obtained by p2p.php and gov.php and found them identical, so if you end up trying to use them, you should need only one or the other). I was able to download a handful of them (p2p, ads, spy), extract them, cat them together, and place them in /etc/moblock/guarding.p2p, and moblock happily ate it and gave me over 100k blocked ranges -- but I note it was a number smaller than what I get with moblock's own downloaded alternate blocklist, so I'll be using that instead.

I'd really like to be able to run moblock and keep it running, but if it's gonna end up logjamming my stack, it's at best going to be a targeted-use helper. I'll be happy to let it jam up my iptables and apply any diagnostics any of you gurus might suggest to diagnose how/why this is happening and prevent it. I'm learning tons (formerly Win32 weenie), and want to know more.

Sorry this ran so long, but there was much to say. ;-)

As a long-time user of PeerGuardian on Windoze XP, I'd love to give MoBlock a try--but I'm way n00b.

On behalf of all the other shy n00bs out there, is there a chance I could get some more specific instructions on how to get this installed and running? I mean--I'm a little lost at the very first step:

I saved the file as a tar archive, it contains libnfnetlink0_0.0.14-1.1_i386.deb
moblock-nfq_0.8-12_i386.deb
libnetfilter-queue_0.0.11-1.1_i386.deb

Just untar this archive. Be aware that the relative path is still in the tar archive and it is bound to /var/cache/apt/archive

After you have the files extracted from the tarball use dpkg -i *.deb (but be sure you put just those 3 files in a directory by their self. do not run that command from /var/cache/apt/archive directory!! be sure you have the 3 files in their own directory..

"Just untar this archive." untar it where? That seems important...! Will it automatically go into /var/cache/apt/archive?

Yeah, hopeless n00b...

Roadboy: It's very important that moblock starts first, then firehol. This happens at bootup, so no worries about that. If you want to restart moblock you _have_ to restart firehol after that as well. That _might_ be the problem. I dont know. I suggest you do what i wrote some posts above to also remove the automatic updater,as it might restart moblock without restarting firehol afterwards.
OrganicPanda: Yes, you >should< be completely protected... As long as you don't install an iptables firewall that will mess up the rules that make moblock inspect your traffic.
first of all thanks for your reply pelle.k. i've studied a little on moblock after your reply and solve the problem. i changed the runlevel defaults for moblock from 2,3,4,5 to 0,6,S and removed the last line (/etc/init.d/`basename $0` reload) from /etc/cron.daily/moblock-nfq and there's no problem :) thanks again.

I've traced it down to iptables. (I noticed during a reboot to reestablish connectivity that something in the shutdown mentioned that there were gobs of queued packets [or something like that] disposed of from iptables.) In talking to the office *nix guru, we devised a plan to diagnose this, and flushing iptables (sudo iptables -F) instantly resurrected my connection.


this did NOT work for me... I had to do sudo /etc/init.d/moblock-nfq restart to get my connection back...

I stress again that there seems to be some problem with the reloading part of moblock after update... it never shows the part:
Merged ranges: 216
Skipped useless ranges: 6197
NFQUEUE: binding to queue '0'

it just gets to:

Ranges loaded: 173688


and hangs with my network dead till I restart it and it gets till the NFQUEUE part...

OK, so i've had enough of this, and plan to build a moblock package myself. :)
Please don't rush me. When i have something that works well, i'll post it here. I'll be back as soon as possible (0 -> 48 hours i suppose).

Hello. :)

I have amule and lopster connection problem with moblock.

Amule servers "low id" when moblock works, if i stop moblock and reconnecting, the id value is high....same thing with lopster, traffic is low and upload is drop for all ip...


Router rules is ok (atlantis web share), firewall and virtual server(dmz able on ip adress of ethernet card).

Iptables rules :



Moblock is installed and configured by this tutorial(with default blocklist on line 34).
(Thanks pelle.K ;) )




Other users have this problem?

Thanks :) (and excuse my english).



I have changed my router atlantis webshare 242w, with a modem ethernet, and the problem is terminated....moblock working perfectly now (i have added other blocklist beyond default lists on line 34).

Other user have a configuration problem with atlantis webshare? :evil:

Hi all. The problem with moblock, is that it's relying on som new libraries in the debian repos. To get around that, i chose to build libnfnetlink and libnetfilter-queue for ubuntu. It works for me, but i can't be sure until some of you tried it out.

If you have added any debian repo (as someone suggested) you need to uninstall moblock 'sudo aptitude remove moblock-nfq' (aptitude to remove dependancies too. or does apt-get do that nowdays?) so that you have a clean ubuntu base to start with.

If you installed ubuntu through the debs provided as a temporary solution, you will have to uninstall them manually with 'dpkg -r packagename.deb'

I've attached two debs to this post. Install them, then install moblock as you would have done before through the moblock repo.

Lemme now how it works so that i can update the HOWTO. Oh, and you still need to use the commented BLOCKLISTS= line in /etc/cron.daily/moblock-nfq to get a full blocklist.

OK. I downloaded both of the packages from the previous post. Saved 'em to my desktop, right-clicked and installed via the gDebi Package installer.

Used Synaptic to install moblock...

How do I know if it's installed properly? How do I know if it's running?! (I'm under the impression it will start up on it's own??)

I belive i did instruct you how to 'tail' the log file in the HOWTO.
Also you could run 'pidof moblock' to see if it's running.

Also you could run 'pidof moblock' to see if it's running.

Ah. I get a process number of "4512"--but I don't see it listed in the System Monitor--so that confuses me a little...

First of all, I'd like to thank you for the time and effort you're putting into this. It's surely appreciated.

Hi all. The problem with moblock, is that it's relying on som new libraries in the debian repos. To get around that, i chose to build libnfnetlink and libnetfilter-queue for ubuntu. It works for me, but i can't be sure until some of you tried it out.

If you have added any debian repo (as someone suggested) you need to uninstall moblock 'sudo aptitude remove moblock-nfq' (aptitude to remove dependancies too. or does apt-get do that nowdays?) so that you have a clean ubuntu base to start with.

I'm totally game for trying this out. Having said that, I should mention that I'm using Ubuntu Dapper, and I've heard enough stories about Edgy to give me pause to go beyond this level right now.

I fully uninstalled moblock and the libn* components from the .debs that had been posted here and installed your new libn* .debs. Attempts to install moblock from the repository still complain at me about the apparent shortcomings of my libc, as I'm not using debian per se.

Given this situation, would you recommend that I install the moblock .deb from the long-prior posting, or that I get the debian libc to satisfy the dependency? (I'm much less comfortable shoving a debian update into Ubuntu, since I'm not quite savvy enough to fix this solid OS if I manage to break it with something unorthodox.)

For the time being, since I seem to need to 'break a rule' to satisfy the libc dependency, I'll go back to that moblock .deb and see how this works with that. But I'm more than happy to be your 'guinea pig' on any other reasonable strategy you can make me understand how to recover from, if all goes south.

Regards!

Have you tried to install it with --force ? The diffrence between the debian libc and the ubuntu one shouldn't be very large... I'd say you'd be better of compromising moblock than the whole system, so give --force a try.
If that doesn't do it, i could probably build the latest moblock release for dapper. That wouldn't be the ideal solution though...

Hi all. The problem with moblock, is that it's relying on som new libraries in the debian repos. To get around that, i chose to build libnfnetlink and libnetfilter-queue for ubuntu. It works for me, but i can't be sure until some of you tried it out.

If you have added any debian repo (as someone suggested) you need to uninstall moblock 'sudo aptitude remove moblock-nfq' (aptitude to remove dependancies too. or does apt-get do that nowdays?) so that you have a clean ubuntu base to start with.

If you installed ubuntu through the debs provided as a temporary solution, you will have to uninstall them manually with 'dpkg -r packagename.deb'

I've attached two debs to this post. Install them, then install moblock as you would have done before through the moblock repo.

Lemme now how it works so that i can update the HOWTO. Oh, and you still need to use the commented BLOCKLISTS= line in /etc/cron.daily/moblock-nfq to get a full blocklist.

How did you manage to build those packages. I have a strange error every time I try it. BTW, they are both in Feisty but I have the same error trying to backport them:

touch install-stamp
dh_testdir -i
dh_testdir: I have no package to build
make: *** [binary-indep] Error 1

Apparently after "I have no package to build" dh_testdir should continue with another try but it fails. I found this on the Internet, it looks like a log for building a Debian 64 bit version:
touch install-stamp
dh_testdir -i
dh_testdir: I have no package to build
dh_testroot -i
dh_installdocs -i -A README
dh_installdocs: I have no package to build
dh_installchangelogs -i debian/no-upstream-changelog
dh_installchangelogs: I have no package to build
dh_install -i --sourcedir=debian/tmp
dh_install: I have no package to build
dh_link -i
dh_link: I have no package to build
dh_strip -i
dh_strip: I have no package to build
dh_compress -i
dh_compress: I have no package to build
dh_fixperms -i
dh_fixperms: I have no package to build
dh_installdeb -i
dh_installdeb: I have no package to build
dh_shlibdeps -i
dh_shlibdeps: I have no package to build
dh_gencontrol -i
dh_gencontrol: I have no package to build
dh_md5sums -i
dh_md5sums: I have no package to build
dh_builddeb -i
dh_builddeb: I have no package to build
dh_testdir -a
dh_testroot -a
dh_installdocs -plibnfnetlink-dev
dh_installdocs -plibnfnetlink1
ln -sf libnfnetlink1 debian/libnfnetlink1-dbg/usr/share/doc/libnfnetlink1-dbg
dh_installchangelogs -plibnfnetlink1
dh_installchangelogs -plibnfnetlink-dev
dh_install -a --sourcedir=debian/tmp
dh_link -a
dh_strip -a --dbg-package=libnfnetlink1-dbg

Maybe Dapper deb building tools cannot handle it for some reason?

So those two debs I made doesn't work under dapper?
Also i have a confession to make. As these two debs wasn't going in some repository, i figured checkinstall would do [-X , so I can't really help you to build them the proper way.
Also, the problem with dapper and moblock is _not_ netfilter, but dependancies in moblock package (eg libc-2.3.6-6 while dapper has 2.3.6-0ubuntu20)

So those two debs I made doesn't work under dapper?
Also i have a confession to make. As these two debs wasn't going in some repository, i figured checkinstall would do [-X , so I can't really help you to build them the proper way.
Also, the problem with dapper and moblock is _not_ netfilter, but dependancies in moblock package (eg libc-2.3.6-6 while dapper has 2.3.6-0ubuntu20)

no, these packages work fine. The problem as you mentioned is with libc6. I wanted to build moblock from Debian source, but it requires dev packeage of libnfnetlink and I guess libnetfilter. That is why I was asking.

I would not like to use --force to walk around the libc6 dependency really.

Oh, now i get it. :) It's a dirty compromise. You get a "ubuntu" package, but on the other hand, you will not get the updates for free (if you used a custom build that is...)
apt-get source moblock-nfq and see to it you've got all build-dependencies installed. (install netfilter sources with ./configure prefix=/usr & make & make install, just comment out libnfnetfilter-dev and libnetfilter_queue-dev in the control file later on...)

That was a "dirty" suggestion, i know. :twisted:
However, i've built both libs the proper way now. I'm going to post them with -dev packages when i've had some sleep, and tested them out.

foxy123: I went straight for the vanilla source from netfilter.org. not the feisty source packages.

Have you tried to install it with --force ? The diffrence between the debian libc and the ubuntu one shouldn't be very large... I'd say you'd be better of compromising moblock than the whole system, so give --force a try.
If that doesn't do it, i could probably build the latest moblock release for dapper. That wouldn't be the ideal solution though...

No, I hadn't tried --force, but thanks, I'll keep that in mind for later, in case the progress I've made lately falls apart. For the time being, I've backtracked to the Old Packages posted by lp7413 in post 239 and made some adjustments, and things appear more stable now.

I did finally have a realization as to the cause of my most major problem, and I'll post it here in case anyone else is in a similar boat and did the same not-thinking I did. ;-)

My Ubuntu Dapper box is running bind9 with my own tables for internal addresses and bumping up to the root servers for anything unknown -- I've traditionally found ISP's DNS's to be slow or unreliable, and I've been very happy with DNS performance since I cut my ISP out of the loop.

What I didn't realize is that many, if not most or all, of the DNS root servers and various other target domain's servers are included in the blocklists that I get from "ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware". With this full list loaded and moblock running, I lost the ability to resolve an uncached domain name from the root servers (which I seemed to find were blocked by entries labeled "VeriSign Global Registry Services").

Subsequent to this discovery, I grepped out from the building of guarding.p2p in /etc/cron.daily/moblock-nfq any of those or any having a dotted word with NS and an optional digit, and things became much better.

Still, something I read before kept echoing in my head, and today I seem to have stumbled over a better solution. /etc/moblock/MoBlock-nfq.sh sets a number of WHITE* variables that control passthrough rules. By adding "domain" to WHITE_TCP_OUT and WHITE_UDP_OUT, I was able to keep the VeriSign blocks (in case there could possibly be some nefarious P2P traffic from there...) without compromising my ability to resolve names.

So, for now, everything seems mostly stable. If it all goes south, I may try to force up the latest .debs.

Hope the above can help someone.

Something else I've discovered that I think is worth mentioning here.

FTR, I'm using moblock 0.8-12 with libnfnetlink0 and libnetfilter-queue from the Old Packages I mentioned earlier, so I don't know if what I'm about to report has been fixed in 0.8-13....

At the top of /var/log/moblock.log, as I've mentioned before, I get *many* "Skipping useless range" reports when moblock loads. I started tracing them back to the guarding.p2p, and it turns out that almost every one of them is a single-address range (e.g., 194.237.107.11-194.237.107.11). I'm hoping I'm wrong, but this seems to be telling me that any such single address range is NOT being blocked.

If I'm right, I find this very disturbing...

with great help from pelle.k I managed to build moblock Dapper packages. They work on my laptop, but I am not sure if they will do on any other PC :)

Anyway I am attaching the package here. Give it a try and let me know.

Will this package be safe to use on Edgy?

No. You should install the two debs attached in this post http://www.ubuntuforums.org/showpost.php?p=1797134&postcount=302 for use in edgy, then install moblock from repo, as in my howto.
If someone could report back to me or foxy123 in this thread, and tell us if everything works as expected, I would gladly update my HOWTO.

If someone could report back to me or foxy123 in this thread, and tell us if everything works as expected, I would gladly update my HOWTO.

I had no trouble uninstalling the Old Packages and installing the lib's and moblock-nfq from foxy123's packages. It appears to work substantially similarly to the Old Packages, so I'm superficially confident that this build is good. :-D

I am still quite a bit concerned over moblock's apparent rejection of single-address ranges in guarding.p2p (which I referred to in a prior post), which now appear to number over 6000....

OK. great.
Single address ranges you say? Do you use the "old" commented BLOCKLISTS= or the new one (in /etc/cron.daily/moblock-nfq) with nipfilter.dat?

OK. great.
Single address ranges you say? Do you use the "old" commented BLOCKLISTS= or the new one (in /etc/cron.daily/moblock-nfq) with nipfilter.dat?

Sorry, my bad. I'm using the old commented BLOCKLISTS.

But I only noticed a large coincidence between my "Skipping" lines in the log and single-address ranges in guarding.p2p. What I didn't notice is that (so far) every single-address range I've found in the Skipping lines is included within a larger range somewhere above it, so it seems these lines are redundant and properly skipped.

It did initially give me the impression that something (perhaps important) was being ignored, but that no longer seems to be the case. I may just whip up a little PHP program to chew on the Skips and verify that they're *all* covered elsewhere, but I have yet to find one (on further examination, jumping through the Skip list) that isn't.

Thanks to all in the forum for helping me get this running and understand what's going on. It's amazing how much I've learned about iptables and other things just in getting this one important program running.

That's a relief. :)
Yeah, you can learn quite a lot when you have to. I remember back when i was a newbie and had to compile a usb stick network driver, and setp it up with wep in /etc/network/interfaces. Man i hadn't the slightest idea of even what a deamon was, but at some point you realize /etc/init.d/network restart is really more convenient than rebooting the computer really. :D

I'm running Edgy and managed to apt-get install moblock v0.8-13 with the new debs (found here (http://www.ubuntuforums.org/showpost.php?p=1797134&postcount=302)), and it seems to be working okay. Tried to ping microsoft.com and another ip from the blocklist, and when I check moblock.log they're blocked.


It's amazing how much I've learned about iptables and other things just in getting this one important program running.

Amen to that...and many thanks to pelle.k for this great thread.

OK ladies and gentlemen. I've updated the howto with the latest. If you've added debian repos or installed debs other than from foxy123 or me - uninstall them...

hey pelle, thanks for all your work. works great!!

Man, I started out 15 minutes ago googling for a peerguardian for Ubuntu and I'm up and running thanks to your guide. Thanks a bunch pelle!

This thread has been a constant visit for me here on the forums and I believe this project is quite important as well. Thanks again for the update and keep up the great work! I have installed the newer version by following the latest edgy update to the original post and I updated the block lists.. but I noticed the bluetack stuff not being able to download. Anyone else have this problem? Maybe I need to update my blocklist line? I will try it again in a while.

Hi,
TIPS : copy the last version of moblock-nfq (/etc/cron.daily/) into an older installation :
(I use this tips for my (ubuntu dapper drake) amd64 version of moblock )

Extract the last package archive of Moblock into your curent directory :
dpkg-deb -x moblock-nfq_0.8-13_i386.deb .
replace the old file with the new one :
sudo cp ./etc/cron.daily/moblock-nfq /etc/cron.daily/moblock-nfq


I hope this can help someone :)

Sorry for my english, I'm french

One thing I would like to see in reference to the MoBlock log is to tell me what PORT the IP address was blocked on.

Example:

Blocked OUT: VIVENDI TELECOM HUNGARY,hits: 1,DST: 213.163.51.151

I want it to be

Blocked OUT: VIVENDI TELECOM HUNGARY,hits: 1,DST: 213.163.51.151:PORT

One thing I would like to see in reference to the MoBlock log is to tell me what PORT the IP address was blocked on.


And timestamp would also be nice.

Okay....how do I add sourceforge to the exceptions list? someone added it to the default block list

Also, removing "Blocked" from the beginning of the log would be nice.

Configuring the logfile output through a config file would be a very nice addition to this program simce all I want is
[Short Time Stamp]:[IN/OUT]:[DNS Name]-[IP}:[PORT]

Hey guys.
The features you ask, require changes in the source code. I'm neither a skilled C coder, nor very comfortable with branching moblock. So, until someone does, you'll have to wait, or do this yourself.

Okay....how do I add sourceforge to the exceptions list? someone added it to the default block list
This is really the reason i put a FAQ in my howto...
good luck.

On a seperate subject regarding MoBlock, I'd like to know from the people using it, what's the domain giving you the most hits?

I have Time Warner Telecom with 700 hits.
IP Range 206.80.17.*

forgive me for this may sound like a very n00b question. What will happen if moblock and firestarter are used togeather? The statement of "Firestarter (most iptables firewalls) does not work with moblock ATM" is kind of ambiguous. Does it mean it will not function with firestarter, or does it mean it can not integrated with firestarter?

---edit
Ah okay, I read through all 34 pages and found me answer. But didn't Clessing construct a method to use moblock with firestarter ( http://ubuntuforums.org/showpost.php?p=1209006&postcount=81 ) ? does it work?

Not really. I'm quoting from his post.

Solution 1;So using what I posted above means putting moblock in front of firestarter, effectively leaving firestarter's rules unused because moblock is filtering everything.
You can only use firestarter to watch open connections
Solution 2;But this only replaces the problem by another: now firestarter is in charge and if firestarter decides that a packages is to be accepted, it may do so without consulting moblock.

This essentially means, you have no control over what is happening.

To sum it up;This is one of the reasons for which on sourceforge.net I categorized moblock as software for "advanced end users": you should know how to use iptables before you use moblock. You can do without as per default the package blocks things. But if you want to integrate it in another firewall you need to know, what is going on.

I'm afraid this _is_ the current situation. I'm investigating new possibilities, though...

Great work by pelle!

Thanks a million!

I haven't been able to update my blocklists today, I can't get any connections to bluetack. Actually I can't even get their webpage to open with firefox.

Is it just me or is their service down?

I haven't been able to update my blocklists today, I can't get any connections to bluetack. Actually I can't even get their webpage to open with firefox.

Is it just me or is their service down?

It's down for me also. I installed moblock for the first time tonight, thanks Pelle for the nice very simple guide and deb packages of the dependencies that were missing. Only problem is bluetack being down and can't seem to find an alternative server for a temp use.

Bluetack is under a DDoS attack.

From the Bluetack forum:

Hi everyone. Well the forum is back , thanks to our most awesome , hardworking admins who have brought us back to life again.

The site's situation is that we are currently under a DDoS attack.

We will naturally continue to fight it , and we are putting together a report from all the logs on the IP's/users involved for the authorities. There will also be a nice new server-flooder blocklist available for download out of this attack.

We also took this time out over the past week to do a few upgrades and maintennance on the server itself , so there may be some errors around the site. If you find you have some problems on the forum , please let us know in the Site Related Issues & Suggestions forum section.


If the list updates are not working for you , please don't hammer the server unneccesarily , just try again later. Things will be back to normal in no time.

We also hope to have a new alternate server set up in the next week or so for hosting the lists , more information on that when it's up and running.

---
EDIT

Or then again maybe not. I looked at the date and it was Sep 10 2006. :-D

Does anyone know how you can view the moblock log on a windows computer on a network, and have it display the updated information like that theme in SuperKaramba does (doesn't have to be as fancy).

The easiest way would be to download and run putty in windows, start an ssh session to the computer with moblock installed, and 'tail -f' the logfile. Anything other than that, will probably be somewhat difficult. Moblock just isn't written to handle these situations out of the box.

Phenomenal guide. Thanks a lot, pelle.k.

In case anyone is interested, I've modified /etc/cron.daily/moblock-nfq . The modifications mostly deal with removing unnecessary verbosity (I don't want to see daily 3-page wget traces unless there was some problem) and adding some error handling. The modified script is attached and should be a drop-in replacement for stock file. Feel free to report any issues and/or to incorporate it in future package versions.

-- Sasha

There are no blocklists in txt file format in Bluetacks servers. All the lists are gzips or zips. So the dshield blocklist wont download.

And a different issue, I tried to download level3 blocklist from bluetack. All I got was html-document:

Welcome to test-a-contrib.com

Test
Evaluation
Accounting Test
Assessment Test
Employee Screening
Myers Briggs Type Indicator
360 Review
Employee Drug Testing
Myers Briggs Test
IQ Test Score
Employee Personality Test

Staffing Services | Employee Benefit Services | Background Checks | Physical Therapy | Hospitals | Cheap Airfare
Why am I seeing this web site?

Does anyone have any info on that?
---
EDIT:
Apparently bluetack had some server issues, they fixed it and it's working again.

Shouldn't the restart line be

sudo /etc/init.d/moblock-nfq restart

?

New version of moblock on ubuntu 6.10

Any reason why not to upgrade?

New version of moblock on ubuntu 6.10

Any reason why not to upgrade?

I may have found one: I updated this morning and now I can't connect to my POP server to get my e-mail!! :( (I confirmed this by killing moblock-nfq. Everything connected fine when it was "off"...)

Help!! How do I fix this? (There are 2 Charter.net accounts (same POP, obviously) and one yahoo.biz account being blocked.)

Shouldn't the restart line be

sudo /etc/init.d/moblock-nfq restart

?

It should if you want it to actually restart! ;) (I learned that the hard way this morning!)

I may have found one: I updated this morning and now I can't connect to my POP server to get my e-mail!! :( (I confirmed this by killing moblock-nfq. Everything connected fine when it was "off"...)

Help!! How do I fix this? (There are 2 Charter.net accounts (same POP, obviously) and one yahoo.biz account being blocked.)

I have a feeling I need to put something in the grep command in /etc/cron.daily/moblock-nfq (below), but nothing I've tried has worked so far (do I use quotes? do I put the pop.charter.net IP in there?? I'm confused!!)

# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "charter" | grep -v "Trendstep Ltd" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0


None of these have worked: grep -v -i "charter" grep -v -i "209.225.8.224" grep -v -i 209.225.8.224 grep -v -i "charter/!" .... (Plus, I don't know where the "restart section" is!) HELP!

Shouldn't the restart line be

sudo /etc/init.d/moblock-nfq restart

?

Considering that /etc/cron.daily/ scripts are run as root, it shouldn't. Or am I missing something?

Considering that /etc/cron.daily/ scripts are run as root, it shouldn't. Or am I missing something?

He was pointing out (I think) that in the first post in this thread:

sudo /etc/init.d/moblock restart

"-nfq" was missing... (ie, sudo /etc/cron.daily/moblock restart vs sudo /etc/cron.daily/moblock-nfq restart) ?

[A very polite *bump* :???: ]

I updated this morning and now I can't connect to my POP server to get my e-mail!! :( (I confirmed this by killing moblock-nfq. Everything connected fine when it was "off"...)

Help!! How do I fix this? (There are 2 Charter.net accounts (same POP, obviously) and one yahoo.biz account being blocked.)

Can anyone help this n00b get the correct coding to whitelist my POP e-mail server? I've tried various combinations of "charter.net" and 209.225.8.224 etc...but it's not working... I'm doing something wrong... Here's the latest incarnation:

# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "charter\!" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0

I don't know what the "restart section" is refering to, either... :confused:

Before you try to connect to your email-server, open terminal and enter command
tail -f /var/log/moblock.log
This will tell you what you need to whitelist. Then, if you need to whitelist for example yahoo and charter.net, the needed edits to the /etc/cron.daily/moblock-nfq would be something like this:
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo" merged.p2b.p2p | grep -v -i "charter.net" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload

The mention to the restart section is there only to confuse us all, I haven't found it either but I've managed to get yahoo working with this.

:D Just when to post a big thank you for your your efforts. A great guide, and leaves me without a doubt that Moblock can and does work.

Of course, for field testing, just start limewire... ;)

Before you try to connect to your email-server, open terminal and enter command
tail -f /var/log/moblock.log
This will tell you what you need to whitelist. Then, if you need to whitelist for example yahoo and charter.net, the needed edits to the /etc/cron.daily/moblock-nfq would be something like this:
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo" merged.p2b.p2p | grep -v -i "charter.net" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload

The mention to the restart section is there only to confuse us all, I haven't found it either but I've managed to get yahoo working with this.

I still can't reach my POP server... I've done a WHOIS for pop.charter.net and this is the ip that comes up: 209.225.8.224 (or at least that's what it was yesterday). When I display the moblock.log, here's what I see:

Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 16,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 17,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 18,DST: 209.225.8.224

The ip's match exactly, so that would seem to be my problem, yes? (I don't know why it doesn't say some variation of 'charter'!)

But when I change the moblock-nfq as you suggest, it's still blocked:

grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Exodus" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload

What am I doing wrong? Do I need the IP in there?? And how do you enter an IP range?

[Edit] Just to add to the mystery: I'm running 32-bit Edgy on two boxes, a Pentium IV Dell and an AMD Athlon 64x2. I have Moblock 0.8-14 loaded on BOTH machines, and it's only the AMD that's blocking my POP server...! I can retreive mail no-prob on the Dell. :-k

[2nd Edit] Now it's happening on the Dell box... Obviously the block-list (whatever it's called) got updated there,too?)

But when I change the moblock-nfq as you suggest, it's still blocked:

grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Exodus" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload

What am I doing wrong? Do I need the IP in there?? And how do you enter an IP range?

[Edit] Just to add to the mystery: I'm running 32-bit Edgy on two boxes, a Pentium IV Dell and an AMD Athlon 64x2. I have Moblock 0.8-14 loaded on BOTH machines, and it's only the AMD that's blocking my POP server...! I can retreive mail no-prob on the Dell. :-k

Well, now this gets out of my league. To my knowledge, that should have worked. And I am under impression that IP addresses or ranges can't be entered to whitelists, one can only use this name method thingy. Correct me if I am wrong.

Is there a way to prevent moblock from loading at startup (until I can figure out this whitelist problem!)?

Is there a way to prevent moblock from loading at startup (until I can figure out this whitelist problem!)?

I am no Debian expert, so please double-check. According to the update-rc.d manpage something like the commands below should work:


update-rc.d -f moblock-nfq remove
update-rc.d moblock-nfq stop 20 2 3 4 5 .


Another hardcore way is to move /etc/init.d/moblock-nfq script somewhere else.

I am no Debian expert, so please double-check. According to the update-rc.d manpage something like the commands below should work:


update-rc.d -f moblock-nfq remove
update-rc.d moblock-nfq stop 20 2 3 4 5 .




Clever fellow! This seems to have worked. I'd sure prefer the whitelist option--but this will save me some aggrivation for awhile... Thanks!

Hey pelle.k !

I just followed your instructions and they worked great. Thank you very much!

However, I found that the Privoxy proxy server that I am running was giving me some trouble when running the daily cron script. I had to add the following two lines to the top of the script to get the daily updates to work properly:

unset http_proxy
unset HTTP_PROXY

I do not know if anyone else has come across a similar problem. If you are running Privoxy (or some other proxy like squid?) then try the above and maybe it will help you too.

Thanks again pelle.k for the useful info.

Cheers!

Gawd, I really need some help whitelisting my e-mail POP server!!

Here's what's showing after doing a

wilberfan@AMD64:~$ tail /var/log/moblock.log
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 52,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 53,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 54,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 55,DST: 209.225.8.224

And here's my attempt at a grep command inside of /etc/cron.daily/moblock-nfq

# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
done
cat *.txt > merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
# grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Exodus" > merged.p2b.p2p.tmp
# mv merged.p2b.p2p.tmp merged.p2b.p2p
grep -v -i "Exodus IDC - DC/DC2,Exodus IP Address Administrator" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0

It DOES need quotes around the string, right? Maybe the coding is correct, but something ELSE is wrong?? All I know is that I can't get e-mail until I 'kill' moblock! :(

grep -v -i "Exodus" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

Try that instead. the / might be your problem since this is regexp.

grep -v -i "Exodus" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

Try that instead. the / might be your problem since this is regexp.

Nope. Still not working... Here's the latest cat

Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 17,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 18,DST: 209.225.8.224
Blocked OUT: Exodus IDC - DC/DC2,Exodus IP Address Administrator,hits: 19,DST: 209.225.8.224

(I've verified that's my POP server. If you enter that IP into a web-browser, you get the Charter Mail login screen...)

And here's my /etc/cron.daily/moblock-nfq
# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
done
cat *.txt > merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
# grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Exodus" > merged.p2b.p2p.tmp
# mv merged.p2b.p2p.tmp merged.p2b.p2p
grep -v -i "Exodus" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0

I tried rebooting and even manually updated the blocklist... Something else is wrong somewhere...

Is it possible to whitelist that specific IP?

This is impossible! The syntax is correct. grep you merged.p2b.p2b for "Exodus" It _shouldn't_ be there after an update.
# if any blockfiles were updated
So, did any of the blocklists get updated at the time you tried it out? e.g. are you sure this block of code got executed, when you ran the script?

If not, you might as well do it yourself, by running the two lines of code i gave you, in the directory where the blocklists reside.

If not, you might as well do it yourself, by running the two lines of code i gave you, in the directory where the blocklists reside.

But first you'd have to gunzip the archives and merge them into one file.

Well, it's STILL not working... I haven't tried the manual method yet (I wanna get it working properly!)

I just tried a manual update of the blocklist and got this:

wilberfan@DELL-Ubuntu:~$ sudo sh /etc/cron.daily/moblock-nfq
moblock: checking for new block lists...
--19:16:43-- http://www.bluetack.co.uk/
=> `-'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... failed: Connection refused.
no connection to www.bluetack.co.uk, updating later.

I don't know if that's a temporary problem or not? If, for some reason, I haven't been able to connect to bluetack for awhile -- ie, if my blocklist hasn't updated for awhile -- could THAT be causing my problem??

Well, it's STILL not working... I haven't tried the manual method yet (I wanna get it working properly!)

I just tried a manual update of the blocklist and got this:



I don't know if that's a temporary problem or not? If, for some reason, I haven't been able to connect to bluetack for awhile -- ie, if my blocklist hasn't updated for awhile -- could THAT be causing my problem??

Bluetack is currently down but I am sure its just a temporary thing. I updated my list just yesterday.

From digg: http://digg.com/security/PeerGuardian_2_MPAA_Fake_Torrents_Tracker

(http://torrentfreak.com/mpaa-caught-uploading-fake- torrents/) Add this to your PG2 list. It blocks the IP ranges for the fake torrents listed in the recent Digg article. Just trying to save you some time. Special thanks to whiterabbit.

These are the ranges
MPAA Tracker:66.172.60.1-66.172.60.255
MPAA Tracker:66.177.58.1-66.177.58.255
MPAA Tracker:66.180.205.1-66.180.205.255
MPAA Tracker:209.204.61.1-209.204.61.255
MPAA Tracker:216.151.155.1-216.151.155.255

I did this:
tee@tee-laptop:~$ cat /etc/moblock/guarding.p2p | grep mpaa
Razorback 2.0 and 2.1 closed by mpaa:195.245.244.243-195.245.244.244
Versatel Internet customer Stichting Kompaan 5041 JM:82.175.83.120-82.175.83.127

So I'm assuming I need to manually add the ranges since they aren't there, how do I do that? I skimmed through the thread but couldn't find anywhere that said how to.

@wilberfan
if my blocklist hasn't updated for awhile -- could THAT be causing my problem??Yes! That's what i've been trying to tell you :)


@tee2
So I'm assuming I need to manually add the ranges since they aren't there, how do I do that? Well, a quick'n'dirty way is to save those five lines in a text file, and then
cat textfile >> merged.p2b.p2p
Just before mv merged.p2b.p2p $PG_LIST at the end of /etc/cron.daily/moblock-nfq

i cant install the second libnetfilter for some reason i dont get any error messages besides "Failed to install package..." any idea whats wrong?

other than that everything seems fine and thanks for the howto.

@wilberfan
Quote:
if my blocklist hasn't updated for awhile -- could THAT be causing my problem??

@wilberfan
Yes! That's what i've been trying to tell you :)

And you would be correct!! :rolleyes:

This morning I was FINALLY able to connect to bluetack. And now I'm able to connect to my POP server! 8)

I'm not sure where to check--or even if it's possible--but is there a log that could have something posted that says "Unable to update blocklist", or something?

Now that I've removed everything that allowed moblock to autostart on my other box--is there an easy way to have moblock autoload on startup again? (My noobie inclination is to just try and reinstall it...)

Thanks for your help! :p

@ninjad
i cant install the second libnetfilter for some reason i dont get any error messages besides "Failed to install package..." any idea whats wrong?
You haven't told us what version of the packages, and what version of ubuntu you are using... Also, you could probably spot what is wrong if you just open the packages with gdebi, before installing them.

@wilberfan

man update-rc.d
update-rc.d moblock-nfq defaults

Hey guys. I don't use ubuntu as much as I used to anymore. This means I can't stay up to date on what is happening with moblock-deb / ubuntu. That means i would like for someone to "rip off" my howto, in a new thread, and maintain it. You should preferably know how to make deb packages and have a good understanding of how moblock works. Send me a message, and we'll set something up...

I accidently ran the following command to turn OFF daily automatic updates... How do I turn it back on??

sudo chmod -x /etc/cron.daily/moblock-nfq

I tried +x (!) but I don't think that's working...

I tried +x (!) but I don't think that's working...
Well, then you are mistaken. Because +x is the correct syntax.

Well, then you are mistaken. Because +x is the correct syntax.

{Sigh...} Sometimes the learning curve is a yucky place to be..! But thanks for verifying that for me...

dev packages for Dapper

I know this is probably not the place for moblock tech support, but maybe you'd be willing to help with my problem.

I use moblock and related packages from the first post in this thread on Ubuntu Edgy, and I also use mldonkey and leave it running most of the time. Sometimes I suddenly become unable to connect to my DNS server, as I can't open or ping any website with their URL, but I can with their IP addresses, and my IM or IRC connections are still active. If I stop moblock, I'll immediately become able to access again, and it would continue to work for many hours. My DNS server and its subnet is not contained in /etc/moblock/guarding.p2p or /var/spool/moblock/*. I checked /var/log/moblock.log and syslog, and nothing related show up.

Do you know what the problem could be?

I recently found out that mldonkey can also use the guarding.p2p file. Do you think it's better to use that or moblock?

Thanks

Yaohan Chen

Sometimes I suddenly become unable to connect to my DNS server
Are you behind a router/firewall? In that case, it's a common problem (which by the way has nothing to do with moblock...) as emule puts to much stress (connections) on the cheap hardware used in common routers/firewalls.

I recently found out that mldonkey can also use the guarding.p2p file. Do you think it's better to use that or moblock?
If you think it's good enough to only block connections from within emule, and have no need for the log file moblock spits out, then yes. You'll have to compile your own blocklist file though. just download level1 blocklist from www.bluetack.co.uk and untar/unzip it (if you download level2 blocklist, then just merge it with level1.)

Moblock seems to block Gmail (pop.gmail.com, and possibly smtp.gmail.com)

How can I stop it from blocking Gmail?

Are you behind a router/firewall? In that case, it's a common problem (which by the way has nothing to do with moblock...) as emule puts to much stress (connections) on the cheap hardware used in common routers/firewalls.

I'm on a university network and there might be a router/firewall/packet shaper involved, but I don't think it goes between me and the DNS server on the same subnet. Also, as soon as I stop the moblock daemon, the connection immediately "goes through", so it does seem related to moblock...or maybe iptables?

@hagabaka;
I'm sure there are a few bugs, not ironed out from moblock. I can't be really sure what the problem is, because it depends very much on your setup as well.
Use the ip-filter in emule, which is for the specific task of blocking connections in emule instead.

@justin
You'll have to watch the logfile, and filter those ranges out, during an update of the blocklists. It's described in my howto.

Does this seem right to you?

Short guarding.p2p line p2p Corrupt Data Senders:85.3.3.194-85.3.3.194The file format you requested is no longer supported., skipping it...
Short guarding.p2p line Please use the available .zip or .gz downloads instead., skipping it...
Short guarding.p2p line For more information please visit:, skipping it...
Short guarding.p2p line www.bluetack.co.uk, skipping it...
Ranges loaded: 185137
Merged ranges: 225
Skipped useless ranges: 7017
NFQUEUE: binding to queue '0'


Those 'Short Guarding' lines it skipped, specifically and the amount of Skipped useless ranges seems quite high, no?

As a side note, I've been using MoBlock for months and my ISP got a letter from Pramount Studios about me :sad:

I will have to figure out how to torrent via proxy

Does this seem right to you?

Short guarding.p2p line p2p Corrupt Data Senders:85.3.3.194-85.3.3.194The file format you requested is no longer supported., skipping it...
Short guarding.p2p line Please use the available .zip or .gz downloads instead., skipping it...
Short guarding.p2p line For more information please visit:, skipping it...
Short guarding.p2p line www.bluetack.co.uk, skipping it...
Ranges loaded: 185137
Merged ranges: 225
Skipped useless ranges: 7017


You are trying to download a txt-file from bluetack, they are no longer supporting them. You'll have to edit the /etc/cron.daily/moblock-nfq to download proper blocklists.

Comment the lines
BLOCKLISTTXT="dshield"
and

for i in $BLOCKLISTTXT ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX2 ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX2`
echo "File $i.$SUFFIX2 last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX2`
fi
wget -N $URL/$i.$SUFFIX2
if [ `stat --format=%Y $i.$SUFFIX2` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done
and remove all txt-files (if any) from /var/spool/moblock/

If you want to use the dshield blocklist, try adding it to the
BLOCKLISTS="your blocklists"
in /etc/cron.daily/moblock-nfq. It might work. Or not.

Is it needed to comment the code? Isn't enought to use only BLOCKLISTTXT="" at etc/crontab.daily/moblock-nfq?

Is it needed to comment the code? Isn't enought to use only BLOCKLISTTXT="" at etc/crontab.daily/moblock-nfq?

I would (and did) use the # to make the code comment lines.

@marx2k: Did you always have moblock blocking about 180000 ranges? Or did you have the problem described in the HOWTO/this thread that you had only about 2000 ranges blocked for a longer time?
To answer your question: Those many skipped ranges are normal, they are duplicates in the blocklists. But you really have to get rid of the txt-lists.

@Ole32: Your solution will have exactly the same results as commenting out the whole stuff. By the way, these are the lines from cron.daily in the current moblock.deb from moblock-deb.sourceforge.net:
BLOCKLISTS="ads-trackers-and-bad-pr0n bogon dshield hijacked level1 level2 Microsoft spider spyware templist"
BLOCKLISTTXT=""

greets
jre

EDIT: bluetack.co.uk (the providers of the blocklists) have some problems with their server at the moment. I recommend not to make updates at the moment and wait until they can maintain and provide their blocklists in a normal way again.
Just make (as root or with sudo) a
chmod -x /etc/cron.daily/moblock-nfq to stop the daily list updates and
chmod +x /etc/cron.daily/moblock-nfq to start it again
For more information have a look at the bluetack homepage or http://forums.phoenixlabs.org/showthread.php?p=97067#post97067

I acctually suggest leaving the cron job OFF. You can download your blocklist yourself, either through manually running the cron job, or downloading level1 (and maybe level2) with your browser and manually replacing the blocklist.
This way, you will oversee it. There will be no "surprises" like that error message that got into the blocklist insetad of an actual file with ip ranges.

How? Just download level1 from http://www.bluetack.co.uk/forums/index.php?act=dscriptca&CODE=viewcat&cat_id=4 and untar/unzip it and "mv level1 /etc/moblock/guarding.p2p"
If you need to merge level1 and level2 (for gods sake, untar/unzip both first) just "cat level1 level2 > merged.p2p" and then move merged.p2p to /etc/moblock/guarding.p2p and restart moblock. comprende?

Level1 and level2 blocklist, _will_ be enough in most cases.

Hi Guys,

For some reason, the firehol instructions listed in the first post doesn't seem to work for me. Not sure why but the moblock install that I have has 3 chains and not one MOBLOCK chain. You can see the MoBlock-nfq.sh script to see that is creating 3 chains so I'm not sure which version of moblock that pelle.k has (I believe mine was from the repos).

These are the changes I made to make it work. Hopefully it helps someone out..

open /etc/firehol/firehol.conf and add

iptables --new MOBLOCK_IN
iptables --new MOBLOCK_OUT
iptables --new MOBLOCK_FW
iptables -A MOBLOCK_IN -j NFQUEUE
iptables -A MOBLOCK_OUT -j NFQUEUE
iptables -A MOBLOCK_FW -j NFQUEUE

under "version 5"
Change all instances you wish to be inspected by moblock to MOBLOCK_IN, MOBLOCK_OUT, or MOBLOCK_FW instead of accept...

This is an example of how it might look;
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Moblock chain
iptables --new MOBLOCK_IN
iptables --new MOBLOCK_OUT
iptables --new MOBLOCK_FW
iptables -A MOBLOCK_IN -j NFQUEUE
iptables -A MOBLOCK_OUT -j NFQUEUE
iptables -A MOBLOCK_FW -j NFQUEUE

# Bittorrent. tcp ports 6881 to 6999
server_torrent_ports="tcp/6881:6999"
client_torrent_ports="any"

# Example udp ports
server_exampleport_ports="udp/15001:15011"
client_exampleport_ports="any"

# "any" means any interface, you can substitute it
# for eth0 or whatever.

interface any world

# Let torrent and exampleport through, and
# filter them in moblock.
server "torrent" MOBLOCK_IN
server "exampleport" MOBLOCK_IN

# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client http accept

# Filter all outgoing connections, and their replies.
client all MOBLOCK_OUT



This section is NOT required. You can safely skip this part...

Instead of one "interface" section you can have two interface sections (if you're connected to more than one network...)

# Your internet interface
interface eth0 myinternet

server "torrent" MOBLOCK_IN
server "exampleport" MOBLOCK_IN

# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client http accept

client all MOBLOCK_OUT

# Your local network
interface eth1 mylan

# You can access whatever on your lan
client all accept

# If you want your lan user to access your http server
server http accept


In the /etc/moblock/MoBlock-nfq.sh file, you need to change:


ACTIVATE_CHAINS=1


to


ACTIVATE_CHAINS=0


so it will use the current iptable chains that was setup by firehol.

Just as an FYI, if you need to do any firewall changes to firehol, do these steps:

Modify firehol.conf
Stop moblock - /etc/init.d/moblock stop
Restart firehol - /etc/init.d/firehol restart
Start moblock - /etc/init.d/moblock start

As noted by pelle.k, do a 'moblock reload' after updating the guardian.p2p file.

Level1 and level2 blocklist, _will_ be enough in most cases.
I totally agree that users shouldn´t just use the cron.daily job without checking if things really work. But otherwise I think level1 and level2 aren´t enough. See Bluetacks blocklist FAQ (http://www.bluetack.co.uk/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Blacklists+FAQ) for which lists are available and why bluetack recommends to use them (they even recommend "edu").
By now the problems at bluetack seem to be over. The cron.daily job is working flawless (and even while bluetack had server problems it never resulted in wrong blocklists (=too few ranges blocked) on the users computers.
So either use the manual method as described by pelle a few posts above (with the lists of your choice) or the cron.daily job (as long as you use it with a line like BLOCKLISTS="ads-trackers-and-bad-pr0n bogon dshield hijacked level1 level2 Microsoft spider spyware templist" without a "nipfilter.dat" or some other list in the wrong format.
If anyone sees a problem feel free to report it at phoenixlabs.org in the PeerGuardian Linux forum.
jre

EDIT: bluetack doesn´t really "recommend" to use any lists but recommends to use the lists that fit a user´s needs (you see the difference ;-) )

Nice How-to

This thread has been added to the UDSF wiki.

Moblock (http://doc.gwos.org/index.php/Moblock)

G'Day,

I keep getting this error when trying to install on Edgy following everything as written both here and on the wiki:

nirvash@gekkostate:~$ sudo apt-get install modblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package modblock-nfq

In case anyone else has had the same problem I found a workaround:

Just download the deb for the Dapper install.
Install via terminal, you will get an error about dependancys, so dont worry.
After you have done that type:
sudo apt-get install -f
You will then be asked if you would like to update the package you have just previously tried to install, say yes.
Then everything will update nicely and connect to the internet to update the blocklists, and modprobe will be running. To verify you can do the checks mentioned at the start of this How-To.


(Apologies if this has already been posted but I kept getting the same error, even on a fresh install of Edgy and this is all that worked:mrgreen:)

G'Day,

I keep getting this error when trying to install on Edgy following everything as written both here and on the wiki:

nirvash@gekkostate:~$ sudo apt-get install modblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package modblock-nfq

(Apologies if this has already been posted but I kept getting the same error, even on a fresh install of Edgy and this is all that worked:mrgreen:)

You can also add in the /etc/apt/sources.list:

#moblock
deb http://moblock-deb.sourceforge.net/debian unstable main
deb-src http://moblock-deb.sourceforge.net/debian unstable main

then do sudo apt-get install moblock-nfq

nirvash@gekkostate:~$ sudo apt-get install modblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package modblock-nfq
The PeerGuardian alternative is called "moblock" (not modblock).
"modprobe" is for (un)loading kernel modules, which is also needed to get moblock running.

greets
jre

nice how to...but i've got a question. how do i disable moblock? reason i ask is because its blocking game servers.

@dawg:
I've updated the howto faq. Look there.

@dawg:
I've updated the howto faq. Look there.

Uhm, I can't find it. I hope you're not referring to the "startup" portion of the how to. I wan't to be able to turn it on and off as I please, kinda like peerguardian, would it even be possible? if not, using your "startup" method, would i be able to log out and then log back in, or would i have to restart the system? thanks a lot.

I wan't to be able to turn it on and off as I please, kinda like peerguardian, would it even be possible?

Thank you SO much for asking this, and Pelle.k--thanks for posting the answer to the FAQ's. I've been wondering about this, too, for awhile!

:)

update-rc.d is a utility to manage the links to init scripts in certain runlevels. An example of a runlevel is "startup" and "shutdown". So, yes, it only applies to that situation.
To start and stop moblock (temporarily), you do what you would have done with every other daemon in the system; (since daemons live in /etc/init.d/)
sudo /etc/init.d/moblock-nfq start
sudo /etc/init.d/moblock-nfq stop

thanks pelle.k, im still new to the entire linux scene. Im trying to make the transition from windows to linux, and let me tell you, its confusing at times. so thanks for your help.

All of a sudden ,since this morning my google talk is already being blocked.. How do i modify the blocklist?

Solved it ..I just whitelisted port 5222 ..thanks anyway!

Many thanks for the guide, very useful. :)

Is using FAIL2BAN with this setup possible without overriding iptables

FAIL2BAN: bans failed attempts on a service (FTP SSH ETC.)
FIREHOL: iptables firewall
MOBLOCK: blocks ip address from a list of ip addresses (like peerguardian)

Will there be any conflicts if i run fail2ban with my current firehol/moblock settings?

Do fail2ban defaults over ride firehol settings.. All my inbound traffic goes to moblock, ip blocking program.

I believe that the fwstart section of fail2ban will cause some problems. Anyone with any ideas let me know please.

firehol.conf:

version 5

#iface
lan_iface="eth1"
net_iface="eth0"

# ip zone variables
lan_ips_zone="192.168.1.0/24"

#Custom Service
server_kaid_ports="tcp/8080 tcp/37500 udp/37500 tcp/34525 udp/34525 tcp/34523 udp/34523 tcp/37501 udp/37501 tcp/34522 udp/34522 tcp/30000 udp/30000"
client_kaid_ports="default"
server_lw_ports="tcp/18548"
client_lw_ports="default"
server_dc_ports="tcp/3117 udp/2290"
client_dc_ports="default"
server_mule_ports="tcp/4662 udp/4672"
client_mule_ports="default"

# service sets
# NOTE: the internal LAN is unprotected against other internal machines by the
# firewall, as all services are allowed to pass through
lan_services="all"
net_services="mule vnc ftp ssh kaid dc lw"
http_services="http https" #ignores moblock

# moblock settings
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

# IP White Listing
# (Examples)
# iptables -I OUTPUT -d a.b.c.d -j ACCEPT | Single IP
# iptables -I OUTPUT -d a.b.c.0/24 -j ACCEPT| Net with Netmask
# iptables -I INPUT -s a.b.c.d -j ACCEPT
# iptables -I INPUT -s a.c.c.0/24 -j ACCEPT

iptables -I OUTPUT -d 66.135.32.175 -j ACCEPT
iptables -I OUTPUT -d 64.34.165.84 -j ACCEPT
iptables -I INPUT -s 66.135.32.175 -j ACCEPT
iptables -I INPUT -s 64.34.165.84 -j ACCEPT
iptables -I OUTPUT -d 72.21.211.32 -j ACCEPT
iptables -I INPUT -s 72.21.211.32 -j ACCEPT
iptables -I OUTPUT -d 66.230.129.242 -j ACCEPT
iptables -I INPUT -s 66.230.129.242 -j ACCEPT
iptables -I OUTPUT -d 65.207.183.49 -j ACCEPT
iptables -I INPUT -s 65.207.183.49 -j ACCEPT
iptables -I INPUT -d 218.55.89.101 -j DROP
iptables -I INPUT -s 218.55.89.101 -j DROP
iptables -I INPUT -d 65.207.183.49 -j DROP
iptables -I INPUT -s 65.207.183.49 -j DROP

## interfaces
interface "${lan_iface}" lan src "${lan_ips_zone}"
server "${lan_**********" accept
server "ident" reject with tcp-reset

client all accept

interface "${net_iface}" net src not "${lan_ips_zone} ${UNROUTABLE_IPS}"
protection strong 10/sec 10


server "${net_**********" accept
server "ident" reject with tcp-reset
client "${http_**********" accept
#client all accept
client all moblock


# routers

# route lan <-> net
router lan2net inface "${lan_iface}" outface "${net_iface}"
masquerade
route all accept
router net2lan inface "${net_iface}" outface "${lan_iface}"
route all accept

FIREHOL_LOG_MODE="ULOG"


fail2ban.conf:

# Fail2Ban configuration file
#
# $Revision: 1.9 $
#
# 2005.06.21 modified for readability Iain Lea iain@bricbrac.de

[DEFAULT]
# Option: background
# Notes.: start fail2ban as a daemon. Output is redirect to logfile.
# Values: [true | false] Default: false
#
background = true

# Option: verbose
# Notes.: verbosity of the output.
# 0 - regular level
# 1 - INFO level
# 2 - DEBUG level (but commands get executed as opposed to
# debug option)
# Values: NUM Default: 0
#
verbose = 1

# Option: debug
# Notes.: enable debug mode. No real commands gets executed but only
# reported, more verbose output, bypass root user test.
# Values: [true | false] Default: false
#
debug = false

# Option: logtargets
# Notes.: log targets. Space separated list of logging targets.
# Values: STDERR SYSLOG file Default: /var/log/fail2ban.log
#
logtargets = /var/log/fail2ban.log

# Option: syslog-target
# Notes.: where to find syslog facility if logtarget SYSLOG.
# Values: SOCKET HOST HOST:PORT Default: /dev/log
#
syslog-target = /dev/log

# Option: syslog-facility
# Notes.: which syslog facility to use if logtarget SYSLOG.
# Values: NUM Default: 1
#
syslog-facility = 1

# Option: pidlock
# Notes.: path of the PID lock file (must be able to write to file).
# Values: FILE Default: /var/run/fail2ban.pid
#
pidlock = /var/run/fail2ban.pid

# Option: maxfailures
# Notes.: number of failures before IP gets banned.
# Values: NUM Default: 5
#
maxfailures = 5

# Option: bantime
# Notes.: number of seconds an IP will be banned. If set to a negative
# value, IP will never be unbanned (permanent banning).
# Values: NUM Default: 600
#
bantime = 600

# Option: findtime
# Notes.: lifetime in seconds of a "failed" log entry.
# Values: NUM Default: 600
#
findtime = 600

# Option: ignoreip
# Notes.: space separated list of IP's to be ignored by fail2ban.
# You can use CIDR mask in order to specify a range.
# Example: ignoreip = 192.168.0.1/24 123.45.235.65
# Values: IP Default:
#
ignoreip =

# Option: cmdstart
# Notes.: command executed once at the start of Fail2Ban
# Values: CMD Default:
#
cmdstart =

# Option: cmdend
# Notes.: command executed once at the end of Fail2Ban.
# Values: CMD Default:
#
cmdend =

# Option: polltime
# Notes.: number of seconds fail2ban sleeps between iterations.
# Values: NUM Default: 1
#
polltime = 1

# Option: reinittime
# Notes.: minimal number of seconds between the re-initialization of
# firewalls due to external changes in their rules (see fwcheck)
# Values: NUM Default: 100
#
reinittime = 10

# Option: maxreinits
# Notes.: maximal number of re-initialization of firewalls due to external
# changes. -1 stays for infinite, so only reinittime is of importance
# Values: NUM Default: -1
#
maxreinits = 1000

# NOTE: Interpolations
#
# fwstart, as well as fwend, fwcheck, fwban, fwunban, use interpolations
# so %(__name__)s will be substituted by a name of each section
# (unless the option is overriden in a section).
# If you are going to use interpolations in your setup, please make
# sure that you specified options port and protocol (which also has
# an option in DEFAULT).
#

# Option: protocol
# Notes.: internally used by config reader for interpolations.
# Values: [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp

# Option: fwchain
# Notes.: chain from which to jump into fail2ban chains
# Values: TEXT Default: INPUT
#
fwchain = INPUT

# Option: fwstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD Default:
#
fwstart = iptables -N fail2ban-%(__name__)s
iptables -A fail2ban-%(__name__)s -j RETURN
iptables -I %(fwchain)s -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s

# Option: fwend
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD Default:
#
fwend = iptables -D %(fwchain)s -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s
iptables -F fail2ban-%(__name__)s
iptables -X fail2ban-%(__name__)s

# Option: fwcheck
# Notes.: command executed once before each fwban command
# Values: CMD Default:
#
fwcheck = iptables -L %(fwchain)s | grep -q fail2ban-%(__name__)s

# Option: fwban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# <bantime> unix timestamp of the ban time
# Values: CMD
# Default: iptables -I INPUT 1 -s <ip> -j DROP
#
fwban = iptables -I fail2ban-%(__name__)s 1 -s <ip> -j DROP

# Option: fwunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <bantime> unix timestamp of the ban time
# <unbantime> unix timestamp of the unban time
# Values: CMD
# Default: iptables -D INPUT -s <ip> -j DROP
#
fwunban = iptables -D fail2ban-%(__name__)s -s <ip> -j DROP

[MAIL]
# Option: enabled
# Notes.: enable mail notification when banning an IP address.
# Values: [true | false] Default: false
#
enabled = false

# Option: host
# Notes.: host running the mail server.
# Values: STR Default: localhost
#
host = localhost

# Option: port
# Notes.: port of the mail server.
# Values: INT Default: 25
#
port = 25

# Option: user
# Notes.: the username for smtp-server if authentification is required.
# if user is empty, no authentification is done.
# Values: STR Default:
#
user =

# Option: password
# Notes.: the smtp-user's password if authentification is required.
# Values: STR Default:
#
password =

# Option: from
# Notes.: e-mail address of the sender.
# Values: MAIL Default: fail2ban
#
from = fail2ban@localhost

# Option: to
# Notes.: e-mail addresses of the receiver. Addresses are space
# separated.
# Values: MAIL Default: root
#
to = root@localhost

# Option: localtime
# Notes.: report local time (including timezone) or GMT
# Values: [true | false] Default: false
#
localtime = true

# Option: subject
# Notes.: subject of the e-mail.
# Tags: <section> active section (eg ssh, apache, etc)
# <ip> IP address
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# Values: TEXT Default: [Fail2Ban] <section>: Banned <ip>
#
subject = [Fail2Ban] <section>: Banned <ip>

# Option: message
# Notes.: message of the e-mail.
# Tags: <section> active section (eg ssh, apache, etc)
# <ip> IP address
# <failures> number of failures
# <failtime> unix timestamp of the last failure
# <br> new line
# Values: TEXT Default:
#
message = Hi,<br>
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <section>.<br>
Regards,<br>
Fail2Ban

# You can define a new section for each log file to check for
# password failure. Each section has to define the following
# options: logfile, fwban, fwunban, timeregex, timepattern,
# failregex.


[SASL]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: true
#
enabled = false

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = smtp

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/auth.log
#
logfile = /var/log/mail.log

# Option: timeregex
# Notes.: regex to match timestamp
# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default:
#
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$


[Apache]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = false

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/apache/error.log
# Other.: /var/log/apache2/error.log
#
logfile = /var/log/apache/error.log

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = http

# Option: timeregex
# Notes.: regex to match timestamp in Apache logfile. For TAI64N format,
# use timeregex = @[0-9a-f]{24}
# Values: [Wed Jan 05 15:08:01 2005]
# Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
#
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
# For TAI64N format, use timepattern = tai64n
# Values: TEXT Default: %%a %%b %%d %%H:%%M:%%S %%Y
#
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y

# Option: failregex
# Notes.: regex to match the password failure messages in the logfile.
# Values: TEXT Default: [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
#
failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)

[ApacheAttacks]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = false

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/apache/access.log
#
logfile = /var/log/apache/access.log

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = http

# Option: maxfailures
# Notes.: number of failures before IP gets banned.
# Values: NUM Default: 5
#
maxfailures = 2

# Option: timeregex
# Notes.: regex to match timestamp in Apache access logfile.
# Values: [19/Feb/2006:08:38:18]
# Default: \d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}
#
timeregex = \d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%d/%%b/%%Y:%%H:%%M:%%S
#
timepattern = %%d/%%b/%%Y:%%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failure messages in the logfile.
# Values: TEXT Default: [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
#
failregex = ^(?P<host>\S*) -.*"GET .*(?:awstats\.pl\?configdir=|index2\.php\?_REQUEST \[option\].*)\|echo.*

[VSFTPD]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = false

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/secure
#
logfile = /var/log/vsftpd.log

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = ftp

# Option: timeregex
# Notes.: regex to match timestamp in VSFTPD logfile.
# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$


[PROFTPD]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: false
#
enabled = true

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/proftpd/proftpd.log
# Other.: /var/log/auth.log
#
logfile = /var/log/proftpd/proftpd.log

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default: ftp
#
port = ftp

# Option: timeregex
# Notes.: regex to match timestamp in VSFTPD logfile.
# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default:
#
failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$


[SSH]
# Option: enabled
# Notes.: enable monitoring for this section.
# Values: [true | false] Default: true
#
enabled = true

# Option: logfile
# Notes.: logfile to monitor.
# Values: FILE Default: /var/log/auth.log
#
logfile = /var/log/auth.log

# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = ssh

# Option: timeregex
# Notes.: regex to match timestamp in SSH logfile. For TAI64N format,
# use timeregex = @[0-9a-f]{24}
# Values: [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option: timepattern
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
# For TAI64N format, use timepattern = tai64n
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: (?:Authentication failure|Failed (?:keyboard-interactive/pam|password)) for(?: illegal user)? .* from (?:::f{4,6}:)?(?P<host>\S*)
#
failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)

I've used fail2ban successfully with moblock. However, if you reload firehol, it will wipe out the moblock *and* fail2ban entries.

If you need to reload firehol, do these steps:

stop fail2ban
stop moblock
stop or restart firehol
start moblock
start fail2ban

Your entries seem pretty standard and it should work fine with fail2ban. If you don't want to deal with fail2ban, you can always use denyhosts which uses tcpwrappers instead of iptables to do the same thing.

I've used fail2ban successfully with moblock. However, if you reload firehol, it will wipe out the moblock *and* fail2ban entries.

If you need to reload firehol, do these steps:

stop fail2ban
stop moblock
stop or restart firehol
start moblock
start fail2ban

Your entries seem pretty standard and it should work fine with fail2ban. If you don't want to deal with fail2ban, you can always use denyhosts which uses tcpwrappers instead of iptables to do the same thing.

Thanks ... i will make a note of that. However i'm having a problem that is not related to fail2ban.. i made changes in my firehol.conf. Please see conf. below.

firehol.conf:
version 5

#iface
lan_iface="eth1"
net_iface="eth0"

# ip zone variables
lan_ips_zone="192.168.1.0/24"

#Custom Service
server_kaid_ports="tcp/8080 tcp/37500 udp/37500 tcp/34525 udp/34525 tcp/34523 udp/34523 tcp/37501 udp/37501 tcp/34522 udp/34522 tcp/30000 udp/30000"
client_kaid_ports="default"
server_lw_ports="tcp/18548"
client_lw_ports="default"
server_dc_ports="tcp/3117 udp/2290"
client_dc_ports="default"
server_mule_ports="tcp/4662 udp/4672"
client_mule_ports="default"

# service sets
# NOTE: the internal LAN is unprotected against other internal machines by the
# firewall, as all services are allowed to pass through
lan_services="all"
net_services="mule vnc ftp ssh kaid dc lw"
http_services="http https" #ignores moblock

# moblock settings
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

# IP White Listing
# (Examples)
# iptables -I OUTPUT -d a.b.c.d -j ACCEPT | Single IP
# iptables -I OUTPUT -d a.b.c.0/24 -j ACCEPT| Net with Netmask
# iptables -I INPUT -s a.b.c.d -j ACCEPT
# iptables -I INPUT -s a.c.c.0/24 -j ACCEPT

iptables -I OUTPUT -d 66.135.32.175 -j ACCEPT
iptables -I OUTPUT -d 64.34.165.84 -j ACCEPT
iptables -I INPUT -s 66.135.32.175 -j ACCEPT
iptables -I INPUT -s 64.34.165.84 -j ACCEPT
iptables -I OUTPUT -d 72.21.211.32 -j ACCEPT
iptables -I INPUT -s 72.21.211.32 -j ACCEPT
iptables -I OUTPUT -d 66.230.129.242 -j ACCEPT
iptables -I INPUT -s 66.230.129.242 -j ACCEPT
iptables -I OUTPUT -d 65.207.183.49 -j ACCEPT
iptables -I INPUT -s 65.207.183.49 -j ACCEPT
iptables -I INPUT -d 218.55.89.101 -j DROP
iptables -I INPUT -s 218.55.89.101 -j DROP
iptables -I INPUT -d 65.207.183.49 -j DROP
iptables -I INPUT -s 65.207.183.49 -j DROP

## interfaces
interface "${lan_iface}" lan src "${lan_ips_zone}"
server "${lan_**********" accept
server "ident" reject with tcp-reset

client all accept

interface "${net_iface}" net src not "${lan_ips_zone} ${UNROUTABLE_IPS}"
protection strong 10/sec 10


server "${net_**********" accept
server "ident" reject with tcp-reset
client "${http_**********" accept
#client all accept
client all moblock


# routers

# route lan <-> net
router lan2net inface "${lan_iface}" outface "${net_iface}"
masquerade
route all accept
router net2lan inface "${net_iface}" outface "${lan_iface}"
route all accept

FIREHOL_LOG_MODE="ULOG"


ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 68 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_net_all_c11 -m state --state NEW\,ESTABLISHED -j moblock
OUTPUT :

iptables v1.3.5: Couldn't load target `moblock':/lib/iptables/libipt_moblock.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

line 68 = #client all accept
## interfaces
interface "${lan_iface}" lan src "${lan_ips_zone}"
server "${lan_**********" accept
server "ident" reject with tcp-reset

client all accept

interface "${net_iface}" net src not "${lan_ips_zone} ${UNROUTABLE_IPS}"
protection strong 10/sec 10


server "${net_**********" accept
server "ident" reject with tcp-reset
client "${http_**********" accept
#client all accept
client all moblock


i uncommented "client all moblock" and commented "client all accept"

Here's mine.. If you look at my post #389, I had to modify the original post since the version of moblock that I have created 3 iptables chains. fail2ban seemed to work right out of the box...


version 5

# Moblock chain
iptables --new MOBLOCK_IN
iptables --new MOBLOCK_OUT
iptables --new MOBLOCK_FW
iptables -A MOBLOCK_IN -j NFQUEUE
iptables -A MOBLOCK_OUT -j NFQUEUE
iptables -A MOBLOCK_FW -j NFQUEUE

interface eth0 internet

protection strong 10/sec 10

# Let torrent and exampleport through, and
# filter them in moblock.
server "ssh ftp ident msn" MOBLOCK_IN

# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client http accept
client https accept

# Filter all outgoing connections, and their replies.
client all MOBLOCK_OUT


This config worked for me...

It seems that the problem was like 69 which was "client all moblock" which should be "client all MOBLOCK"

I didn't think it would be case sensitive.. But it fixed the problem i was having.

Here's mine.. If you look at my post #389, I had to modify the original post since the version of moblock that I have created 3 iptables chains. fail2ban seemed to work right out of the box...


version 5

# Moblock chain
iptables --new MOBLOCK_IN
iptables --new MOBLOCK_OUT
iptables --new MOBLOCK_FW
iptables -A MOBLOCK_IN -j NFQUEUE
iptables -A MOBLOCK_OUT -j NFQUEUE
iptables -A MOBLOCK_FW -j NFQUEUE

interface eth0 internet

protection strong 10/sec 10

# Let torrent and exampleport through, and
# filter them in moblock.
server "ssh ftp ident msn" MOBLOCK_IN

# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client http accept
client https accept

# Filter all outgoing connections, and their replies.
client all MOBLOCK_OUT


This config worked for me...

How do i get it to load in that order at start up or is there no need to?

I've used fail2ban successfully with moblock. However, if you reload firehol, it will wipe out the moblock *and* fail2ban entries.

If you need to reload firehol, do these steps:

stop fail2ban
stop moblock
stop or restart firehol
start moblock
start fail2ban

Your entries seem pretty standard and it should work fine with fail2ban. If you don't want to deal with fail2ban, you can always use denyhosts which uses tcpwrappers instead of iptables to do the same thing.

Hello when I launch this command : cat /etc/moblock/guarding.p2p
File is empty, how can I force the update ?

Ok I download manually the list and It works...
bluetack is always down or it's a problem with my config ?

How do i get it to load in that order at start up or is there no need to?

Check /etc/rc#.d

If you are using X, then you are most likely using runlevel 5.

So, check /etc/rc5.d/

On mine, they are all in order on bootup.. You will see the S## numbers.. that's how they startup.

Ok I download manually the list and It works...
bluetack is always down or it's a problem with my config ?

I think they've been up and down for the past cpl of weeks. Check their frontpage.

Great guide
I even got Moblock working with Shorewall firewall perfectly, and i didn't have any iptables knowledges before i read this guide
Thanks alot!

/etc/firehol/firehol.conf is empty. Is there anywhere else the config file could be?

/etc/firehol/firehol.conf is empty. Is there anywhere else the config file could be?

New install? It needs to be populated..

New install? It needs to be populated..

I installed it with dansguardian a couple weeks ago.

How would I "populate" it?

I installed it with dansguardian a couple weeks ago.

How would I "populate" it?

You can use a text editor. I would start with a tutorial:

http://firehol.sourceforge.net/

or

you can read post #1 and try editing it with his notes...

You can use a text editor. I would start with a tutorial:

http://firehol.sourceforge.net/

or

you can read post #1 and try editing it with his notes...

Thanks, I read through that tutorial earlier. I guess I was hoping that firehol could create a well commented framework file from the detected interfaces that I could edit. Lots of typing ahead of me, it seems...

Thanks, I read through that tutorial earlier. I guess I was hoping that firehol could create a well commented framework file from the detected interfaces that I could edit. Lots of typing ahead of me, it seems...

Yea, firehol is pretty hands-on when it comes to firewall rules. But, thats what makes it very configurable...

firehol.conf cant even be read as a regular user, so you _have_ to be su or sudo to edit it. You can't even "tab complete" this file in bash as regular user. It should be filled with a very basic config when installed for the very first time...

Hi, I'm a newbie in moblock's things and I've question about it: Is FireHOL necessary for proper function of peerstopping ?

no.

I've just followed your guide, I have moblock installed, however, I can not get it to add the bluetack listings.
Output from "tail -f /var/log/moblock.log"

Got SIGTERM! Dumping stats and exiting.
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'


Output from "/etc/cron.daily/moblock-nfq"
moblock: checking for new block lists...
--15:33:06-- http://www.bluetack.co.uk/
=> `-'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.co.uk/forums/index.php [following]
--15:33:06-- http://www.bluetack.co.uk/forums/index.php
=> `-'
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

[ <=> ] 99,930 115.57K/s

15:33:08 (115.31 KB/s) - `-' saved [99930]

------------ 2007-03-11 15:33:08 GMT Begin PeerGuardian
File ads-trackers-and-bad-pr0n.gz last updated 2007-03-09 10:22:52.000000000 +0000
--15:33:08-- http://www.bluetack.co.uk/config/ads-trackers-and-bad-pr0n.gz
=> `ads-trackers-and-bad-pr0n.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.info/temp/ads-trackers-and-bad-pr0n.gz [following]
--15:33:08-- http://www.bluetack.info/temp/ads-trackers-and-bad-pr0n.gz
=> `ads-trackers-and-bad-pr0n.gz'
Resolving www.bluetack.info... 82.165.132.155
Connecting to www.bluetack.info|82.165.132.155|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 30,394 (30K) [text/plain]
Server file no newer than local file `ads-trackers-and-bad-pr0n.gz' -- not retrieving.

File bogon.gz last updated 2007-03-09 10:22:57.000000000 +0000
--15:33:08-- http://www.bluetack.co.uk/config/bogon.gz
=> `bogon.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.info/temp/bogon.gz [following]
--15:33:09-- http://www.bluetack.info/temp/bogon.gz
=> `bogon.gz'
Resolving www.bluetack.info... 82.165.132.155
Connecting to www.bluetack.info|82.165.132.155|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,617 (31K) [text/plain]
Server file no newer than local file `bogon.gz' -- not retrieving.

File dshield.gz last updated 2007-03-09 10:11:03.000000000 +0000
--15:33:09-- http://www.bluetack.co.uk/config/dshield.gz
=> `dshield.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.nl/bluetack/dshield.gz [following]
--15:33:09-- http://www.bluetack.nl/bluetack/dshield.gz
=> `dshield.gz'
Resolving www.bluetack.nl... 193.227.121.180
Connecting to www.bluetack.nl|193.227.121.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,020 (2.0K) [application/x-gzip]
Server file no newer than local file `dshield.gz' -- not retrieving.

File hijacked.gz last updated 2007-03-09 10:11:13.000000000 +0000
--15:33:09-- http://www.bluetack.co.uk/config/hijacked.gz
=> `hijacked.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.nl/bluetack/hijacked.gz [following]
--15:33:09-- http://www.bluetack.nl/bluetack/hijacked.gz
=> `hijacked.gz'
Resolving www.bluetack.nl... 193.227.121.180
Connecting to www.bluetack.nl|193.227.121.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 712 [application/x-gzip]
Server file no newer than local file `hijacked.gz' -- not retrieving.

--15:33:10-- http://www.bluetack.co.uk/config/level1.gz
=> `level1.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.btack.info/level1.gz [following]
--15:33:10-- http://www.btack.info/level1.gz
=> `level1.gz'
Resolving www.btack.info... 82.165.138.54
Connecting to www.btack.info|82.165.138.54|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
15:33:10 ERROR 403: Forbidden.

stat: cannot stat `level1.gz': No such file or directory
[: 67: 0: unexpected operator
File level2.gz last updated 2007-03-09 10:11:47.000000000 +0000
--15:33:10-- http://www.bluetack.co.uk/config/level2.gz
=> `level2.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://bluetack.info/level2.gz [following]
--15:33:11-- http://bluetack.info/level2.gz
=> `level2.gz'
Resolving bluetack.info... 82.165.132.155
Connecting to bluetack.info|82.165.132.155|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://min.midco.net/jinx/bluetack/level2.gz [following]
--15:33:11-- http://min.midco.net/jinx/bluetack/level2.gz
=> `level2.gz'
Resolving min.midco.net... 24.220.0.103
Connecting to min.midco.net|24.220.0.103|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 588,154 (574K) [text/plain]
Server file no newer than local file `level2.gz' -- not retrieving.

File Microsoft.gz last updated 2007-03-09 10:10:54.000000000 +0000
--15:33:11-- http://www.bluetack.co.uk/config/Microsoft.gz
=> `Microsoft.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.nl/bluetack/Microsoft.gz [following]
--15:33:11-- http://www.bluetack.nl/bluetack/Microsoft.gz
=> `Microsoft.gz'
Resolving www.bluetack.nl... 193.227.121.180
Connecting to www.bluetack.nl|193.227.121.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11,899 (12K) [application/x-gzip]
Server file no newer than local file `Microsoft.gz' -- not retrieving.

File spider.gz last updated 2007-03-09 10:11:49.000000000 +0000
--15:33:11-- http://www.bluetack.co.uk/config/spider.gz
=> `spider.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.nl/bluetack/spider.gz [following]
--15:33:12-- http://www.bluetack.nl/bluetack/spider.gz
=> `spider.gz'
Resolving www.bluetack.nl... 193.227.121.180
Connecting to www.bluetack.nl|193.227.121.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,805 (2.7K) [application/x-gzip]
Server file no newer than local file `spider.gz' -- not retrieving.

File spyware.gz last updated 2007-03-09 10:25:35.000000000 +0000
--15:33:12-- http://www.bluetack.co.uk/config/spyware.gz
=> `spyware.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.info/temp/spyware.gz [following]
--15:33:12-- http://www.bluetack.info/temp/spyware.gz
=> `spyware.gz'
Resolving www.bluetack.info... 82.165.132.155
Connecting to www.bluetack.info|82.165.132.155|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29,198 (29K) [text/plain]
Server file no newer than local file `spyware.gz' -- not retrieving.

File templist.gz last updated 2007-03-09 10:25:39.000000000 +0000
--15:33:12-- http://www.bluetack.co.uk/config/templist.gz
=> `templist.gz'
Resolving www.bluetack.co.uk... 67.18.178.4
Connecting to www.bluetack.co.uk|67.18.178.4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bluetack.info/temp/templist.gz [following]
--15:33:13-- http://www.bluetack.info/temp/templist.gz
=> `templist.gz'
Resolving www.bluetack.info... 82.165.132.155
Connecting to www.bluetack.info|82.165.132.155|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6,616 (6.5K) [text/plain]
Server file no newer than local file `templist.gz' -- not retrieving.

gunzip: level1.gz: No such file or directory


It seems to find the files on the bluetak server ok, and it even says that they shouldn't be updated because the local ones are new enough. However, there is nothing in the '/etc/moblock/guarding.p2p' file :<

Thanks,
Ben

I refer to this post http://ubuntuforums.org/showpost.php?p=2066415&postcount=388 . I suppose i'll have to update my FAQ, since it seems the automatic updater is causing more bad than good for the most part...

Because one file (level1.gz) hasn't been downloaded properly, /etc/cron.daily/moblock-nfq script was finished without "mv merged.p2b.p2p $PG_LIST" command.

My solution is to create dummy level1.gz file and put it into /var/spool/moblock/ directory.
Then execute:
sudo sh /etc/cron.daily/moblock-nfq

Regards, Mario

I refer to this post http://ubuntuforums.org/showpost.php?p=2066415&postcount=388 . I suppose i'll have to update my FAQ, since it seems the automatic updater is causing more bad than good for the most part...

FWIW I run it as a weekly cron job and have never had a problem. (daily is way overkill anyway IMO)

Same here.. I'm running it daily and have no issues..

Wahey, I did the dummy file trick
touch /var/spool/moblock/level1.gz
sh /etc/cron.daily/moblock-nfq

Then since that worked, I went and downloaded level1, and then used:

cat ~/downloads/level1.txt > /etc/moblock/guarding.p2p
/etc/init.d/moblock-nfq restart

That seems to work, how do I fix the cron.daily job (preferably move it to a weekly run too?)

Cheers!
Ben

Wahey, I did the dummy file trick
touch /var/spool/moblock/level1.gz
sh /etc/cron.daily/moblock-nfq

Then since that worked, I went and downloaded level1, and then used:

cat ~/downloads/level1.txt > /etc/moblock/guarding.p2p
/etc/init.d/moblock-nfq restart

That seems to work, how do I fix the cron.daily job (preferably move it to a weekly run too?)

Cheers!
Ben

This is what I did (on dapper server)

sudo cp -p /etc/cron.daily/moblock-nfq /etc/cron.weekly
sudo chmod -x /etc/cron.daily/moblock-nfq

HTH.

Did the guys at moblock update the blocklist settings? I'm blocking close to 200,000 by default and all the nipfilter stuff in the cron file is gone.

Did the guys at moblock update the blocklist settings? I'm blocking close to 200,000 by default and all the nipfilter stuff in the cron file is gone.

So you have this line:
BLOCKLISTS="ads-trackers-and-bad-pr0n bogon dshield hijacked level1 level2 Microsoft spider spyware templist"
Indeed this results in nearly 200.000 blocked ranges, which AFAIK is absolutely correct (Note that these are ranges not IPs.)

moblock-deb.sourceforge.net had it´s last update in december. There the problematic nipfilter-stuff was removed. (The Howto on page one doesn´t really reflect this yet. Note: this problem was known here for months. When I read about it I could write a patch in no time for the maintainer of moblock-deb.sourceforge.net who then updated the packages. So please, if you notice serious problems then tell them to upstream.)
Since then neither at moblock-deb.sourceforge.net nor at moblock.berlios.de any changes were done.
But the provider of the blocklists, bluetack.co.uk has some bandwidth problems which may result in problems with downloading the level1-list. But don´t worry, if you succeeded to download the level1-list once you will always have this list´s protection (just not totally up-to-date).

Of course you can still follow pelle´s recommendation and turn off the daily updating.

jre

not sure if its working right.

here is some output.

raf@Equinox:~$ tail /var/log/moblock.log
Skipping useless range: p2p fake files
Skipping useless range: p2p fake files
Skipping useless range: Possible Hack Hijack
Short guarding.p2p line p2p Corrupt Data Senders:80.143.142.68 -80.143.142.68, skipping it...
Skipping useless range: p2p fake file spammer
Short guarding.p2p line p2p Corrupt Data Senders:88.73.227.5 -88.73.227.5, skipping it...
Ranges loaded: 197656
Merged ranges: 217
Skipped useless ranges: 6588
error during nfq_unbind_pf()

raf@Equinox:~$ pidof moblock
raf@Equinox:~$

Ranges loaded: 197656
Merged ranges: 217
Skipped useless ranges: 6588

so the IP-ranges were loaded correctly.

error during nfq_unbind_pf()

raf@Equinox:~$ pidof moblock
raf@Equinox:~$

Hmm, here you have a serious problem. I think moblock crashed because there were problems with iptables/netfilter!?
What distro are you using? Which kernel-version and which moblock-version?

so the IP-ranges were loaded correctly.



Hmm, here you have a serious problem. I think moblock crashed because there were problems with iptables/netfilter!?
What distro are you using? Which kernel-version and which moblock-version?

ubuntu edgy -6.10
kernel 2.6.20.4 - enabled netfilter support with

NETFILTER_XT_TARGET_NFQUEUE
-given nfqueue

my firewall worksproper with firestart.
tried to shut down firestart as some posts mentioned above. and reloaded / restart moblock. same problem

ubuntu edgy -6.10
Did you install the netfilter libs that pelle´s got in his first post of this thread? I really hope this is the solution because I can´t see any other problems.

my firewall worksproper with firestart.
tried to shut down firestart as some posts mentioned above. and reloaded / restart moblock. same problem
So indeed this seems not to be the problem right now. Just for future reference: You really have to be careful when using firewalls and moblock together. Just ´reload´ing moblock won´t help you, because you need the correct iptables-rules inserted. And those will only be inserted on ´(re-)start´, not on ´reload´. Check your ´iptables -L´ output to make sure that traffic with destiny moblock is directed to a rule QUEUE.

greets
jre

i followed the directions tfrom the first post yes...including those 2 netfilter debs.
i really dont know why its not working. coud TOR and Privoxy somehow interfeere with it?

I'm getting some weird results. I just re-installed Ubuntu today, and tried installed Moblock. I had success with my previous installation of Ubuntu, but not this time. Basically, every command I type in says nothing is being blocked and Modblock isn't running. I pinged www.riaa.com and I have full loss and it's being reported that the IP was filtered. Even when I manually start or stop Moblock, I get this result.
Synaptic is telling me that version 0.8-14 is installed. Was something changed, or am I running a firewall that I'm not aware of?

i followed the directions tfrom the first post yes...including those 2 netfilter debs.
i really dont know why its not working. coud TOR and Privoxy somehow interfeere with it?
Hmm, as long as they don´t insert their own iptables rules I don´t see any reason. But still then, the error message says something about the kernel module, not the iptables.

You are compiling your own kernel? Have a look at this thread at the phoenixlabs forums. (http://forums.phoenixlabs.org/t13098-ipt-missing-from-26191.html)

I'm getting some weird results. I just re-installed Ubuntu today, and tried installed Moblock. I had success with my previous installation of Ubuntu, but not this time. Basically, every command I type in says nothing is being blocked and Modblock isn't running. I pinged www.riaa.com and I have full loss and it's being reported that the IP was filtered. Even when I manually start or stop Moblock, I get this result.
Synaptic is telling me that version 0.8-14 is installed. Was something changed, or am I running a firewall that I'm not aware of?
When and where does it say something is being blocked/filtered? You have to be more precise about that; just now I don´t understand your problem. Is it blocking too much or nothing???
moblock only "communicates" with you in "/var/log/moblock.log". So if you find your blocked IPs there then it was moblock.

Check (or post it here) your output of ´iptables -L´ to know if there´s any other firewall on your system or moblock is badly configured.

The difference between 0.8-13 and 0.8-14 is only that -13 had a bug in the cron.daily-script which resulted in most IPs not being filtered (I think 2000 ranges instead of nearly 200.000). So maybe moblock is just working as it should now.

jre

a quick update..i installedmoblock-ipq instead...and get this

raf@Equinox:~$ pidof moblock
8439
picked an ip from list and did

raf@Equinox:~$ ping -c1 217.154.41.144
PING 217.154.41.144 (217.154.41.144) 56(84) bytes of data.

--- 217.154.41.144 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


raf@Equinox:~$ tail /var/log/moblock.log
Skipping useless range: p2p fake files
Skipping useless range: p2p fake files
Skipping useless range: Possible Hack Hijack
Short guarding.p2p line p2p Corrupt Data Senders:80.143.142.68 -80.143.142.68, skipping it...
Skipping useless range: p2p fake file spammer
Short guarding.p2p line p2p Corrupt Data Senders:88.73.227.5 -88.73.227.5, skipping it...
Ranges loaded: 193629
Merged ranges: 197
Skipped useless ranges: 6780
Blocked OUT: ADSL: Roadshow Promotions,hits: 1,DST: 217.154.41.144


by george i think hes got it!

some more funzies

raf@Equinox:~$ tail /var/log/moblock.log
Blocked OUT: Gilat Satcom,hits: 21,DST: 62.56.243.233
Blocked OUT: Gilat Satcom,hits: 22,DST: 62.56.243.233
Blocked OUT: Gilat Satcom,hits: 23,DST: 62.56.243.233
Blocked OUT: Gilat Satcom,hits: 24,DST: 62.56.243.233
Blocked IN: p2p Corrupt Data Senders,hits: 1,SRC: 82.139.15.231
Blocked OUT: Microsoft Corp,hits: 29,DST: 65.54.239.20
Blocked OUT: Microsoft Corp,hits: 30,DST: 65.54.239.20
Blocked OUT: Microsoft Corp,hits: 31,DST: 65.54.239.20
Blocked OUT: Microsoft Corp,hits: 32,DST: 65.54.239.20
Blocked OUT: Microsoft Corp,hits: 33,DST: 65.54.239.20

Hmm, as long as they don´t insert their own iptables rules I don´t see any reason. But still then, the error message says something about the kernel module, not the iptables.

You are compiling your own kernel? Have a look at this thread at the phoenixlabs forums. (http://forums.phoenixlabs.org/t13098-ipt-missing-from-26191.html)


When and where does it say something is being blocked/filtered? You have to be more precise about that; just now I don´t understand your problem. Is it blocking too much or nothing???
moblock only "communicates" with you in "/var/log/moblock.log". So if you find your blocked IPs there then it was moblock.

Check (or post it here) your output of ´iptables -L´ to know if there´s any other firewall on your system or moblock is badly configured.

The difference between 0.8-13 and 0.8-14 is only that -13 had a bug in the cron.daily-script which resulted in most IPs not being filtered (I think 2000 ranges instead of nearly 200.000). So maybe moblock is just working as it should now.

jre

When I go to terminal and type:
~$ ping www.riaa.com
PING www.riaa.com (63.147.176.10) 56(84) bytes of data.
From 72.166.68.134 icmp_seq=2 Packet filtered
From 72.166.68.134 icmp_seq=5 Packet filtered

--- www.riaa.com ping statistics ---
6 packets transmitted, 0 received, +2 errors, 100% packet loss, time 5009ms

If I type:
ping www.yahoo.com
PING www.yahoo-ht3.akadns.net (209.131.36.158) 56(84) bytes of data.
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=1 ttl=52 time=33.6 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=2 ttl=51 time=32.8 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=3 ttl=50 time=34.1 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=4 ttl=51 time=34.2 ms

--- www.yahoo-ht3.akadns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 32.850/33.745/34.296/0.601 ms

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE all -- anywhere


You did bring up a good point about the Kernel, I'm not compiling it myself and I'm not sure what source I received the update from. I'll try a backup Kernel and see if my situation improves.

When I go to terminal and type:
~$ ping www.riaa.com
PING www.riaa.com (63.147.176.10) 56(84) bytes of data.
From 72.166.68.134 icmp_seq=2 Packet filtered
From 72.166.68.134 icmp_seq=5 Packet filtered

--- www.riaa.com ping statistics ---
6 packets transmitted, 0 received, +2 errors, 100% packet loss, time 5009ms

If I type:
ping www.yahoo.com
PING www.yahoo-ht3.akadns.net (209.131.36.158) 56(84) bytes of data.
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=1 ttl=52 time=33.6 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=2 ttl=51 time=32.8 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=3 ttl=50 time=34.1 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=4 ttl=51 time=34.2 ms

--- www.yahoo-ht3.akadns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 32.850/33.745/34.296/0.601 ms

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE all -- anywhere


You did bring up a good point about the Kernel, I'm not compiling it myself and I'm not sure what source I received the update from. I'll try a backup Kernel and see if my situation improves.

I tried one of my backup kernels, and still no dice. Though, I got it to work.
I was having the same output as Giggity on page 22:
I had the same problem Giggity had on page 22,

rob@rob-desktop:~$ tail -f /var/log/moblock.log
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.

This thread is getting pretty long. Anyway, out of sheer desperation, I typed apt-get install libnet* (*I think*) and everything is working now. I'm thinking that a dependency is missing.

shouldn´t go to eat while posting ;-)

I looked up which package I had to install and it was knetfilter. I thought it was libnet*, but I looked at my installation history:

find /var/lib/dpkg/info/ -name '*.list' -printf '%c\t%f\n'

and found that I only installed knetfilter last night. Is knetfilter supposed to be part of the dependency list, or did I just get lucky?

Is knetfilter supposed to be part of the dependency list, or did I just get lucky?
Just lucky. I don´t have it installed. Unless I have a equivalent under gnome (and I´ve never heard about wrong dependenys of the moblock-packages) then you must have done anything else so that it is working now.

hi,
what firewall will we use for moblock if firehol is broken in Feisty
founf in Nabble (http://www.nabble.com/Upgrade-to-Feisty-breaks-FireHOL-or-possibly-iptables-t3413680.html)
listed as bug #98981.
> even with its original scripts with no modifications. The problem is
> that it seems FireHOL is imported directly from Debian rather than being
> maintained.

ratai

Just lucky. I don´t have it installed. Unless I have a equivalent under gnome (and I´ve never heard about wrong dependenys of the moblock-packages) then you must have done anything else so that it is working now.

I started with a fresh install of Ubuntu and updated a few packages unrelated to networking. Could you check /var/log/dpkg.log.1 and make sure that it's not installed. If it's not, I'm willing to reformat and reinstall Ubuntu just to make sure that knetfilter was indeed my problem. Just seems weird that it's not required and everything started working once I installed that package. Googling the terms knetfilter and moblock suggests that the projects are related. Hmmm, I suppose this will be a learning a experience for me.

I started with a fresh install of Ubuntu and updated a few packages unrelated to networking. Could you check /var/log/dpkg.log.1 and make sure that it's not installed. If it's not, I'm willing to reformat and reinstall Ubuntu just to make sure that knetfilter was indeed my problem. Just seems weird that it's not required and everything started working once I installed that package. Googling the terms knetfilter and moblock suggests that the projects are related. Hmmm, I suppose this will be a learning a experience for me.
It´s definitely not installed here.
But again, I´m still not sure if I understood what your problems are. Is it, that
you can´t ping riaa.com but it´s working with other hosts [so far this would be as we want moblock to work]
but this is happening independently if moblock is running or not [have you made sure that neither the process moblock is running (ps aux|grep moblock) nor the iptables rules are inserted (iptables -L) and vice versa?]
and those blocks never appear in the logfile [tail -f /var/log/moblock; open two terminals: one for ping (or better traceroute) one for "tail -f", make sure that you really use the "-f"]?

´knetfilter´ indeed has to do something with networking, but I never have used it. Those "ping ... icmp_seq=2 Packet filtered" are not the normal behavior of moblock (if even related, I´ve never seen that; it could even be your provider or sth. else blocking the icmp (therefor check it with traceroute)).

It´s definitely not installed here.
But again, I´m still not sure if I understood what your problems are. Is it, that
you can´t ping riaa.com but it´s working with other hosts [so far this would be as we want moblock to work]
but this is happening independently if moblock is running or not [have you made sure that neither the process moblock is running (ps aux|grep moblock) nor the iptables rules are inserted (iptables -L) and vice versa?]
and those blocks never appear in the logfile [tail -f /var/log/moblock; open two terminals: one for ping (or better traceroute) one for "tail -f", make sure that you really use the "-f"]?

´knetfilter´ indeed has to do something with networking, but I never have used it. Those "ping ... icmp_seq=2 Packet filtered" are not the normal behavior of moblock (if even related, I´ve never seen that; it could even be your provider or sth. else blocking the icmp (therefor check it with traceroute)).

My problem was no output. When I typed:

cat /etc/moblock/guarding.p2p | grep ads
nothing outputted.

When I typed:
tail /var/log/moblock.log

I received the same output as previously posted. Basically, nothing was being filtered.

When I typed:
pidof moblock
I, again, received no output.

Today, I just tried the command
apt-get remove knetfilter

and everything is outputting as advertised. I'm getting a blocklist and a pidof. I restarted and everything is still working.

My theory is that a kernel module wasn't active and the knetfilter activated NFQUEUE or some other required module. You're right, knetfilter isn't required. Perhaps I should be more careful as to where I'm receiving my Kernel updates from. I changed my sources.list based on a recommendation from a random website. That's probably where my initial problem stems from.

@everybody using the cron.daily script:
ATM bluetack´s level1.gz list is distributed via the Coblitz system. (http://www.bluetack.co.uk/forums/index.php?showtopic=16352&view=findpost&p=80423) (At least here) the IPs of the Coblitz server is in the level2 list. Therefore automatic updates for the level1.gz don´t work here. (This is the same problem as with the Coral system being blocked on the edu-list).
Don´t worry, the other lists update just fine and moblock continues to use the old level1-list (as long as it has been downloaded and saved to /var/spool/moblock/ in the past).
Everybody feel free to donate money to bluetack.co.uk so that they can afford to distribute their level1 list with their own server again ;-)

@voodew:
cat /etc/moblock/guarding.p2p | grep ads
At least this one has nothing to do with kernel modules. Make sure that you really have a file /etc/moblock/guarding.p2p with a size of about 10MB (the level1 list already has 8.5 MB.) Otherwise moblock might be working but not really blocking anything.
tail /var/log/moblock.log
Use "tail -f /var/log/moblock.log" instead so that you can follow changes in the log file in real time.

hey guys, raf again. small problem . moblobk seems to be blocking evolution mail . hehe

Blocked OUT: Google Inc,hits: 1,DST: 72.14.247.109
Blocked OUT: Google Inc,hits: 2,DST: 72.14.247.109
Blocked OUT: Google Inc,hits: 3,DST: 72.14.247.109
what can be done about this?

hey guys, raf again. small problem . moblobk seems to be blocking evolution mail . hehe

Blocked OUT: Google Inc,hits: 1,DST: 72.14.247.109
Blocked OUT: Google Inc,hits: 2,DST: 72.14.247.109
Blocked OUT: Google Inc,hits: 3,DST: 72.14.247.109
what can be done about this?

Follow the directions posted in the first post. I think gedit /etc/cron.daily/moblock-nfq and changing line 114 (or somewhere around there) to this:

grep -v -i "Google Inc" merged.p2b.p2p > merged.p2b.p2p.tmp
and uncomment the next line.
You may have to update the file,
type this:
sudo sh /etc/cron.daily/moblock-nfq

Hope everything works out for you.

You may have to update the file,
type this:
sudo sh /etc/cron.daily/moblock-nfq

root@xxx:~# sh /etc/cron.daily/moblock-nfq
sh: Can't open /etc/cron.daily/moblock-nfq

:-k

root@xxx:~# sh /etc/cron.daily/moblock-nfq
sh: Can't open /etc/cron.daily/moblock-nfq

:-k

That's just weird. Here's my moblock-nfq file in case yours is corrupt.

#!/bin/sh
# Update new blocklists and start/stop/restart PeerGuardian
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# testdescription
#
echo "moblock: checking for new block lists..."
TESTHOST=www.bluetack.co.uk

wget --timeout=5 --dns-timeout=5 -O - $TESTHOST >/dev/null
if [ $? -ne 0 ]; then
echo no connection to $TESTHOST, updating later.;
exit 0;
fi

#CONFIGURATION
# Make sure PG_SPOOL points to the directory where
# you want to put your downloaded blocklists.
PG_SPOOL=/var/spool/moblock
# Remove the lists you don't want to download and
# use from BLOCKLISTS.
BLOCKLISTS="ads-trackers-and-bad-pr0n bogon dshield hijacked level1 level2 Microsoft spider spyware templist"
BLOCKLISTTXT=""
#PG_CONF=/etc/PG.conf
#PG_LOG=/var/log/PG.log
PG_LIST=/etc/moblock/guarding.p2p
#The URL where the blocklists reside
URL=http://www.bluetack.co.uk/config
#The format of the lists to download
SUFFIX=gz
#The format after unpacking
SUFFIX2=txt

endscript () {
date +"------------ "%F" "%X" "%Z" End PeerGuardian Script"
exit $1
}
date +"------------ "%F" "%X" "%Z" Begin PeerGuardian $1"


cd "$PG_SPOOL"
# check if blockfiles were updated:
UPDATED=""
for i in $BLOCKLISTS ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX`
echo "File $i.$SUFFIX last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX`
fi
wget -N $URL/$i.$SUFFIX
if [ `stat --format=%Y $i.$SUFFIX` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done
for i in $BLOCKLISTTXT ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX2 ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX2`
echo "File $i.$SUFFIX2 last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX2`
fi
wget -N $URL/$i.$SUFFIX2
if [ `stat --format=%Y $i.$SUFFIX2` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done


# if none of the blockfiles were updated:
#if [ -z $UPDATED ] ; then
#echo "No blocklists needed updating."
#endscript 0
#fi

set -e
# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
done
cat *.txt > merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "Google Inc" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0


Maybe if you pasted that into the moblock-nfq file, you can update once again.

That's just weird. Here's my moblock-nfq file in case yours is corrupt.

#!/bin/sh
# Update new blocklists and start/stop/restart PeerGuardian
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# testdescription
#
echo "moblock: checking for new block lists..."
TESTHOST=www.bluetack.co.uk

wget --timeout=5 --dns-timeout=5 -O - $TESTHOST >/dev/null
if [ $? -ne 0 ]; then
echo no connection to $TESTHOST, updating later.;
exit 0;
fi

#CONFIGURATION
# Make sure PG_SPOOL points to the directory where
# you want to put your downloaded blocklists.
PG_SPOOL=/var/spool/moblock
# Remove the lists you don't want to download and
# use from BLOCKLISTS.
BLOCKLISTS="ads-trackers-and-bad-pr0n bogon dshield hijacked level1 level2 Microsoft spider spyware templist"
BLOCKLISTTXT=""
#PG_CONF=/etc/PG.conf
#PG_LOG=/var/log/PG.log
PG_LIST=/etc/moblock/guarding.p2p
#The URL where the blocklists reside
URL=http://www.bluetack.co.uk/config
#The format of the lists to download
SUFFIX=gz
#The format after unpacking
SUFFIX2=txt

endscript () {
date +"------------ "%F" "%X" "%Z" End PeerGuardian Script"
exit $1
}
date +"------------ "%F" "%X" "%Z" Begin PeerGuardian $1"


cd "$PG_SPOOL"
# check if blockfiles were updated:
UPDATED=""
for i in $BLOCKLISTS ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX`
echo "File $i.$SUFFIX last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX`
fi
wget -N $URL/$i.$SUFFIX
if [ `stat --format=%Y $i.$SUFFIX` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done
for i in $BLOCKLISTTXT ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX2 ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX2`
echo "File $i.$SUFFIX2 last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX2`
fi
wget -N $URL/$i.$SUFFIX2
if [ `stat --format=%Y $i.$SUFFIX2` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done


# if none of the blockfiles were updated:
#if [ -z $UPDATED ] ; then
#echo "No blocklists needed updating."
#endscript 0
#fi

set -e
# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
done
cat *.txt > merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "Google Inc" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
/etc/init.d/`basename $0` reload
exit 0


Maybe if you pasted that into the moblock-nfq file, you can update once again.

maybe hes using moblock-ipq like me hmm

No, but I found that this file is missing :shock: I never deleted this file

No, but I found that this file is missing :shock: I never deleted this file

Did you get it working?

Did you get it working?

Yes. I think so... Just removed moblock and installed it again. During these actions I feel some MS Windows-like presence behind me :mrgreen:

solution was just two post ago, request deleted sorry

no way, gmail in evolution is not working for me

Moblock seems to block Gmail (pop.gmail.com, and possibly smtp.gmail.com)

How can I stop it from blocking Gmail?


<snip>
@justin
You'll have to watch the logfile, and filter those ranges out, during an update of the blocklists. It's described in my howto.
I think I am really dumb because I cannot make gmail work

what I did is to open /etc/cron.daily/moblock-nfq and add

grep -v -i "mail.google.com" merged.p2b.p2p | grep -v -i "mail.google.com" | grep -v "mail.google.com" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2pbut this is not working... what is the right way?

I also followed this suggestion (http://ubuntuforums.org/showpost.php?p=2419607&postcount=452) but it's not working either

is there a simple and clear sintax that someone can explain to a dumb like me? :D

ok, Moblock blocks also messenger protocol

I have read all thread and tried to follow all suggestions I found in order to whitelist mail and messenger but it seems I am really stupid or this is too difficult for me

if anyone has a clear solution on how to make gmail and messenger protocol work with Moblock on is welcome :D

@chinaski: The grep command filters specific lines from your blocklist on rebuilding, so

- you have to make sure that you write something which corresponds to the line in /etc/moblock/guarding.p2p which blocks your site (try it with just "google" not "mail.google.com"). Try ´man grep´ to understand what you are doing.

- you have to make sure that the blocklist is really rebuilt, only editing the cron.daily file will not work. So either wait a day or remove one little blocklist (not level1!!) from /var/spool/moblock/ and do a ´/etc/cron.daily/moblock-nfq´ as root afterwards.

Another solution is to add the ports of the protocols you want to whitelist to /etc/moblock/MoBlock-nfq.sh and do a ´/etc/init.d/moblock-nfq restart´ as root afterwards.

<snip>
Another solution is to add the ports of the protocols you want to whitelist to /etc/moblock/MoBlock-nfq.sh and do a ´/etc/init.d/moblock-nfq restart´ as root afterwards.
once again i must thank you jre ;)

I'll try this option tonight :)

cheers

no way, gmail in evolution is not working for me




I think I am really dumb because I cannot make gmail work

what I did is to open /etc/cron.daily/moblock-nfq and add

grep -v -i "mail.google.com" merged.p2b.p2p | grep -v -i "mail.google.com" | grep -v "mail.google.com" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2pbut this is not working... what is the right way?

I also followed this suggestion (http://ubuntuforums.org/showpost.php?p=2419607&postcount=452) but it's not working either

is there a simple and clear sintax that someone can explain to a dumb like me? :D

I use GMAIL and it works for me, though my syntax is different. Take a look at post #455, that's my Moblock-NFQ file if you want to make sure everything is the same. The syntax I used was:


grep -v -i "Google Inc" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

hello,

I've tried that syntax too, but it's not working

I'm waiting tomorrow for Feisty stable to make a fresh install of Ubuntu so I am not making any change now, but I'll be back on this subject soon

thank you ;)

hello,

I've tried that syntax too, but it's not working

I'm waiting tomorrow for Feisty stable to make a fresh install of Ubuntu so I am not making any change now, but I'll be back on this subject soon

thank you ;)

Did you run

sudo sh /etc/cron.daily/moblock-nfq

after editing the file? I suppose it doesn't matter since Moblock is supposed to automatically update after a restart. Someone suggest whitelisting the ports. If you want to try that method, you need to whitelist the SSL port (995) and the STARTTLS port (465 or 587). I'm not sure if the protocol name is required or if you're able to just put the numbers in.

In any case, I think you're going to run into the same problem with Feisty since Google Inc is blacklisted.

Lo all,

I've created a very crude frontend to Moblock using Gambas...was wondering if any would like to try it out.

Leebo

@voodew/chinaski: You´re right that it is necessary to do a `sudo sh /etc/cron.daily/moblock-nfq`, but don´t forget to first stop moblock (otherwise I think there would be two instances of moblock running. If in doubt, simply reboot, lol)

@Leebo: What are the features?

@voodew/chinaski: You´re right that it is necessary to do a `sudo sh /etc/cron.daily/moblock-nfq`, but don´t forget to first stop moblock (otherwise I think there would be two instances of moblock running. If in doubt, simply reboot, lol)

@Leebo: What are the features?

I don't think stopping moblock is required because I never did that... though, stopping and applying the command certainly won't hurt anything. Especially after a reboot:)

@voodew: you´re right, I was a bit sleepy when i wrote that
It´s only necessary to first stop and then start moblock again when you change the port-whitelisting in /etc/moblock/MoBlock-nfq.sh. (There the script checks if moblock is already running and simply quits if moblock is already running --> no ports whitelisted)

Frontend

It's a GUI that allows the user to start/stop/restart Moblock as well as update the blocklists (not updating level1 currently due to bluetack issues), displays the update info (when the last time all of the blocklists where updated), and displays the last 10 lines in the log for blocklists (still looking at improving this to actively displaying incoming block traffic) instead of having to click a button.

Been a while since a tried out my coding legs, was just seeing what i remembered :)

I just like having a launcher i can control everything from without console (i'm pretty lazy).

Eventually would like to minimize to systray instead of taskbar, and like i said improve the blocklist display as well.This is my first venture with Gambas so just seeing how it goes.

I'll post a screenshot when i can.

Leebo

@Leebo: Your frontend; sounds really good (of course I´m sure I would have tons of feature requests once I tried it ;-) ). But starting/stopping and updating and seeing if the update worked are really the main features.

So, I´d suggest you post your code at the Linux forum at phoenixlabs.org (home of the original windows PeerGuardian, but the developer of moblock regularly steps by since there´s the plan to make moblock the official PeerGuardian Linux). I´m pretty sure "some" people would be interested in your work. (Personally I prefer init + console, but I know that I´m not mainstream).

Greets!
jre

Hello,

@Leebo I've created a very crude frontend to Moblock using Gambas...was wondering if any would like to try it out.

Sounds great, I would like to see that.

sloter

I just installed Fiesty and have Moblock up and running. The instructions for installation are the same as Edgy's from the OP, however, you don't need to install the netfilter libs because Fiesty aptitude installs them correctly during Moblock installation... YAY!!!

I just installed Fiesty and have Moblock up and running. The instructions for installation are the same as Edgy's from the OP, however, you don't need to install the netfilter libs because Fiesty aptitude installs them correctly during Moblock installation... YAY!!!

Same here! I was very happy to find it working perfectly.

Me too, I installed moblocknfq (0.8-14) with apt on the new dist-upgrade Feisty and everythink worked fined, the dependencies instlled by themselves! Very great!
sloter

im having bad problems on a fresh feisty install, im using the amd64 version. ihad made debs for edgy that worked jsut fine but on feisty its a different story with broken dependencies and stuff

i wish someone more competent than me could make 64 bit debs

many thanks to jre and voodew for their support to solve my problem

Moblock was blocking gmail mail accounts and Gaim MSN protocol

if you (read: anyone) have same issues just read previous posts (pages 46-47) and you'll solve it

thanks also to jamesford for the solution for Gaim (http://ubuntuforums.org/showthread.php?p=1146357&highlight=gaim#post1146357)

cheers! ;)

I suspect Moblock is causing me problems with youtube, but I can't be sure. Is there a way I can check the blocklist to see what's on it?

Also, my Ubuntu machine acts as a wireless access point for my laptop, bridging from a wireless card to ethernet. I'd prefer moblock didn't filter stuff going to and from the wireless, since I don't run P2P on the laptop, and it has its own firewall, etc. Is there a way to set Moblock not to affect bridged traffic?

@dalziel_82: The blocklist is in /etc/moblock/guarding.p2p. But you can follow the logfile live with `tail -f /var/log/moblock.log`, then you can see if something is blocked while you´re on youtube.

I´m not sure about the laptop thing. But removing all "FORWARD" stuff (this relates to iptables FORWARD chain for packets being routed through the box) from /etc/moblock/MoBlock-nfq.sh might do it. (First stop moblock, then edit the file, then start it again. Check your results with `iptables -L`)

jre

hi i upgrade to feisty and moblock is not working anymore : i'm on amd64 feisty. It worked fine on edgy, but now i run all the comands and nothing happens ( good or bad):

juan@ubuntubox:~$ pidof moblock
juan@ubuntubox:~$

juan@ubuntubox:~$ tail /var/log/moblock.log
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Skipping useless range: 80ke.com
Ranges loaded: 196346
Merged ranges: 199
Skipped useless ranges: 6358
juan@ubuntubox:~$

juan@ubuntubox:~$ sudo /etc/init.d/moblock-nfq restart
Password:
* Restarting moblock moblock [ OK ]
juan@ubuntubox:~$ pidof modblock
juan@ubuntubox:~$

i'm missing somethig, if you need more info, just tell me what to do, and i'll post it.
thanks

That's weird, I tried pidof moblock and got no output and checked to see if everything is working fine, and it is. I tried pidof a couple minutes later, and I got 5503.
Type
ps axu
And see if you can locate a moblock process ID that way.

hi i upgrade to feisty and moblock is not working anymore : i'm on amd64 feisty. It worked fine on edgy, but now i run all the comands and nothing happens ( good or bad):

juan@ubuntubox:~$ pidof moblock
juan@ubuntubox:~$

juan@ubuntubox:~$ tail /var/log/moblock.log
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Skipping useless range: 80ke.com
Ranges loaded: 196346
Merged ranges: 199
Skipped useless ranges: 6358
juan@ubuntubox:~$

juan@ubuntubox:~$ sudo /etc/init.d/moblock-nfq restart
Password:
* Restarting moblock moblock [ OK ]
juan@ubuntubox:~$ pidof modblock
juan@ubuntubox:~$

i'm missing somethig, if you need more info, just tell me what to do, and i'll post it.
thanks

juan@ubuntubox:~$ ps axu
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.2 5064 1960 ? Ss 18:53 0:00 /sbin/init
root 2 0.0 0.0 0 0 ? S 18:53 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 18:53 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 18:53 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S< 18:53 0:00 [events/0]
root 6 0.0 0.0 0 0 ? S< 18:53 0:00 [khelper]
root 7 0.0 0.0 0 0 ? S< 18:53 0:00 [kthread]
root 29 0.0 0.0 0 0 ? S< 18:53 0:00 [kblockd/0]
root 30 0.0 0.0 0 0 ? S< 18:53 0:00 [kacpid]
root 31 0.0 0.0 0 0 ? S< 18:53 0:00 [kacpi_notify]
root 128 0.0 0.0 0 0 ? S< 18:53 0:00 [kseriod]
root 158 0.0 0.0 0 0 ? S 18:53 0:00 [pdflush]
root 159 0.0 0.0 0 0 ? S 18:53 0:00 [pdflush]
root 160 0.0 0.0 0 0 ? S< 18:53 0:00 [kswapd0]
root 161 0.0 0.0 0 0 ? S< 18:53 0:00 [aio/0]
root 1998 0.0 0.0 0 0 ? S< 18:53 0:00 [ata/0]
root 1999 0.0 0.0 0 0 ? S< 18:53 0:00 [ata_aux]
root 2002 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_0]
root 2003 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_1]
root 2005 0.0 0.0 0 0 ? S< 18:53 0:00 [ksuspend_usbd]
root 2006 0.0 0.0 0 0 ? S< 18:53 0:00 [khubd]
root 2250 0.0 0.0 0 0 ? S< 18:53 0:00 [kjournald]
root 2454 0.0 0.2 19900 1756 ? S<s 18:53 0:00 /sbin/udevd --d
root 3405 0.0 0.0 0 0 ? S< 18:53 0:00 [kpsmoused]
root 3478 0.0 0.0 0 0 ? S< 18:53 0:00 [kgameportd]
root 3527 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_2]
root 3528 0.0 0.0 0 0 ? S< 18:53 0:00 [usb-storage]
root 3892 0.0 0.0 0 0 ? S< 18:53 0:00 [kjournald]
root 4207 0.0 0.0 3780 560 tty4 Ss+ 18:53 0:00 /sbin/getty 384
root 4208 0.0 0.0 3780 564 tty5 Ss+ 18:53 0:00 /sbin/getty 384
root 4211 0.0 0.0 3784 564 tty2 Ss+ 18:53 0:00 /sbin/getty 384
root 4213 0.0 0.0 3784 564 tty3 Ss+ 18:53 0:00 /sbin/getty 384
root 4214 0.0 0.0 3780 560 tty1 Ss+ 18:53 0:00 /sbin/getty 384
root 4215 0.0 0.0 3784 564 tty6 Ss+ 18:53 0:00 /sbin/getty 384
root 4453 0.0 0.1 12852 1488 ? Ss 18:53 0:00 /usr/sbin/acpid
root 4555 0.0 0.0 5888 672 ? Ss 18:53 0:00 /sbin/syslogd
root 4611 0.0 0.0 8036 572 ? Ss 18:53 0:00 /bin/dd bs 1 if
klog 4613 0.0 0.2 5100 1832 ? Ss 18:53 0:00 /sbin/klogd -P
103 4634 0.0 0.1 23508 1124 ? Ss 18:53 0:00 /usr/bin/dbus-d
106 4650 0.4 1.2 36340 9296 ? Ss 18:53 0:02 /usr/sbin/hald
root 4651 0.0 0.1 15380 1112 ? S 18:53 0:00 hald-runner
106 4657 0.0 0.1 16548 952 ? S 18:53 0:00 hald-addon-acpi
106 4665 0.0 0.1 16552 960 ? S 18:54 0:00 hald-addon-keyb
106 4674 0.0 0.1 16548 956 ? S 18:54 0:00 hald-addon-keyb
106 4677 0.0 0.1 16548 952 ? S 18:54 0:00 hald-addon-keyb
106 4686 0.0 0.1 16548 1008 ? S 18:54 0:00 hald-addon-stor
106 4694 0.0 0.1 16544 972 ? S 18:54 0:00 hald-addon-stor
root 4708 0.0 0.0 6164 724 ? Ss 18:54 0:00 /usr/sbin/dhcdb
root 4723 0.0 0.2 37524 1980 ? Ss 18:54 0:00 /usr/sbin/Netwo
avahi 4741 0.0 0.1 27400 1408 ? Ss 18:54 0:00 avahi-daemon: r
avahi 4742 0.0 0.0 27400 492 ? Ss 18:54 0:00 avahi-daemon: c
root 4755 0.0 0.1 21684 1212 ? Ss 18:54 0:00 /usr/sbin/Netwo
root 4768 0.0 0.1 15368 864 ? Ss 18:54 0:00 /usr/bin/system
root 4769 0.0 0.1 23376 1296 ? S 18:54 0:00 dbus-daemon --s
root 4801 0.0 0.2 94540 1632 ? Ss 18:54 0:00 /usr/sbin/gdm
root 4804 0.0 0.3 107200 2628 ? S 18:54 0:00 /usr/sbin/gdm
root 4807 1.0 4.7 99256 36448 tty7 SLs+ 18:54 0:05 /usr/X11R6/bin/
cupsys 4851 0.0 0.2 52536 2144 ? Ss 18:54 0:00 /usr/sbin/cupsd
root 4875 0.0 0.1 41204 948 ? Ss 18:54 0:00 /usr/sbin/hpiod
hplip 4878 0.0 0.9 91208 7352 ? S 18:54 0:00 python /usr/sbi
root 4916 0.0 0.0 12756 520 ? S 18:54 0:00 ptal-mlcd mlc:u
root 4919 0.0 0.0 16460 544 ? S 18:54 0:00 ptal-printd mlc
root 4928 0.0 0.0 16464 564 ? S 18:54 0:00 ptal-photod mlc
109 5013 0.1 1.4 27468 11068 ? S 18:54 0:00 /usr/sbin/tor
daemon 5071 0.0 0.0 16332 436 ? Ss 18:54 0:00 /usr/sbin/atd
root 5099 0.0 0.1 20836 956 ? Ss 18:54 0:00 /usr/sbin/cron
juan 5217 0.0 1.9 197960 14824 ? Ssl 18:54 0:00 x-session-manag
juan 5255 0.0 0.0 31264 616 ? Ss 18:54 0:00 /usr/bin/ssh-ag
juan 5258 0.0 0.0 13092 672 ? S 18:54 0:00 /usr/bin/dbus-l
juan 5259 0.0 0.1 23508 1016 ? Ss 18:54 0:00 /usr/bin/dbus-d
juan 5261 0.0 0.7 39188 5816 ? S 18:54 0:00 /usr/lib/libgco
juan 5264 0.0 0.1 17260 1028 ? S 18:54 0:00 /usr/bin/gnome-
juan 5266 0.0 1.6 206416 12564 ? Sl 18:54 0:00 /usr/lib/contro
juan 5274 0.0 0.0 3860 536 ? Ss 18:54 0:00 /bin/sh -c /usr
juan 5275 0.0 0.4 23952 3244 ? S 18:54 0:00 /usr/bin/esd -t
juan 5279 0.1 1.3 109632 10580 ? S 18:54 0:00 /usr/bin/metaci
juan 5282 0.1 3.1 289352 24004 ? S 18:54 0:00 gnome-panel --s
juan 5285 0.1 3.6 342140 27700 ? S 18:54 0:00 nautilus --no-d
juan 5291 0.0 0.5 85440 3948 ? S 18:54 0:00 /usr/lib/gnome-
juan 5293 0.0 0.4 79732 3680 ? Ssl 18:54 0:00 /usr/lib/bonobo
juan 5294 0.0 0.7 167752 5508 ? Ss 18:54 0:00 gnome-volume-ma
juan 5314 0.0 1.9 223792 15384 ? S 18:54 0:00 update-notifier
juan 5322 0.0 1.5 281412 12096 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5326 2.4 6.2 324228 47888 ? Sl 18:54 0:12 amule
juan 5329 0.0 0.1 14888 944 ? S 18:54 0:00 /usr/lib/nautil
juan 5330 0.0 1.6 206760 12728 ? S 18:54 0:00 nm-applet --sm-
juan 5331 0.0 1.2 225340 9960 ? Sl 18:54 0:00 gnome-cups-icon
juan 5333 0.0 0.9 210660 7292 ? Ss 18:54 0:00 gnome-power-man
juan 5342 0.0 1.5 270604 11676 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5355 0.2 4.2 262016 32744 ? Sl 18:54 0:01 mono /usr/lib/t
juan 5376 0.0 1.0 227572 7832 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5426 0.0 2.1 226692 16440 ? S 18:54 0:00 /usr/lib/gnome-
juan 5434 0.0 0.3 141772 2712 ? Ss 18:54 0:00 gnome-screensav
juan 5592 0.0 0.2 10664 1680 ? S 19:01 0:00 /bin/bash /usr/
juan 5593 0.0 0.2 10704 1800 ? S 19:01 0:00 bash ./swiftfox
juan 5596 0.0 0.0 3864 580 ? S 19:01 0:00 /bin/sh ./run-m
juan 5600 11.2 6.8 163148 52340 ? Sl 19:01 0:12 ./swiftfox-bin
juan 5613 0.0 0.0 0 0 ? Z 19:01 0:00 [net] <defunct>
juan 5661 5.2 2.7 245852 21032 ? Sl 19:03 0:00 gnome-terminal
juan 5665 0.0 0.1 16932 796 ? S 19:03 0:00 gnome-pty-helpe
juan 5666 3.0 0.4 20640 3660 pts/0 Ss 19:03 0:00 bash
juan 5685 0.0 0.1 14956 1060 pts/0 R+ 19:03 0:00 ps axu

no is not here, i dont know what to do.

juan@ubuntubox:~$ ps axu
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.2 5064 1960 ? Ss 18:53 0:00 /sbin/init
root 2 0.0 0.0 0 0 ? S 18:53 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 18:53 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 18:53 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S< 18:53 0:00 [events/0]
root 6 0.0 0.0 0 0 ? S< 18:53 0:00 [khelper]
root 7 0.0 0.0 0 0 ? S< 18:53 0:00 [kthread]
root 29 0.0 0.0 0 0 ? S< 18:53 0:00 [kblockd/0]
root 30 0.0 0.0 0 0 ? S< 18:53 0:00 [kacpid]
root 31 0.0 0.0 0 0 ? S< 18:53 0:00 [kacpi_notify]
root 128 0.0 0.0 0 0 ? S< 18:53 0:00 [kseriod]
root 158 0.0 0.0 0 0 ? S 18:53 0:00 [pdflush]
root 159 0.0 0.0 0 0 ? S 18:53 0:00 [pdflush]
root 160 0.0 0.0 0 0 ? S< 18:53 0:00 [kswapd0]
root 161 0.0 0.0 0 0 ? S< 18:53 0:00 [aio/0]
root 1998 0.0 0.0 0 0 ? S< 18:53 0:00 [ata/0]
root 1999 0.0 0.0 0 0 ? S< 18:53 0:00 [ata_aux]
root 2002 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_0]
root 2003 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_1]
root 2005 0.0 0.0 0 0 ? S< 18:53 0:00 [ksuspend_usbd]
root 2006 0.0 0.0 0 0 ? S< 18:53 0:00 [khubd]
root 2250 0.0 0.0 0 0 ? S< 18:53 0:00 [kjournald]
root 2454 0.0 0.2 19900 1756 ? S<s 18:53 0:00 /sbin/udevd --d
root 3405 0.0 0.0 0 0 ? S< 18:53 0:00 [kpsmoused]
root 3478 0.0 0.0 0 0 ? S< 18:53 0:00 [kgameportd]
root 3527 0.0 0.0 0 0 ? S< 18:53 0:00 [scsi_eh_2]
root 3528 0.0 0.0 0 0 ? S< 18:53 0:00 [usb-storage]
root 3892 0.0 0.0 0 0 ? S< 18:53 0:00 [kjournald]
root 4207 0.0 0.0 3780 560 tty4 Ss+ 18:53 0:00 /sbin/getty 384
root 4208 0.0 0.0 3780 564 tty5 Ss+ 18:53 0:00 /sbin/getty 384
root 4211 0.0 0.0 3784 564 tty2 Ss+ 18:53 0:00 /sbin/getty 384
root 4213 0.0 0.0 3784 564 tty3 Ss+ 18:53 0:00 /sbin/getty 384
root 4214 0.0 0.0 3780 560 tty1 Ss+ 18:53 0:00 /sbin/getty 384
root 4215 0.0 0.0 3784 564 tty6 Ss+ 18:53 0:00 /sbin/getty 384
root 4453 0.0 0.1 12852 1488 ? Ss 18:53 0:00 /usr/sbin/acpid
root 4555 0.0 0.0 5888 672 ? Ss 18:53 0:00 /sbin/syslogd
root 4611 0.0 0.0 8036 572 ? Ss 18:53 0:00 /bin/dd bs 1 if
klog 4613 0.0 0.2 5100 1832 ? Ss 18:53 0:00 /sbin/klogd -P
103 4634 0.0 0.1 23508 1124 ? Ss 18:53 0:00 /usr/bin/dbus-d
106 4650 0.4 1.2 36340 9296 ? Ss 18:53 0:02 /usr/sbin/hald
root 4651 0.0 0.1 15380 1112 ? S 18:53 0:00 hald-runner
106 4657 0.0 0.1 16548 952 ? S 18:53 0:00 hald-addon-acpi
106 4665 0.0 0.1 16552 960 ? S 18:54 0:00 hald-addon-keyb
106 4674 0.0 0.1 16548 956 ? S 18:54 0:00 hald-addon-keyb
106 4677 0.0 0.1 16548 952 ? S 18:54 0:00 hald-addon-keyb
106 4686 0.0 0.1 16548 1008 ? S 18:54 0:00 hald-addon-stor
106 4694 0.0 0.1 16544 972 ? S 18:54 0:00 hald-addon-stor
root 4708 0.0 0.0 6164 724 ? Ss 18:54 0:00 /usr/sbin/dhcdb
root 4723 0.0 0.2 37524 1980 ? Ss 18:54 0:00 /usr/sbin/Netwo
avahi 4741 0.0 0.1 27400 1408 ? Ss 18:54 0:00 avahi-daemon: r
avahi 4742 0.0 0.0 27400 492 ? Ss 18:54 0:00 avahi-daemon: c
root 4755 0.0 0.1 21684 1212 ? Ss 18:54 0:00 /usr/sbin/Netwo
root 4768 0.0 0.1 15368 864 ? Ss 18:54 0:00 /usr/bin/system
root 4769 0.0 0.1 23376 1296 ? S 18:54 0:00 dbus-daemon --s
root 4801 0.0 0.2 94540 1632 ? Ss 18:54 0:00 /usr/sbin/gdm
root 4804 0.0 0.3 107200 2628 ? S 18:54 0:00 /usr/sbin/gdm
root 4807 1.0 4.7 99256 36448 tty7 SLs+ 18:54 0:05 /usr/X11R6/bin/
cupsys 4851 0.0 0.2 52536 2144 ? Ss 18:54 0:00 /usr/sbin/cupsd
root 4875 0.0 0.1 41204 948 ? Ss 18:54 0:00 /usr/sbin/hpiod
hplip 4878 0.0 0.9 91208 7352 ? S 18:54 0:00 python /usr/sbi
root 4916 0.0 0.0 12756 520 ? S 18:54 0:00 ptal-mlcd mlc:u
root 4919 0.0 0.0 16460 544 ? S 18:54 0:00 ptal-printd mlc
root 4928 0.0 0.0 16464 564 ? S 18:54 0:00 ptal-photod mlc
109 5013 0.1 1.4 27468 11068 ? S 18:54 0:00 /usr/sbin/tor
daemon 5071 0.0 0.0 16332 436 ? Ss 18:54 0:00 /usr/sbin/atd
root 5099 0.0 0.1 20836 956 ? Ss 18:54 0:00 /usr/sbin/cron
juan 5217 0.0 1.9 197960 14824 ? Ssl 18:54 0:00 x-session-manag
juan 5255 0.0 0.0 31264 616 ? Ss 18:54 0:00 /usr/bin/ssh-ag
juan 5258 0.0 0.0 13092 672 ? S 18:54 0:00 /usr/bin/dbus-l
juan 5259 0.0 0.1 23508 1016 ? Ss 18:54 0:00 /usr/bin/dbus-d
juan 5261 0.0 0.7 39188 5816 ? S 18:54 0:00 /usr/lib/libgco
juan 5264 0.0 0.1 17260 1028 ? S 18:54 0:00 /usr/bin/gnome-
juan 5266 0.0 1.6 206416 12564 ? Sl 18:54 0:00 /usr/lib/contro
juan 5274 0.0 0.0 3860 536 ? Ss 18:54 0:00 /bin/sh -c /usr
juan 5275 0.0 0.4 23952 3244 ? S 18:54 0:00 /usr/bin/esd -t
juan 5279 0.1 1.3 109632 10580 ? S 18:54 0:00 /usr/bin/metaci
juan 5282 0.1 3.1 289352 24004 ? S 18:54 0:00 gnome-panel --s
juan 5285 0.1 3.6 342140 27700 ? S 18:54 0:00 nautilus --no-d
juan 5291 0.0 0.5 85440 3948 ? S 18:54 0:00 /usr/lib/gnome-
juan 5293 0.0 0.4 79732 3680 ? Ssl 18:54 0:00 /usr/lib/bonobo
juan 5294 0.0 0.7 167752 5508 ? Ss 18:54 0:00 gnome-volume-ma
juan 5314 0.0 1.9 223792 15384 ? S 18:54 0:00 update-notifier
juan 5322 0.0 1.5 281412 12096 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5326 2.4 6.2 324228 47888 ? Sl 18:54 0:12 amule
juan 5329 0.0 0.1 14888 944 ? S 18:54 0:00 /usr/lib/nautil
juan 5330 0.0 1.6 206760 12728 ? S 18:54 0:00 nm-applet --sm-
juan 5331 0.0 1.2 225340 9960 ? Sl 18:54 0:00 gnome-cups-icon
juan 5333 0.0 0.9 210660 7292 ? Ss 18:54 0:00 gnome-power-man
juan 5342 0.0 1.5 270604 11676 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5355 0.2 4.2 262016 32744 ? Sl 18:54 0:01 mono /usr/lib/t
juan 5376 0.0 1.0 227572 7832 ? Sl 18:54 0:00 /usr/lib/evolut
juan 5426 0.0 2.1 226692 16440 ? S 18:54 0:00 /usr/lib/gnome-
juan 5434 0.0 0.3 141772 2712 ? Ss 18:54 0:00 gnome-screensav
juan 5592 0.0 0.2 10664 1680 ? S 19:01 0:00 /bin/bash /usr/
juan 5593 0.0 0.2 10704 1800 ? S 19:01 0:00 bash ./swiftfox
juan 5596 0.0 0.0 3864 580 ? S 19:01 0:00 /bin/sh ./run-m
juan 5600 11.2 6.8 163148 52340 ? Sl 19:01 0:12 ./swiftfox-bin
juan 5613 0.0 0.0 0 0 ? Z 19:01 0:00 [net] <defunct>
juan 5661 5.2 2.7 245852 21032 ? Sl 19:03 0:00 gnome-terminal
juan 5665 0.0 0.1 16932 796 ? S 19:03 0:00 gnome-pty-helpe
juan 5666 3.0 0.4 20640 3660 pts/0 Ss 19:03 0:00 bash
juan 5685 0.0 0.1 14956 1060 pts/0 R+ 19:03 0:00 ps axu

no is not here, i dont know what to do.

Well, I'm stumped. It looks like moblock is running from your tail output, but there's no pidof or apparent process ID. If you haven't modified anything, try pinging www.riaa.com and running the tail -f command in a separate terminal. If you're getting confirmed blocks, then moblock must be running correctly and there is a problem with pidof. If that's not the case, I hope someone can offer a solution.

If you had it installed from the amd64 debs someone made a while back, it will crash. A new version needs to be built against the netfilter libraries that come with feisty. Building a new version can be done like this:

sudo echo "deb-src http://moblock-deb.sourceforge.net/debian unstable main" >> /etc/apt/sources
sudo apt-get install build-essential
sudo apt-get update
mkdir foo
cd foo
apt-get source moblock-nfq
sudo apt-get build-dep moblock-nfq
cd moblock-0.8
debuild
cd ..
sudo dpkg -i moblock-nfq_0.8-14_amd64.deb

thanks voodew for your interest and help.

kthu i'll try to make what you say and post back

i'm doing something wrong

juan@ubuntubox:~/foo/moblock-0.8$ sudo debuild
debian/rules clean
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp patch-stamp install-stamp install-stamp-moblock-ipq install-stamp-moblock-nfq
# Add here commands to clean up after the build process.
/usr/bin/make clean
make[1]: Entering directory `/home/juan/foo/moblock-0.8'
rm -f *.o *~ *# moblock-nfq moblock-ipq
make[1]: Leaving directory `/home/juan/foo/moblock-0.8'
dh_clean
dpatch deapply-all
reverting patch MoBlock-ipq.sh from ./ ... ok.
reverting patch MoBlock-nfq.sh from ./ ... ok.
reverting patch makefile from ./ ... ok.
rm -rf patch-stamp debian/patched
dpkg-source -b moblock-0.8
dpkg-source: building moblock using existing moblock_0.8.orig.tar.gz
dpkg-source: building moblock in moblock_0.8-14.diff.gz
dpkg-source: warning: file debian/docs has no final newline (either original or modified version)
dpkg-source: warning: executable mode 0755 of `debian/patches/MoBlock-nfq.sh.dpatch' will not be represented in diff
dpkg-source: warning: executable mode 0755 of `debian/patches/makefile.dpatch' will not be represented in diff
dpkg-source: warning: executable mode 0755 of `debian/patches/MoBlock-ipq.sh.dpatch' will not be represented in diff
dpkg-source: warning: ignoring deletion of file Changelog~
dpkg-source: building moblock in moblock_0.8-14.dsc
debian/rules build
dpatch apply-all
applying patch makefile to ./ ... ok.
applying patch MoBlock-nfq.sh to ./ ... ok.
applying patch MoBlock-ipq.sh to ./ ... ok.
echo patched >patch-stamp
dh_testdir
# Add here commands to configure the package.
touch configure-stamp
dh_testdir
# Add here commands to compile the package.
/usr/bin/make
make[1]: Entering directory `/home/juan/foo/moblock-0.8'
gcc -DLIBIPQ -Wall -O2 -fomit-frame-pointer -ffast-math -D_GNU_SOURCE -I/usr/include/libipq -c -o MoBlock-ipq.o MoBlock.c
gcc -Wall -O2 -fomit-frame-pointer -ffast-math -D_GNU_SOURCE -I/usr/include/libipq -c -o rbt.o rbt.c
gcc -o moblock-ipq MoBlock-ipq.o rbt.o -lipq
strip moblock-ipq
gcc -DNFQUEUE -Wall -O2 -fomit-frame-pointer -ffast-math -D_GNU_SOURCE -I/usr/include/libipq -c -o MoBlock-nfq.o MoBlock.c
gcc -o moblock-nfq MoBlock-nfq.o rbt.o -lnetfilter_queue
strip moblock-nfq
make[1]: Leaving directory `/home/juan/foo/moblock-0.8'
#docbook-to-man debian/moblock.sgml > moblock.1
touch build-stamp
debian/rules binary
installing moblock-ipq
dh_testdir
dh_testroot
dh_installdirs
# Add here commands to install the package into debian/moblock.
/usr/bin/make install-moblock-ipq DESTDIR=/home/juan/foo/moblock-0.8/debian/moblock-ipq
make[1]: Entering directory `/home/juan/foo/moblock-0.8'
install -m 755 moblock-ipq /home/juan/foo/moblock-0.8/debian/moblock-ipq/usr/bin
ln -s moblock-ipq /home/juan/foo/moblock-0.8/debian/moblock-ipq/usr/bin/moblock
make[1]: Leaving directory `/home/juan/foo/moblock-0.8'
touch install-stamp-moblock-ipq
installing moblock-nfq
dh_testdir
dh_testroot
dh_installdirs
# Add here commands to install the package into debian/moblock.
/usr/bin/make install-moblock-nfq DESTDIR=/home/juan/foo/moblock-0.8/debian/moblock-nfq
make[1]: Entering directory `/home/juan/foo/moblock-0.8'
install -m 755 moblock-nfq /home/juan/foo/moblock-0.8/debian/moblock-nfq/usr/bin
ln -s moblock-nfq /home/juan/foo/moblock-0.8/debian/moblock-nfq/usr/bin/moblock
make[1]: Leaving directory `/home/juan/foo/moblock-0.8'
touch install-stamp-moblock-nfq
dh_testdir
dh_testroot
touch install-stamp
dh_testdir
dh_testroot
dh_installchangelogs Changelog
dh_installdocs --mainpackage=moblock-ipq -pmoblock-ipq
dh_installexamples
dh_install
dh_installlogrotate
dh_installinit
dh_installcron
dh_installman
dh_link
dh_strip
dh_compress
dh_fixperms
dh_installdeb -pmoblock-ipq
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `moblock-ipq' in `../moblock-ipq_0.8-14_amd64.deb'.
dh_testdir
dh_testroot
dh_installchangelogs Changelog
dh_installdocs --mainpackage=moblock-nfq -pmoblock-nfq
dh_installexamples
dh_install
dh_installlogrotate
dh_installinit
dh_installcron
dh_installman
dh_link
dh_strip
dh_compress
dh_fixperms
dh_installdeb -pmoblock-nfq
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
dpkg-deb: building package `moblock-nfq' in `../moblock-nfq_0.8-14_amd64.deb'.
dpkg-genchanges
dpkg-genchanges: not including original source code in upload
dpkg-buildpackage (debuild emulation): binary and diff upload (original source NOT included)
Now signing changes and any dsc files...
signfile moblock_0.8-14.dsc clessing <clessing@users.sourceforge.net>
gpg: WARNING: unsafe ownership on configuration file `/home/juan/.gnupg/gpg.conf'
gpg: WARNING: unsafe ownership on configuration file `/home/juan/.gnupg/gpg.conf'
gpg: skipped "clessing <clessing@users.sourceforge.net>": secret key not available
gpg: [stdin]: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
debuild: fatal error at line 1155:
running debsign failed

sudo echo "deb-src http://moblock-deb.sourceforge.net/debian unstable main" >> /etc/apt/sources

Did not work for me , so i add to my sources list : deb-src http://moblock-deb.sourceforge.net/debian unstable main . Update and work fine until debuild

Well laid out. Exactly what was supposed to happen, did.

could you be more specific Kaobear

Should i generate a gpg key and try again?

well i think is working. i just keeped going and it worked, just like kthu said. I was over complicated.
I post here iff something happends. thaks you a lot!!!!!!!!!

The signing part is not important. The resulting file is not intended for distribution anyway :) The file should still be built and ready to install. Check the contents of the parent directory of the one you ran debuild in.

Wow, I didn't realize that there were many differences between a 32 bit and a 64 bit installation. I plan on upgrading soon, any more suggestions/differences?

Anyone find a way to resolve Feisty issue with Firehol/iptables??

All i have figured out is that "bash 3.2" is the culprit.

No idea how to fall back to 'bash 3.2 PL 17'

shook-

I have managed to get rid of the error messages in feisty by doing the following:


sudo cat /lib/firehol/firehol |grep %q -n
2366: printf "%q " "$@" >>${FIREHOL_OUTPUT}
4705: printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
4726: printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
4780: printf >&2 "%q " "$@"
4977: printf "%q " "${work_realcmd[@]}"


Using nano as my editor I edited the "/lib/firehol/firehol". (make a backup)

looking at lines 2366, 4705, 4726, 4780, & 4977. I replaced the %q with a %b.

No confirmation if this will resolve my issue, but the error messages are gone.. Now I have to test the integrity of the firewall.

I have managed to get rid of the error messages in feisty by doing the following:


sudo cat /lib/firehol/firehol |grep %q -n
2366: printf "%q " "$@" >>${FIREHOL_OUTPUT}
4705: printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
4726: printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
4780: printf >&2 "%q " "$@"
4977: printf "%q " "${work_realcmd[@]}"


Using nano as my editor I edited the "/lib/firehol/firehol". (make a backup)

looking at lines 2366, 4705, 4726, 4780, & 4977. I replaced the %q with a %b.

No confirmation if this will resolve my issue, but the error messages are gone.. Now I have to test the integrity of the firewall.

Looks like the problems are gone.

Firehol is back to normal... atleast blocking services like ftp and ssh work....

How can you monitor what the program is doing, to make sure its doing it's job?

Having a gui with Peer Guardian in Windows makes this easy but not so I'm finding with Moblock. Thanks.

How can you monitor what the program is doing, to make sure its doing it's job?

Having a gui with Peer Guardian in Windows makes this easy but not so I'm finding with Moblock. Thanks.

I normally open a screen with tail -f /var/log/moblock

When i need to see whats up i just screen -r... or you can just leave a terminal open on a seperate desktop.

I don't understand how to install the two *i386.deb files for my Dapper 6.06 which says Dapper 6.04 on the tutorial by the way :confused:
Need help what do I do next?

.....ah now I see it had to be installed in a certain order and all that other sudo gedit stuff. This is bad for us who's bad at using our Windows brains :-)

This happened during install is this something important or unimportant?
mike@sanka:~$ gpg --export --armor DEDA0559 | sudo apt-key add -
OK
mike@sanka:~$ sudo apt-get update
Get:1 http://security.ubuntu.com dapper-security Release.gpg [191B]
Get:2 http://www.getautomatix.com dapper Release.gpg [189B]
Get:3 http://archive.ubuntu.com dapper Release.gpg [189B]
Get:4 http://archive.ubuntu.com dapper-updates Release.gpg [191B]
Get:5 http://archive.canonical.com dapper-commercial Release.gpg [191B]
Hit http://security.ubuntu.com dapper-security Release
Get:6 http://archive.canonical.com dapper-commercial Release [4886B]

....
....
....
Hit http://archive.ubuntu.com dapper-security/universe Packages
Hit http://archive.ubuntu.com dapper-security/multiverse Packages
Err http://archive.ubuntu.com dapper/universe Packages
404 Not Found [IP: 91.189.89.6 80]
Get:9 http://moblock-deb.sourceforge.net unstable Release [6720B]
Get:10 http://moblock-deb.sourceforge.net unstable/main Packages [889B]
Get:11 http://moblock-deb.sourceforge.net unstable/main Sources [602B]
Err http://packages.freecontrib.org dapper Release.gpg
Could not connect to packages.freecontrib.org:80 (88.191.33.6), connection tim ed out
Fetched 13.3kB in 2m0s (111B/s)
Failed to fetch http://packages.freecontrib.org/plf/dists/dapper/Release.gpg Co uld not connect to packages.freecontrib.org:80 (88.191.33.6), connection timed o ut
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/x/xmms-midi/dists /dapper/universe/binary-i386/Packages.gz 404 Not Found [IP: 91.189.89.6 80]
Reading package lists... Done
W: Some index files failed to download, they have been ignored, or old ones used instead.
mike@sanka:~$

Also!

mike@sanka:~$ sudo apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
moblock-nfq: Depends: libc6 (>= 2.3.6-6) but 2.3.6-0ubuntu20.4 is to be installed
Depends: libnfnetlink1 (>= 0.0.16) but it is not installable
E: Broken packages
mike@sanka:~$

I'm surprised no one's asked, but I double checked with a search of this thread for wine and windows, but no results, so here's my question : Does it properly manage apps running in wine?