Yes.

Hi pelle.k
I have just installed MoBlock on my feisty. Just wanted to say that it works really well on my Toshiba laptop, nice and smooth. I have checked if it works, as following:

guille@maschine:~$ tail /var/log/moblock.log
Blocked OUT: British Broadcasting Corporation,hits: 3,DST: 132.185.8.88
Blocked IN: Beijing Television Station China,hits: 1,SRC: 202.108.108.251
Blocked OUT: United Nations Development Programme,hits: 4,DST: 140.191.12.88
Blocked OUT: Bogon,hits: 8,DST: 42.34.13.88
Blocked OUT: DoD Network Information Center,hits: 4,DST: 215.248.37.83
Blocked OUT: Bogon,hits: 32,DST: 103.134.124.84
Blocked OUT: Bogon,hits: 4,DST: 196.55.5.88
Blocked OUT: British Broadcasting Corporation,hits: 4,DST: 132.185.8.88
Blocked OUT: p2p abusers,hits: 2,DST: 202.98.116.66
Blocked IN: SONY Corporation,hits: 1,SRC: 202.94.128.92

So, that means it works & blocks quite well.
I am just looking forward fot that marvellous python GUI I read at the beginning of the thread. :)
Please let us know! God bless an application as MoBlock!

Hi. I am getting an authentication error when trying to install;

WARNING: The following packages cannot be authenticated!
moblock-nfq
Install these packages without verification [y/N]? n
E: Some packages could not be authenticated

I have run the commands in the first post for importing the key. Any pointers?

hey there, i'm new to linux, and while i'm starting to get the hang of how things work around here, it's slow going in most regards. i've been trying to get moblock up and running for several days now, i've spent hours reading throught the last 51 pages of post trying the various methods described herein to no avail. i'm using edgy on a 32bit amd. moblock is installed , i get a pid, it starts and stops, but i don't think anything is being blocked. here's why:

a random address from guarding.p2p

fred@basement:~$ ping -c1 203.108.241.176
PING 203.108.241.176 (203.108.241.176) 56(84) bytes of data.

--- 203.108.241.176 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

fred@basement:~$


which results in the log

fred@basement:~$ tail /var/log/moblock.log
Ranges loaded: 179221
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
error during nfq_create_queue()
Ranges loaded: 179221
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
error during nfq_create_queue()
fred@basement:~$


and while i've manually downloaded the guarding.p2p file, i can't seem to ever connect to bluetack.co.uk for the other lists.

my concern is that the log file never shows anything being blocked. along with the 'error during nfq_create_queue' bit. any help is always appreciated, thanks.

@techstop: don´t worry, verification of moblock-deb.sourceforge.net is broken here, too. Don´t know what´s wrong, but you still get the correct packages.

@worntread:Your blocklist should be ok with 179221 loaded ranges. I don´t know why you can´t connect to bluetack.co.uk; normally if there are problems then only with the level1.gz list (which is the biggest list)

moblock is not working because of the "error during nfq_create_queue()". Perhaps your problem is that moblock was started several times, so just try `/etc/init.d/moblock-nfq stop` as root a few times and then start moblock again (or reboot).

If this doesn´t help then:
Did you install the netfilter-debs from the first post!?
You could still try moblock-ipq instead of moblock-nfq

i've started from scratch on this one. i uninstalled moblock and the libs, then reinstalled using the debs in the first post (just to make sure i was on the right versions).

...and everything worked out fine. i'm still not sure what the problem was, but i'll assume user error and be happy. :) actually, i think i was using the wrongs debs to start and just snowballed from there.

thanks for the help.

I have just installed the 64-bit version of moblock and followed the guide in the first post and it appears to be running ok (logs show it is blocking things at least).
I have one question though.

I have a really crap router and the firewall settings in it are very ropey and because I have to reset it to factory settings once a day to get proper access, I don't bother with the firewall rules at all, meaning everything is blocked.
So that being the case, is something like moblock still useful?

?yo does anyone know how to open up specific ports so that they aren't blocked at all? I can't figure it out and I'm sure it is something simple, but it is driving me nuts haha

?yo does anyone know how to open up specific ports so that they aren't blocked at all? I can't figure it out and I'm sure it is something simple, but it is driving me nuts haha

sure is... search this thread for "whitelist" (hint: /etc/moblock/MoBlock-nfq.sh)

@shame: a "normal" firewall and moblock have different purposes. If you want to block the IPs in moblock´s blocklist then moblock is usefull for you (this is all moblock is for, nothing more, nothing less). Go to www.bluetack.co.uk to see of what kind these IPs are.
On the other side your routers firewall will give you protection against unwanted connections/attacks not related to specific IPs.

Has there been any progress in a GUI for MoBlock?

Nope. You'll be better of just creating a "launcher" and tick "run in terminal". The "command should be;
tail -f /var/log/moblock.log

If you're a bit adventurous, you could try something like this;
[ -n "$(pidof moblock)" ] && tail -f /var/log/moblock.log || echo "moblock is not running..."

This last code block is not fool proof, since i'm _not_ running ubuntu ATM. So i don't know if this still applies. (You should note however, that moblock takes some time to register it's "pid" so don't hammer this right away after booting up...)

Now, if you do this in kde (create a launcher, that is), you can have it placed in the system tray if you want. yay! ;)

Hello, I followed your feisty instructions. Everything seems to be going fine & I was wondering how to make moblock startup when I startup my ubuntu install. Thanks.

tip: I also use a good hosts file, http://www.mvps.org/winhelp2002/hosts.htm

Hey all,

I used the following instructions to get moblock working on my Feisty 64bit install:

sudo dpkg -i libnfnetlink0_0.0.14-1.1_amd64.deb
sudo dpkg -i libnfnetlink-dev_0.0.14-1.1_amd64.deb
sudo dpkg -i libnetfilter-queue_0.0.11-1.1_amd64.deb
sudo dpkg -i libnetfilter-queue-dev_0.0.11-1.1_amd64.deb
sudo dpkg -i moblock-nfq_0.8-10_amd64.deb

moblock works, as far as I can tell, but I've got a broken package now. Synaptic manager tells me that libnetfilter-queue-dev is broken, but when I try to reinstall it, it tells me I have to install libnetfilter-queue1 as well. Fine by me, but I get the following error:

E: /var/cache/apt/archives/libnetfilter-queue1_0.0.12-1_amd64.deb: trying to overwrite `/usr/lib/libnetfilter_queue_libipq.so.1.0.0', which is also in package libnetfilter-queue

I'm very new to Ubuntu, so I'm afraid to proceed on my own here...

@shame: a "normal" firewall and moblock have different purposes. If you want to block the IPs in moblock´s blocklist then moblock is usefull for you (this is all moblock is for, nothing more, nothing less). Go to www.bluetack.co.uk to see of what kind these IPs are.
On the other side your routers firewall will give you protection against unwanted connections/attacks not related to specific IPs.

but iptables -A INPUT -s $i -j DROP blacklists a host $i completely; apparently, a firewall is rather good in blacklisting, and has many other options as well.

isnt this basicly what moblock does; sets the behavior of the firewall? I thought it was simply a script to use the well researched blacklists maintained for peerguardian with netfilter firewall, and to update them automatically?

when it comes to classifying packages coming to your host and dealing with them accordingly , firewalls do this 'for living', and are very sophisticated in this, with a lot of possibilities.

@aryah: Yes, what moblock does is basicly the same as inserting iptables rules for DROPing every range in the blacklists. It just does the dropping via the iptables rule QUEUE since this is faster for such a long list of IP ranges.
And yes, other firewalls in Linux also use the rich functionality of iptables (but in most cases not only based on the IP as moblock does).

I didn't see this issue addressed before but I could have missed it scanning the posts.

I have a problem with moblock-nfq when using apache and ssh. when its installed, web requests made to the server moblock is running on take ~7 seconds to reply instead of being near instant on my local network. The lag also occurs after putting my username in when I ssh to the machine. It takes ~7 seconds for the password prompt to pop back up. I'm a 4th year cs student and ip tables are one of those things I've heard of but never worked with so I'm at a bit of a loss in figuring out where to start.

I don't have any firewall or really anything other than a basic kubuntu LAMP setup. Fresh install a week or two ago.

First thing I did was try and add http to the whitelist but there was no effect:

#!/bin/sh
#
# MoBlock.sh - MoBlock start script
# ---------------------------------

ACTIVATE_CHAINS=1
WHITE_TCP_IN="http"
WHITE_UDP_IN="http"
WHITE_TCP_OUT="http"
WHITE_UDP_OUT="http"
WHITE_TCP_FORWARD="http https"
WHITE_UDP_FORWARD="http https"



And here's iptables -L:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
MOBLOCK_IN 0 -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW 0 -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
MOBLOCK_OUT 0 -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0



I would be very grateful of any help and I'm curious if anyone else uses torrentflux when moblock. I just rebuilt a server and things were working with a 8 or 9 month old version and older version of kubuntu before the harddrive expired.:(

Thanks
-Phish

Hello everybody,

I am running Moblock on a xubuntu (Edgy Eft) system and it's running okay so far. But I can't connect to jabber servers while Moblock is running.


Blocked OUT: Chaos Computer Club,hits: 1,DST: 217.10.10.194
Blocked OUT: Chaos Computer Club,hits: 2,DST: 217.10.10.194
Blocked OUT: Chaos Computer Club,hits: 3,DST: 217.10.10.194
Blocked OUT: Chaos Computer Club,hits: 4,DST: 217.10.10.194


This ip address is for jabber.ccc.de and I tried to unblock the ip address in /etc/cron.daily/moblock-nfq but it did not work. Does somebody here know how to unblock that specific ip address?

Thanks.

That was a quick one, I just needed to unblock the jabber ports in /etc/moblock/MoBlock-nfq.sh.

wrong post

Hey guys, I know theres being various posts about GUIs for moblock but none of them really seemed to appear, so Ive made a basic one for gnome using mono.
See what you think, the only thing in it that doesnt work at the moment is showing how many Ips are being blocked, I couldnt figure out how to do this, if anyone knows can they please let me know!

Ive included a readme on how to run it, anyway see what you think!

the gui looks good (or at least a promising start)
i dont like that it has to be run as root though. wouldnt it be better to run as regular user and then prompt for password when the user clicks a button that performs a taks that requires root privileges?

also u forgot to tell alltray to use the M logo u made

Thanks for the input! Have added your suggestions, found out how to display the number of ips being blocked and added a couple of other fixes.
Give it a go!

from everything i have looked at there is one thing I still don't see I can do with MoBlock

How can I have multiple blocklists instead of just guarding.p2p?

Really good job.
But :
- often we must restart firehol for stopping really moblock : one proposition : because Firehol is working with Moblock maybe ur gui could give access to the firewall too with root access to modify anything
- often we would update or whitelist : maybe link access could exist on panel...

from everything i have looked at there is one thing I still don't see I can do with MoBlock

How can I have multiple blocklists instead of just guarding.p2p?

I think you just pass them in as parameters when starting moblock. I reckon I could implement a block list manager do you know where to find other blocklists?

the new version of the gui is looking very good. thanks for implementing my suggestions

dont know how advanced u intend to make this gui but if ur planning to carry on improving it i would suggest a native non-alltray tray icon, maybe with some functionality liek showing different icons when enable and disabled etc

great job

edit:ive noticed mono an MoBlockGUI.exe stays in memory some times when u close it by rclicking the tray icon

good idea, will look into it, alltray just seemed the quickest solution but im sure its not hard to program it.
ive stuck it on gnomefiles might be easier to keep track of it than forum posts: http://www.gnomefiles.org/app.php/MoBlockGUI

edit: noticed that too, shall be fixed!

ive also noticed another thing, i dont know if its jut me who doesent know how to do things but ive made myself a launcher for the gui and it wont launch unless i edit startMoBlockGUI.sh and add a line at the top saying cd /path/to/moblockgui-dir

oh and u should hold a icon/logo design contest!

That GUI is very cool, although it involved a bit more than just installing mono and alltray. All I want now is a program that can run on clients to view the same information, as the computer running moblock just acts as a server...

But still it's a nice addition. The enable/disable button just seems to crash it but other than that it's good.

hmm the enable/disable button should work fine, does it work for you jamesford?
Do you have gksudo installed? As it calls that to get the root password to enable/disable moblock.
Anywho, have got native tray support added, and it also takes care of the process not being killed on quitting. Should have the next version uploaded to the gnomefiles page by tomorrow evening!

Again, great guide, thanks for updating it for Feisty.

How to add custom filters ? Please update the first post with how-to that

I'm not sure i understand what you mean by "custom filters"? If you could elaborate on that i might update the howto...

In PG you can make lists on your own, that's what I mean with custom filter, so how to make them in Moblock or how to add more blocked IPs on your own ?

Hello rautamiekka,


I think you can handle that by adding your own range of ip in /etc/moblock/guarding.p2p according to the .p2p format. I do not know any moblock script configuration file which does that yet.
You can also create your own list in a .p2p format and modify the shell variable BLOCKLISTS defined in /etc/cron.daily/moblock-nfq. I do not really like that.

I know you can edit /etc/moblock/MoBlock-nfq.sh and put your own tcp, udp whitelist.

But the most important to remember is that MoBlock is not a firewall.

Would you please give me an example when you use your own IP to be blocked by MoBlock?

Thx,

i tried the moblockgui and it's pretty cool but there were some things I wanted to be able to do other than start and stop it. so i wrote a graphical bash script that uses zenity (which is defaultly installed in ubuntu). i don't have anywhere to host the file so i'll post the text here. make sure you add execute permissions on the file, then doubble click and run. the only thing i haven't been able to do is dock the application. everytime i dock it with alltray, alltray quits with the application.

This is what Mobutil2 can do:

restart moblock
stop moblock
set moblock to autostart at boot
remove from autostart at boot
show end of log file
display process ID of moblock
show list of addresses affected
update the blocklist
disable daily update of blocklist
enable daily update of blocklist

Mobutil2 script
#!/bin/bash

pid()
{
if [ $(gksu pidof moblock) != "0" ]; then
zenity --info --text "Moblock's PID is "$(gksudo pidof moblock) --width 400
else
zenity --info --text "Moblock is not running" --width 400

fi
}

until [ "$selection" = "0" ] ; do
selection=$(zenity --height=385 --width=400 --list --text "Please choose an option" --radiolist --column "Choose" --column "Action" FALSE Restart FALSE Stop FALSE "Set to autostart" FALSE "Remove from startup" FALSE "Show end of log file" FALSE "Show Process ID" FALSE "Show blocked addresses" FALSE "Update block list" FALSE "Set to update block list daily" FALSE "Remove Daily Block list update" FALSE "Exit"); echo $selection
case "$selection" in
"Show Process ID" ) pid ;;
"Restart" ) gksu /etc/init.d/moblock-nfq restart | zenity --progress --pulsate --text Restarting ;;
"Stop" ) gksu /etc/init.d/moblock-nfq stop | (zenity --progress --pulsate --text Stopping) ;;
"Set to autostart" ) gksu update-rc.d moblock-nfq defaults | zenity --info --text "Moblock will start at boot" --width 500 ;;
"Remove from startup" ) gksu "update-rc.d -f moblock-nfq remove" | zenity --info --text "Moblock will NOT start at boot" --width 500 ;;
"Show end of log file" ) tail /var/log/moblock.log | zenity --text-info --height 300 --width 530 ;;
"Show blocked addresses" ) cat /etc/moblock/guarding.p2p | grep ads | zenity --text-info --height 300 --width 530 ;;
"Update block list" ) gksu sh /etc/cron.daily/moblock-nfq | (zenity --progress --pulsate --text Updating) ;;
"Set to update block list daily" ) gksu chmod -x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be updated daily" --width 500 ;;
"Remove Daily Block list update" ) gksu chmod +x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be NOT updated daily" --width 500 ;;
"Exit" ) exit ;;
esac
done
exit

Hi empthollow,

Your script is pretty cool and light. Thx for posting

sloter

glad you like it, let me know if you can find a way to dock it.

i updated the script to display in the first window if moblock is running or not, here is the new code:

#!/bin/bash

pid()
{
if [ $(pidof moblock) != "0" ]; then
zenity --info --text "Moblock's PID is "$(pidof moblock) --width 400
else
zenity --info --text "Moblock is not running" --width 400

fi
}

until [ "$selection" = "0" ] ; do

if [ $(pidof moblock) != "0" ]; then
text=""
else
text="not "

fi

selection=$(zenity --height=385 --width=400 --list --text "Moblock is "$text"running" --radiolist --column "Choose" --column "Action" FALSE Restart FALSE Stop FALSE "Set to autostart" FALSE "Remove from startup" FALSE "Show end of log file" FALSE "Show Process ID" FALSE "Show blocked addresses" FALSE "Update block list" FALSE "Set to update block list daily" FALSE "Remove Daily Block list update" FALSE "Exit"); echo $selection
case "$selection" in
"Show Process ID" ) pid ;;
"Restart" ) gksu /etc/init.d/moblock-nfq restart | zenity --progress --pulsate --text Restarting ;;
"Stop" ) gksu /etc/init.d/moblock-nfq stop | (zenity --progress --pulsate --text Stopping) ;;
"Set to autostart" ) gksu update-rc.d moblock-nfq defaults | zenity --info --text "Moblock will start at boot" --width 500 ;;
"Remove from startup" ) gksu "update-rc.d -f moblock-nfq remove" | zenity --info --text "Moblock will NOT start at boot" --width 500 ;;
"Show end of log file" ) tail /var/log/moblock.log | zenity --text-info --height 300 --width 530 ;;
"Show blocked addresses" ) cat /etc/moblock/guarding.p2p | grep ads | zenity --text-info --height 300 --width 530 ;;
"Update block list" ) gksu sh /etc/cron.daily/moblock-nfq | (zenity --progress --pulsate --text Updating) ;;
"Set to update block list daily" ) gksu chmod -x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be updated daily" --width 500 ;;
"Remove Daily Block list update" ) gksu chmod +x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be NOT updated daily" --width 500 ;;
"Exit" ) exit ;;
esac
done
exit

nice script empthollow, but i keep getting the following error:
No column titles specified for List dialog.
./moblockgui.sh: line 27: --radiolist: command not found
./moblockgui.sh: line 29: FALSE: command not found

ideas?

the lines must have been truncated somehow when you cut/pasted them into a new file.

cool script. thanks :)

Hi everybody,

i've been using moblock for some time and i think it's a great application. I had to reinstall my ubuntu box and now i can't install moblock. It seems that the moblock repository's are not working (moblock is not present in the repository). Apt is giving me the 404 error.

If anybody knows where else I can find the file I'd much appreciate any info, thanks.

Hi everybody,

i've been using moblock for some time and i think it's a great application. I had to reinstall my ubuntu box and now i can't install moblock. It seems that the moblock repository's are not working (moblock is not present in the repository). Apt is giving me the 404 error.

I having the same problem. :(

Check out Trevino's repo:

http://3v1n0.tuxfamily.org/dists/feisty/3v1n0/

Check out Trevino's repo:

http://3v1n0.tuxfamily.org/dists/feisty/3v1n0/


Thanks for the help. :)

the lines must have been truncated somehow when you cut/pasted them into a new file.
i guess that was it... stupid nano. ;-)

stupid nano
nano -w

:D

i updated the script to display in the first window if moblock is running or not, here is the new code:[...]

"Show blocked addresses" ) cat /etc/moblock/guarding.p2p | grep ads | zenity --text-info --height 300 --width 530 ;;This way you won´t see all blocked addresses, so remove "| grep ads"


"Set to update block list daily" ) gksu chmod -x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be updated daily" --width 500 ;;
"Remove Daily Block list update" ) gksu chmod +x /etc/cron.daily/moblock-nfq | zenity --info --text "Block list will be NOT updated daily" --width 500 ;;Should be the other way I think.


From a first glance the rest seems nice and ok.
jre

EDIT: "Stop moblock" has funny results on your script, so that you have to kill it manually. I didn´t test the other options.

I am running Feisty xubuntu now and installed Moblock, but it is not running correct.

Here is what the shell says:


sudo /etc/init.d/moblock-nfq restart
* Restarting moblock moblock [ OK ]


This is looking good.

cat /etc/moblock/guarding.p2p | grep ads

A big load of ip addresses, seems to be okay.


ping -c1 218.214.123.52
PING 218.214.123.52 (218.214.123.52) 56(84) bytes of data.

--- 218.214.123.52 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Looks good, too.

tail /var/log/moblock.log

Nothing happens, the file is empty.

pidof moblock

There is no process id for moblock.


sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Moblock did not set up any rules for iptables.

Any ideas?

Occidere,

Did you try kill -SIGHUP `cat /var/run/moblock.pid`
This lets moblock perform a re-initialization. Dumps and resets stats then reloads blocklist file.

sloter

I have been unable to get MoBlock to Install on Kubuntu Fiesty. I get the following error:


frank@TropicalIsland:~$ sudo apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
moblock-nfq: Depends: libc6 (>= 2.5-5) but 2.5-0ubuntu14 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.13) but 0.0.12-1 is to be installed
Depends: libnfnetlink0 (>= 0.0.25) but it is not installable
E: Broken packages

i was unable to find a way to upgrade to the new version as well and can't find those packages. :confused:

I've got the same issue as CaptainWalrus and I'm running Ubuntu Feisty. Any thoughts?

I have installed Moblock as described and it appears to be working when I ping an address the first time

$ ping -c1 209.87.178.244
PING 209.87.178.244 (209.87.178.244) 56(84) bytes of data.

--- 209.87.178.244 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


but if I then ping the same address or another address again it doesn't block it


$ ping -c1 209.87.178.244
PING 209.87.178.244 (209.87.178.244) 56(84) bytes of data.
64 bytes from 209.87.178.244: icmp_seq=1 ttl=240 time=124 ms

--- 209.87.178.244 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 124.296/124.296/124.296/0.000 ms


If I restart moblock
$ sudo /etc/init.d/moblock-nfq restart
* Restarting moblock moblock [ OK ]


It blocks again for 1 ping only.

Occidere,

Did you try kill -SIGHUP `cat /var/run/moblock.pid`
This lets moblock perform a re-initialization. Dumps and resets stats then reloads blocklist file.

sloter

cat: /var/run/moblock.pid: No such file or directory

Does not work, too.

OK guys, the moblock deb was compiled/updated against "unstable". That means you have two options;
1. Find the old package in /var/apt/cache and downgrade + comment out moblock repo in sources.list
2. Force installation. (completely on your own risk though. can _not_ guarantee it'll work)

It might help if somebody who have the latest working deb could post it at one of those download link sites (You know what i mean), for people here, who can't get it otherwise.
_NOTE_ ; If this is a new installation: "dpkg" doesn't resolve dependencies for you, but gdebi (the graphical package installer in ubuntu) does. So remeber to install libnetfilter-queue and libnfnetlink with dpkg method.

The package that doesn't work is "moblock-nfq_0.8-15_i386.deb", that got uploaded to the repo june 13:th (two days ago), and thus you should be looking for moblock-nfq_0.8-14_i386.deb.

I myself can't compile a new version of moblock for you, since i am _not_ running ubuntu ATM. You're not missing out on anything though, since _no_ new stuff was added, but it was just compiled against _other_ libs introduced to debian "unstable" of which this repo is originally for.

I have been unable to get MoBlock to Install on Kubuntu Fiesty. I get the following error:

The following packages have unmet dependencies:
moblock-nfq: Depends: libc6 (>= 2.5-5) but 2.5-0ubuntu14 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.13) but 0.0.12-1 is to be installed
Depends: libnfnetlink0 (>= 0.0.25) but it is not installable
E: Broken packages

The reason for those unmet dependencies is that the moblock package is for Debian. But you could build ubuntu packages out of the moblock source.

There is also an alternative to the peerguardian linux alternative, named iplist (http://iplist.sf.net), which has prebuild Ubuntu Feisty packages.

moblock-deb.sourceforge.net provides the old package again (depends on libc6 >= 2.3.6-6, libnetfilter-queue1 >=0.0.12, libnfnetlink1 >= 0.0.16, lsb-base >= 3.0-3, gzip, iptables, wget).

@Zaphrod+Occidere: No idea...

Greets
jre

I'm feeling both frustrated and stupid at this point. I *must* whitelist these two bits or I am unable to do anything on the internet (it basically blocks my entire connection):

Blocked OUT: Route Object for IBMGSATL,hits: 4,DST: 67.32.118.46
Blocked OUT: Route Object for IBMGSATL,hits: 3,DST: 65.83.241.181


I'm not sure what I'm supposed to whitelist (though, after looking through a big portion of the forum, I know how to edit it through root, where to edit and that I can't whitelist IPs, which is not good, since it's only those two IPs I need whitelisted).

I'm new to Ubuntu (and Linux) but I'm also *really* missing PeerGuardian2 atm. I'm sorry I can't figure it out on my own. >_<

I'm quoting... my own FAQ! :D

What about filtering out some stuff i wan't to connect to?
If you want to whitelist ip ranges then do it in cleartext in /etc/cron.daily/moblock-nfq at line 114 (at the end of the file).
Remove the two # (hashes) which makes it (the lines of code) commented out. add names of ip ranges from the guarding.p2p file. like this;
grep -v -i "IBMGSATL" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

I did however adjust it a bit just for you. :)
I know this concept is frightening, but this is often how things are done in linux, since everything is more or less ready to be run on a "headless" server. I agree the configuration files could be improved for readability quite a bit, but i am not the maintainer of this package. Furthermore, i also think what is missing is a decent GUI to do these kind of things, but until then this will have to do. Happy blocking!

Oh, thank you so much! :) I just couldn't figure out what I was supposed to put there. >_< I read your guide about fifteen times, too. Apparently, I'm just dense. :)

And yeah, a GUI would be nice. :)

i would know if i can use moblock with deluge torrent client (http://deluge-torrent.org).
It seems that moblock doesn't block any ip's with this client. How can i make a test?
Deluge client has a blocklist importer plugin, but i would use moblock in order to filter ip's on ed2k and torrent net.
Thanks
Bye
pepz

It seems that moblock doesn't block any ip's with this client. How can i make a test?
You got this all wrong. moblock is just a layer between the internet and your kernel (although this explanation is heavily simplified)

Internet -> moblock -> kernel -> $application

See? moblock serves the kernel, not specific applications. I've described in my FAQ, how to test the functionality of moblock...

ok, i've made same mistakes... by the way, i understood that moblock works perfectly only if i start it manually, after my connection to the net, and after i can see in moblock.log file this string
NFQUEUE: binding to queue '0'

How can i solve this matter in order to let moblock work at the boot?
bye
pepz

I dont understand your question. Are you saying that it does start automatically at boot, but that you have to do it a second time manually before moblock is functional?

yes; if i don't restart it manually, i can't see the string
NFQUEUE: binding to queue '0' and moblock doesn't work.
bye
pepz

That is probably because moblock has to load a gigantic blocklist _before_ it's ready to kick ***. I suggest you wait a bit before checking moblock.log out after a reboot. Just a theory...

i followed your suggestion, i waited for 10 min, but nothing happens. This is my moblock.log file

pepz@ubuntu:~$ tail -f /var/log/moblock.log
Skipping useless range: (050412) The Thing, Lovgate 3389 6000
Skipping useless range: (050309) W32.Rahack 4899
Skipping useless range: (050428) W32.Spybot 1433 6000
Skipping useless range: (050412) W32.Rahack 4899
Skipping useless range: (050430) Lala, W32.Keco 1025
Skipping useless range: (050428) W32.Spybot 1433 6000
Skipping useless range: (050326) Unassigned 33437
Ranges loaded: 276189
Merged ranges: 316
Skipped useless ranges: 8372


How can i edit moblock-nfq in order to start it when i connect to the Net?
I've a dsl dial-up connection.
thanks a lot.
pepz

ok i solved the problem with a start script placed in /etc/ppp/ip-up.d/
How can i am sure that moblock autoupdates its lists?
thanks
bye
pepz

that's wierd. I don't really understand why moblock had to be started up after ppp, but nevertheless, good job!
There's a cron script that does updates daily. it's in /etc/cron.daily (i belive). You can move it to cron.weekly or deactivate it (chmod -x). But it's already activated by default...

ok i know that there's a script in /cron.daily, but how can i verify that ubuntu starts this script daily? is there a log where can i see this?
bye
pepz

i dont trust the /cron.daily script. found it better to move the script elsewhere and run it with crontab, that way i get system email confirming the updates as well

how have i to edit crontab in order to run that script?
only adding a line with the script's path?
thanks
bye
pepz

I get this error when trying to open/install the MoBlock deb
error: dependency is not satisfiable libnfnetlink0
Thanks for any help

Hello Roxlo,

Did you try the Edgy installation in the first page of this thread ?

Best,

I tried to install Moblock but I keep on getting this error:

Get:1 http://us.archive.ubuntu.com feisty/universe libnetfilter-queue1 0.0.12-1 [6716B]
Fetched 6716B in 0s (15.6kB/s)
(Reading database ... 155727 files and directories currently installed.)
Removing peerguardnf ...
(Reading database ... 155722 files and directories currently installed.)
Unpacking libnetfilter-queue1 (from .../libnetfilter-queue1_0.0.12-1_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/libnetfilter-queue1_0.0.12-1_i386.deb (--unpack):
trying to overwrite `/usr/lib/libnetfilter_queue_libipq.so.1.0.0', which is also in package libnetfilter-queue
Selecting previously deselected package moblock-nfq.
Unpacking moblock-nfq (from .../moblock-nfq_0.8-15_i386.deb) ...
Errors were encountered while processing:
/var/cache/apt/archives/libnetfilter-queue1_0.0.12-1_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


Please help.

I tried installing MoBlock on my Dapper 6.06 once it was a living hell. Until the system crashed on me indefinitely for some other related issue. Then I reluctantly installed Feisty 7.04 which to my surprise made a bunch of installations very care free.

So I would recommend getting rid of your old Ubuntus and install Feisty after that installing Moblock is only 4 lines in terminal and your done!

Hi,

I'm the new maintainer of moblock-deb.sourceforge.net. Since a long time I'm working on the init and update script (the version in the current moblock.deb is based on an early version).

I'm still working on a new release for the repository so that you can simply "aptitude install moblock-nfq" them. I will offer the packages in different flavors (for now etch, lenny and sid, but I'm planning to also compile them for some Ubuntu versions).

I've put a prerelease for direct download on the site. These are the moblock-nfq versions for (links are under the distribution names):

etch (Debian stable; should work on older ubuntu versions, but I don't know how old - probably not on Dapper and before.
dependencys:
libc6 (>= 2.3.6-6)
libnetfilter-queue1 (>= 0.0.12)
libnfnetlink1 (>= 0.0.16)
lenny (Debian testing; should work on newer ubuntu versions)
sid (Debian unstable; should work on newer ubuntu versions)
dependencys of lenny and sid packages:
libc6 (>= 2.6-1)
libnetfilter-queue1 (>= 0.0.13)
libnfnetlink0 (>= 0.0.25)

NOTE: These links will only work temporarily - I'll edit this post when something changes.

The packages are signed, so you can do a:
gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg --export --armor 9072870B | sudo apt-key add -

Then, download the package in the correct flavor and do a
dpkg -i <packagename>

Have a look at the files in /usr/share/doc/moblock-nfq/, especially NEWS.Debian. The scripts changed, everything is done via the new "moblock-control" now.

I'm very interested in test reports ;-)

Last but absolutely not least: A big THANK YOU to clessing who started the project moblock-deb. Unfortunately he hasn't enough time to continue his good work.

jre

EDIT 2007-09-04: Removed links because preview repository is online

Congrats jre and good luck!
Talk to you soon.
sloter

Hey guys... I've succesfully used moblock for almost a year now and am very happy with this prog... I do have a little problem, and I don't think I've seen anyone mentioning it here so far:

my moblock seems to get restarted every morning around 0900 hours regardless of the +x or -x property on the /etc/cron.daily/moblock-nfq I've even tried removing the file completely - made no difference.
As soon as this restart of the moblock process is done, I a load of those skipping duplicate ranges and such messages on screen and the last message in the log is
ranges loaded xxy...

My internet connection dies completely as of this moment.


The only solution I have found is running manualy
sudo /etc/init.d/moblock-nfq restart


than the reloading ends with
ranges loaded xxy...
NFQUEUE: binding to queue '0'


everything works perfectly than...


note that in the first "improper" reload I don't get the nfqueue msg... I am unsure why this is happening, but am getting a bit tired having to manually restart moblock every morning when I get up... it's annoying. :confused:


thank you very much in advance if anyone can help me...

As of now i keep getting the same error when trying to install moblock as root. I added the deb links to sources.list and then did everything else and then : I get the same error as bamend

¨Get:1 http://us.archive.ubuntu.com feisty/universe libnetfilter-queue1 0.0.12-1 [6716B]
Fetched 6716B in 0s (15.6kB/s)
(Reading database ... 155727 files and directories currently installed.)
Removing peerguardnf ...
(Reading database ... 155722 files and directories currently installed.)
Unpacking libnetfilter-queue1 (from .../libnetfilter-queue1_0.0.12-1_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/libnetfilter-queue1_0.0.12-1_i386.deb (--unpack):
trying to overwrite `/usr/lib/libnetfilter_queue_libipq.so.1.0.0', which is also in package libnetfilter-queue
Selecting previously deselected package moblock-nfq.
Unpacking moblock-nfq (from .../moblock-nfq_0.8-15_i386.deb) ...
Errors were encountered while processing:
/var/cache/apt/archives/libnetfilter-queue1_0.0.12-1_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)¨

I think the server is down for moblock. I dont know if that is the problem cuz it get the deb files alright. But then there is a dependency issue. I´m using feisty 7.04

As of now i keep getting the same error when trying to install moblock as root. I added the deb links to sources.list and then did everything else and then : I get the same error as bamend

root@Den:~# sudo apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
moblock-nfq is already the newest version.
You might want to run `apt-get -f install' to correct these:
The following packages have unmet dependencies:
libnetfilter-queue1: Depends: libnfnetlink1 (>= 0.0.16) but it is not going to be installed
moblock-nfq: Depends: libnfnetlink1 (>= 0.0.16) but it is not going to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
root@Den:~# apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following extra packages will be installed:
libnfnetlink1
The following NEW packages will be installed:
libnfnetlink1
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
Need to get 0B/7582B of archives.
After unpacking 61.4kB of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 116963 files and directories currently installed.)
Unpacking libnfnetlink1 (from .../libnfnetlink1_0.0.16-1_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/libnfnetlink1_0.0.16-1_i386.deb (--unpack):
trying to overwrite `/usr/lib/libnfnetlink.so.1.0.0', which is also in package libnfnetlink0
Errors were encountered while processing:
/var/cache/apt/archives/libnfnetlink1_0.0.16-1_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

This is after i had done the install already and it gave me what bamend gave and then a dependency error. Is the ANOTHER program cuz i really need something like this supported for linux

I think the server is down for moblock. I dont know if that is the problem cuz it get the deb files alright. But then there is a dependency issue. I´m using feisty 7.04

Hello phonzie,

Did you install peerguardnf before moblock?
In your install log it seems that peerguardnf was installed.
May be try sudo aptitude purge peerguardnf . Be careful this will remove peerguardnf and ll its configuration files...

sloter

@NiksaVel: Really strange. Did you ever install some moblock stuff manually? I guess there are some things left that cause your problems.
Search your disk for any moblock files ("find / -name "*moblock*") and check your /etc/crontab for moblock entries.

@phonzie and all those with dependency problems:
Try the packages I posted in this post (http://ubuntuforums.org/showpost.php?p=3187264&postcount=580).
These packages have different dependencys (I just added the dependency information in my original post).
For phonzie (on Feisty) I'd suggest the lenny or sid package.

Actually @slotter I´ve never installed peerguarding this is a brand new installation of feisty fawn 7.04 so im still getting used to it.

I will try your packages in the other post and see if they work, can i just use synaptic to install the dependencies?

I tried to install those depencies like i tried before and i get this error :
E: /var/cache/apt/archives/libnfnetlink1_0.0.16-1_i386.deb: trying to overwrite `/usr/lib/libnfnetlink.so.1.0.0', which is also in package libnfnetlink0

OK i figured it out, i had to install more recent versions of the packages from the Debian packages website. Now it installed the Lenny version. How do i run it?

OK i figured it out, i had to install more recent versions of the packages from the Debian packages website. Now it installed the Lenny version. How do i run it?
It's running automatically (may be turned off in /etc/moblock/moblock.conf)) but you can control it manually with "moblock-control". Have a look at /usr/share/doc/moblock-nfq/NEWS.Debian.gz.

When you have WHITE_TCP_OUT="http https" then if I understand correctly outbound connections on port 80 are possible.

If someone has a bittorrent client with their inbound port set to 80 then connections would therefore still occur - correct?

Awesome guide bro :) Keep up the good work ;)

thanks for the sweet How To! I think i got this baby running! no problems so far! :popcorn::popcorn::popcorn::KS:KS:KS

For people running hamachi -- by default, moblock will block all traffic from the 5.0.0.0-5.255.255.255 address range. Do the following to remove the hamachi subnet from the downloaded blocklist:

open the cron file that downloads the new blocklist every day...
$ gksudo gedit /etc/cron.daily/moblock-nfq &

now add the following down near the bottom of the file, just before the line that reads "mv $PG_LIST $PG_LIST.backup"...
# whitelist the hamachi subnet
grep -v -i "5.0.0.0-5.255.255.255" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

save & close gedit, then update the blocklist & restart moblock...
$ sudo /etc/cron.daily/moblock-nfq
$ sudo /etc/init.d/moblock-nfq restart

that's it, you're done!

if you want to double-check that the hamachi subnet has been removed from the blocklist...
$ grep -i "5.0.0.0-5.255.255.255" "/etc/moblock/guarding.p2p"

you should not see any matches for 5.0.0.0-5.255.255.255 in the grep output.

@ quixotic-cynic,

If someone has a bittorrent client with their inbound port set to 80 then connections would therefore still occur - correct?

Unfortunately, this is correct.

sloter

@NiksaVel: Really strange. Did you ever install some moblock stuff manually? I guess there are some things left that cause your problems.
Search your disk for any moblock files ("find / -name "*moblock*") and check your /etc/crontab for moblock entries.

here... hope this makes sense to you :confused: and no ... I don't think I've tried any kind of manual installation - strictly whats written in this thread...



niksavel@sidious:~$ sudo find / -name "*moblock*"
Password:
/var/run/moblock.pid
/var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_unstable_Release
/var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_unstable_main_bin ary-i386_Packages
/var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_unstable_main_sou rce_Sources
/var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_unstable_Release. gpg
/var/lib/dpkg/info/moblock-nfq.prerm
/var/lib/dpkg/info/moblock-nfq.list
/var/lib/dpkg/info/moblock-nfq.conffiles
/var/lib/dpkg/info/moblock-nfq.md5sums
/var/lib/dpkg/info/moblock-nfq.postinst
/var/lib/dpkg/info/moblock-nfq.postrm
/var/log/moblock.log
/var/log/moblock.log.1
/var/log/moblock.log.2.gz
/var/log/moblock.log.3.gz
/var/log/moblock.log.4.gz
/var/log/moblock.log.5.gz
/var/spool/moblock
/etc/cron.daily/moblock-nfq
/etc/cron.daily/moblock-nfq~
/etc/init.d/moblock-nfq
/etc/logrotate.d/moblock-nfq
/etc/rc0.d/K20moblock-nfq
/etc/rc1.d/K20moblock-nfq
/etc/rc2.d/S20moblock-nfq
/etc/rc3.d/S20moblock-nfq
/etc/rc4.d/S20moblock-nfq
/etc/rc5.d/S20moblock-nfq
/etc/rc6.d/K20moblock-nfq
/etc/moblock
/home/niksavel/shared/tools/linux/moblock
/home/niksavel/moblock-nfq
/home/niksavel/moblockgui.sh
/usr/bin/moblock-nfq
/usr/bin/moblock
/usr/share/doc/moblock-nfq
/usr/share/man/man1/moblock.1.gz
niksavel@sidious:~$

keith@ubuntulappy:~$ tail -f /var/log/moblock.log
Ranges loaded: 235566
Merged ranges: 219
Skipped useless ranges: 5392
NFQUEUE: binding to queue '0'
Blocked OUT: VeriSign Global Registry Services,hits: 1,DST: 199.7.55.74
Blocked OUT: VeriSign Global Registry Services,hits: 2,DST: 199.7.55.74
Blocked OUT: VeriSign Global Registry Services,hits: 3,DST: 199.7.55.74
Blocked OUT: VeriSign Global Registry Services,hits: 4,DST: 199.7.55.74
Blocked IN: Bogon,hits: 1,SRC: 61.253.107.50
Blocked IN: Bogon,hits: 2,SRC: 61.253.107.50


When I used PeerGuardian for XP my number of blocked IP's were somewhere in the millions.

Now in Moblock I have 235566 ranges blocked. My question is does Moblock block the same IPs as PG. Am I more at risk when using Moblock?

@Niksavel: Well, I can only see that you edited /etc/cron.daily/moblock-nfq. But if your problem still occurs when you make it not executable, then this can't cause your problem
Did you check your /etc/crontab for moblock entries?


When you have WHITE_TCP_OUT="http https" then if I understand correctly outbound connections on port 80 are possible.

If someone has a bittorrent client with their inbound port set to 80 then connections would therefore still occur - correct?

With "WHITE_TCP_OUT="http https"" you will only loose your protection when you initiate the connection, but not when another machine wants to connect to you (neither on port 80 or on another port).
I don't think that "inbound port set to 80" means that your outgoing traffic is also going over port 80 - but I think this might depend on your bittorrent client.


When I used PeerGuardian for XP my number of blocked IP's were somewhere in the millions.

Now in Moblock I have 235566 ranges blocked. My question is does Moblock block the same IPs as PG. Am I more at risk when using Moblock?
A range consists of many single IPs. In it's standard configuration the moblock deb blocks the same lists as PG Windows (without the edu list) and some additonal ones.

Greets
jre

Thanks for the replies about whitelisting port 80...

@Niksavel:
With "WHITE_TCP_OUT="http https"" you will only loose your protection when you initiate the connection, but not when another machine wants to connect to you (neither on port 80 or on another port).
I don't think that "inbound port set to 80" means that your outgoing traffic is also going over port 80 - but I think this might depend on your bittorrent client.


What about when other users set their inbound port as 80? Sending a packet to them is no different from an outbound packet from your machine to an http server listening on port 80 - so you have a hole in your protection. (WHITE_TCP_OUT="http https" means allow connections to xxx.xxx.xxx.xxx:80 and xxx.xxx.xxx.xxx:443 - adversaries just have to set their p2p client to accept connections on one of these ports and you have no protection).

It is such an obvious hole (for potential adversaries at any rate) that I would think anyone 'interested' would set their incomming port to 80 and you effectively get no more moblock protection using the default configuration.

This is simmilar to PG2's "allow http" which they reccomend you do not use for exactly the same reason. See here (http://wiki.phoenixlabs.org/wiki/PeerGuardian_2:FAQ#Should_I_keep_.22http_blocked.2 2_at_all_times.3F), here (http://wiki.phoenixlabs.org/wiki/PeerGuardian_2:FAQ#Is_it_safe_to_turn_off_the_.22B lock_HTTP.22_option.3F) and here (http://wiki.phoenixlabs.org/wiki/PeerGuardian_2:FAQ#PeerGuardian_is_blocking_my_fav ourite_site.21_How_do_I_unblock_it.3F) in the PG2 FAQ. This part (http://wiki.phoenixlabs.org/wiki/PeerGuardian_2:Manual#Solution_1:_Allow_All_Webpag es_.28Unblock_HTTP.29) in the manual also seems relevant.

That is certainly true. However, what about when other users set inbound port as 80... sending a packet to them is no different from an outbound packet from your machine to an http server listening on port 80 - so you have a hole in your protection. (WHITE_TCP_OUT="http https" means allow connections to xxx.xxx.xxx.xxx:80 and xxx.xxx.xxx.xxx:443 - adversaries just have to set their p2p client to accept connections on one of these ports and you have no protection).

It is such an obvious hole that I would think anyone 'interested' would set their incomming port to 80 and you effectively get no more moblock protection using the default configuration.

I'm _not_ quite sure i understand how you mean, but in either case moblock is not a firewall. Of course you're gonna have a hole in your protection, just as any really functional wall acctually has a door (port)...
If you then set your p2p client to port 80 that is still for incoming connections, so in essence your examaple has no effect in reality.

Maybe you should read up on iptables, and in particular the different "states" a connection can have.

Is it possible to have another list of IPs that you can manually add to so they want get overwritten when guarding.p2p file gets updated.

It is just I want to ban IP address that don't share.

Is it possible to have another list of IPs that you can manually add to so they want get overwritten when guarding.p2p file gets updated.

It is just I want to ban IP address that don't share.

[removed redundant section]

That said, the templist provided by bluetack allready attempts to block people reported for misdemenours so you could just find out how entries are added to the templist and report people you have a problem with to the appropriate place on the bluetack.co.uk website...

I am sorry that I cannot help more but I hope that some of that helps.

EDIT: BETTER IDEA

Use cat (type "man cat" in a terminal for the manual). See below for details.

Put two lines in /etc/cron.daily/moblock-nfq near line 100 - after the commented lines where it says "# uncomment below to unblock Yahoo! Mail and whatever" but *before* mv $PG_LIST $PG_LIST.backup.

You are doing a simmilar thing to unblocking but you are adding stuff - the lines need to be approximately as follows:

cat merged.p2b.p2p yourblockfile.txt > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

This merges your block file with the one that has just been gererated from the download. It then overwrites the generated block file with the new one with your lies included.

YAY! (I had no idea I could work out stuff like that properly) ;) Let people know if there is a problem with it - if I see I will try again - but it really should work I think.

Credit to pelle.k for his "What about filtering out some stuff i wan't to connect to?" that gave me the idea.

I'm _not_ quite sure i understand how you mean, ...

Ok, that is not reassuring for me considering you wrote such a useful thread - I really did think I understood this somewhat... now I am worried my question may not even make sense??!?

...but in either case moblock is not a firewall.

Understood.

Of course you're gonna have a hole in your protection, just as any really functional wall acctually has a door (port)...

I understand that you need ports open for any net-facing program to work. What concerns me it that by allowing connections from the local computer to port 80 or 443 on another computer then you actually have an issue with your moblock protection (not in a firewall sense). AFAIK you dont *need* a hole in you moblock protection, unlike with a firewall - you just have to put up with a few blocked sites (which is a bit of a pain).

If you then set your p2p client to port 80 that is still for incoming connections, so in essence your examaple has no effect in reality.

In one of my previous posts I wrote when you have WHITE_TCP_OUT="http https" then if I understand correctly outbound connections on port 80 are possible. I have not been talking about incomming connections at all. I am sorry if I am unable to write with a sufficient degree of clarity, I am doing my best.

Maybe you should read up on iptables, and in particular the different "states" a connection can have.

You are probably correct - it is a good suggestion. As far as I know, with TCP in general, you can have 'open connection' packets with RST header bits to open a connection and ACK header bits in all other TCP packets. Packets can be sent outbound or inbound. So, WHITE_TCP_OUT="80" would allow open connection packets out, and normal packets out and in on the same connection, but would not allow open connection requests from outside. My questions above are directed from this particular understanding so if it is wrong my question could be mis-directed, and if right then vice versa.

I will do some more iptables reading since I am used to routers, kerio and kaspersy...

--QC

Oh, don't worry if I don't get what you mean. After all, english isn't my first language... ;)
So, can i take a guess at what you mean is that;
You are worried that traffic from, say a BT download, could sneak through by answering another peer at port 80?

I guess that is unlikely, but not impossible. The rules moblock create are just a default set, and you are encouraged to adjust them to your liking. In fact, moblock states it is a utility for advanced users in the first place.

I guess you could adjust the rules inserted by moblock to whitelist_out port 80, but _not_ if "sport" is in a range used internally by your BT client (or whatever software we speak about...)
See? It's all in the rules inserted by moblock, primarily.

Yes, that was what I was going on about ^_^

It sound like it's possible to do more stuff than I thought with the config file so I will mess around with it a bit and see what I can do.

Thanks for the useful reply.

--QC

[removed redundant section]

cat merged.p2b.p2p yourblockfile.txt > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

Credit to pelle.k for his "What about filtering out some stuff i wan't to connect to?" that gave me the idea.

Thanks I will try this.

I guess you could adjust the rules inserted by moblock to whitelist_out port 80, but _not_ if "sport" is in a range used internally by your BT client (or whatever software we speak about...)
See? It's all in the rules inserted by moblock, primarily.

sport? did you mean dport!?

Anyway, if anybody has an practical way of doing this, then please post it! Personally I don't know a way how to use iptables rules on an application basis. The cleanest solution would be to only whitelist TCP out on port 80 for e.g. the webbrowser.
But anyway, I will change the default to no whitelisting. Sorry for all the users who will come here and ask why they can't surf or who will even not use moblock at all.

greets
jre

Hello,

Yes it could be excellent. I am currently reading some interesting netfilter documentation that may help
http://www.netfilter.org/documentation/index.html#documentation-howto

sloter

Reply CCd from here. (http://forums.phoenixlabs.org/showthread.php?p=107502&posted=1#post107502)

Thanks for taking the point seriously jre.

Changing the default may be excessive (perhaps?) since, as you say, some people may just give up etc. It is up to you as to what you choose to do about it.

An alternative could be to make people aware of the issue - and then they could choose whether it is an acceptable 'risk' or not.

If you do choose to change the default (or even if you dont) I will try to lurk around the PG and Ubuntu forum pages to help newbies. I am fairly new to linux (a few weeks) so am looking for somewhere I can contribute. Since I am quite paranoid this may be a good place to start... ;)
___
@sloter: thanks for the link, i'm sure it will be good reading.

I put a preview repository at moblock-deb.sourceforge.net/preview/debian

So just get my gpg key (see this post (http://ubuntuforums.org/showpost.php?p=3187264&postcount=580)) and add the following lines to your /etc/apt/sources.list:
Debian etch (stable):
deb http://moblock-deb.sourceforge.net/preview/debian etch main
deb-src http://moblock-deb.sourceforge.net/preview/debian etch main

Debian lenny (testing):
deb http://moblock-deb.sourceforge.net/preview/debian lenny main
deb-src http://moblock-deb.sourceforge.net/preview/debian lenny main

Debian sid (unstable):
deb http://moblock-deb.sourceforge.net/preview/debian sid main
deb-src http://moblock-deb.sourceforge.net/preview/debian sid main

Then you can easily install "moblock-nfq" (or "moblock-ipq")

Most important changes to the old debian packages from moblock-deb.sf.net:
moblock-control (see thread at forums.phoenixlabs.org, this implies many changes)
sloter's new man page
sloter's test function
NO port whitelisting (have a look at /etc/moblock/moblock.conf for this)

major TODOs:
Ubuntu packages (at least feisty and gutsy)
documentation updates

With these things done the repository will move to the old position (without the "preview" in the URL).

Feedback (including on which distribution you are) is very welcome!
You can have a look at the actual files at http://moblock-deb.svn.sourceforge.net/. Patches are always appreciated ;-)

Greets
jre

Anyway, if anybody has an practical way of doing this, then please post it! Personally I don't know a way how to use iptables rules on an application basis. The cleanest solution would be to only whitelist TCP out on port 80 for e.g. the webbrowser.
But anyway, I will change the default to no whitelisting. Sorry for all the users who will come here and ask why they can't surf or who will even not use moblock at all.
I hope you know how much we appreciate you work jre. My exmaple was just an idea, and i have not evaluated if this could be done at all _in reality_, because i have never felt the need to do this.
Either way, the point was only to show that moblock does the filtering; iptables does the traffic redirection :)

Let me point out that i am by no means an iptables guru.

Oh, and please do tell me when, and if, i need to update the howto to reflect any recent changes that will be more or less permanent from now on. :D

Oh, and please do tell me when, and if, i need to update the howto to reflect any recent changes that will be more or less permanent from now on. :D
Most things that will be permanent are already in the preview repository.
With the updated documentation I think you can easily change the howto.
Also, with special ubuntu packages the howto whould get much shorter ;-)
If you want I can announce the change of the official repository let's say 2 days in advance here and at forums.phoenixlabs.org.

Greets!!
jre

But anyway, I will change the default to no whitelisting. Sorry for all the users who will come here and ask why they can't surf or who will even not use moblock at all.
I dont want to be a pain in the ***, but i think the best thing would be to leave http and https whitelisted, since the arguments against it are rather small, and i also think quixotic-cynic only wanted to confirm his theory, and not argue against whitelisting really.
In the end, i'll notify people of what to do about it ( in the FAQ), whatever you decide to set as default behaviour.

If you want I can announce the change of the official repository let's say 2 days in advance here and at forums.phoenixlabs.org.

Yeah, that would be great :)

Any idea when the Ubuntu packages will be made available?

Also, will this new version still use the file in /etc/cron.d? I ended up deleting that, with the hope that reinstalling Moblock would add a more updated one in it's place (I've found that if I edit a file, dpkg may not replace it when installing a new version). But it didn't. Though, I'm using the regular repositories listed on the first page of this thread, so I don't know what is actually there.

I do have a version of Moblock running (the one from the current repositories), but I don't know if it's updating the filters at all.

@Zeikcied,

One way you can do to check if the blocking lists are updated is to check the creation date of the lists in /var/spool/moblock.
ls -la /var/spool/moblock

Also, when you reinstall a package previously installed use some --force or I don't know exactly with apt-get or aptitude or whatever package installer you use. That should allow you to reinstall the configuration files such as the cron.d... I guess

Thank you,

For people who are really worried about the whitelisting issue and are using moblock primarily for the level1 list - if you just use that list and turn off whitelisting then not many sites are blocked. For those that are, as a get-around, you can use www.ecoproxy.com or any other web proxy... (obviously dont trust them for secure stuff).

Whitelisting port 80 and 443 per default:
Pro:
- Most people will do this anyway
- Security risk not very big

Contra:
- Security risk does exist
- I've sometimes seen the question: "I still can surf to riaa.com! Why doesn't moblock work?"
- Upstream doesn't have per default whitelisting
- Users should at least be so experienced that they are ready to read the documentation.
- It's very easy to turn whitelisting on; I just commented out the line in moblock.conf.
- People running moblock not on their normal desktop machine don't want whitelisting

So, for now I think it's better to start with no whitelisting and just document this fact well. Most people will have no problem to change this behaviour - I hope so ;-)
If it causes to many troubles I can change it back on again.


Ubuntu packages:
when their ready ;-) Perhaps today, perhaps this week, in the worst case never - I'm on it.

/etc/cron.daily/moblock-nfq
does exist. If you don't want the daily updates you can now turn them off in moblock.conf - no need to do anything with this cron file.
In theory this file is not a conf-file so apt should just install a new version (I have to look into this, I'm not absolutely sure).
If I understood you correctly, Zeikcied, then this didn't work for you. So try "aptitude reinstall moblock-nfq" or even "aptitude purge moblock-nfq" and then "aptitude install moblock-nfq".
EDIT: well I tested it and the only way to get it back was to purge and install. I think apt will only look for user changes in real conf files and will then prompt what to do. Since the cron file is no conf file apt "knows" falsely that this file was not changed and so doesn't reinstall it. I think this is the normal behaviour in Debian so I won't change that.
Does the cron file come back when you upgrade from 0.8-15 to 0.8-16 (from the preview repository)?

Greets
jre

@Zeikcied,

One way you can do to check if the blocking lists are updated is to check the creation date of the lists in /var/spool/moblock.
ls -la /var/spool/moblock

Also, when you reinstall a package previously installed use some --force or I don't know exactly with apt-get or aptitude or whatever package installer you use. That should allow you to reinstall the configuration files such as the cron.d... I guess

Thank you,
I did that, and the dates were from back in December 2006. So...it hasn't been updated since?

Anyway, I did apt-get remove --purge, and then installed it again, and updated it manually. So, all the lists have been updated, and the cron.daily script is back. Hopefully it works now.

Also, I haven't used the preview repository yet. I'd rather wait until official Ubuntu packages are made. I don't want any possible conflicts between Debian and Ubuntu packages, even if there may not be any. Just to be safe.

In theory this file is not a conf-file so apt should just install a new version
Oh, and speaking of that. Waaay back when clessing was maintaining moblock, i asked him if he could source config files in to the scripts, so that you wouldn't have to mess with the actual scripts in order to change settings. This could be an idea for the final version.
This could also be useful for storing regex patterns (in a flat text file/s) for the update function. As it is now, people have to get down and dirty and watch out for syntax errors when doing these kind of manouvers...

just brainstorming here :)

Yay, Ubuntu Feisty support added!
Just add these lines to your sources.list if you're running feisty:
deb http://moblock-deb.sourceforge.net/preview/debian feisty main
deb-src http://moblock-deb.sourceforge.net/preview/debian feisty main
and add my key (see some posts above).

Gutsy seems to be broken at the moment, I'll look at that later.

Oh, and speaking of that. Waaay back when clessing was maintaining moblock, i asked him if he could source config files in to the scripts, so that you wouldn't have to mess with the actual scripts in order to change settings. This could be an idea for the final version.
Well, already done ;-)
Settings are made in /etc/moblock/moblock.conf and /etc/moblock/blocklists.list.
These configuration files are sourced by /usr/bin/moblock-control.
moblock-control offers start, stop, restart, reload, status, test and update.
The cron and init files first check moblock.conf if they shall run and if yes they source moblock-control (with start (init) or update (cron)).


Also, I haven't used the preview repository yet. I'd rather wait until official Ubuntu packages are made. I don't want any possible conflicts between Debian and Ubuntu packages, even if there may not be any. Just to be safe.
Oh, I always forget these dependency problems because I'm not running ubuntu :-) But you might try it now. Of course as always: absolutely no warranty, I can't even test the ubuntu packages. Test reports are always welcome.

jre

PS. Pelle, don't worry, I won't change the repository before I've updated the documentation.

I just noticed that Moblock is blocking my email.

My ISP (AT&T Yahoo DSL) switched the POP/SMTP settings to non-standard ports. And for whatever reason, the IP range used by the mail sub-domain names is blocked.

I tried adding one of the IPs to "TCP_WHITE_OUT" or whatever it is, in /etc/moblock/MoBlock-nfq.sh, and it doesn't seem to work. I'm using the version for Ubuntu Feisty in the regular repository (not the preview repository), if that makes any difference. The log says that the IPs are from Inktomi Corporation, which I've never heard of before. I turned off MoBlock, and I could send and receive my email perfectly fine.

Is there a way to simply whitelist by domain name instead of IP address? Or would I have to somehow find the full range that those domains use? (A GUI would really help with configuration problems such as this.)

I just noticed that Moblock is blocking my email.

I tried adding one of the IPs to "TCP_WHITE_OUT" or whatever it is, in /etc/moblock/MoBlock-nfq.sh, and it doesn't seem to work.

This part from the first post is what you want:

What about filtering out some stuff i wan't to connect to?

If you want to whitelist ip ranges then do it in cleartext in /etc/cron.daily/moblock-nfq at line 114 (at the end of the file).
Remove the two # which makes it commented out. add names of ip ranges from the guarding.p2p file. like this;
Code:

grep -v -i "whatever" merged.p2b.p2p | grep -v -i "whatever2" | grep -v "whatever3" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

-v means invert-match (so you get everything _but_ the search phrase. this has to be there.
-i means ignore-case, that is; "WhateveR" and "whatever" is both a match.

So what you have to do is check /var/log/moblock.log for the name of the range causing the problem and then replace whatever with the name of the range causing the problem.

EG:

To edit the file open a terminal and enter sudo gedit /etc/cron.daily/moblock-nfq where gedit is the name of your text editor (others include nano, mousepad etc). sudo gives the text editor proceeding it the rights required to edit a file in the root-owned /etc/ directory.

Add these two lines where instructed in the above:

grep -v -i "my_mail_service" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

...where my_mail_service is the name of the IP range that shows up in you log file.

What it does:
1) keeps all the lines except the ones you list
2) [> this bit] ouptuts the modified file to a temp file.
3) The temp file is then moved [mv] over the orginal file generated from the blocklist sources.
4) After this the blocklist is written out to it's location where it is actually used.

A GUI might save a bit of time but it is actually a lot more simple than it would first appear (the start of this thread by pelle.k is a lifesaver ;) )

This part from the first post is what you want:



So what you have to do is check /var/log/moblock.log for the name of the range causing the problem and then replace whatever with the name of the range causing the problem.

EG:

To edit the file open a terminal and enter sudo gedit /etc/cron.daily/moblock-nfq where gedit is the name of your text editor (others include nano, mousepad etc). sudo gives the text editor proceeding it the rights required to edit a file in the root-owned /etc/ directory.

Add these two lines where instructed in the above:

grep -v -i "my_mail_service" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

...where my_mail_service is the name of the IP range that shows up in you log file.

What it does:
1) keeps all the lines except the ones you list
2) [> this bit] ouptuts the modified file to a temp file.
3) The temp file is then moved [mv] over the orginal file generated from the blocklist sources.
4) After this the blocklist is written out to it's location where it is actually used.

A GUI might save a bit of time but it is actually a lot more simple than it would first appear (the start of this thread by pelle.k is a lifesaver ;) )
I saw that in the first post (which I looked over before replying with my problem) and I really couldn't make sense of that part. Thanks for making it a bit more clear for me.

I've only been using Linux, exclusively, since December of last year. While that seems like a long time, I've not actually had a lot of practice with the more advanced (in my opinion) stuff, like grep and all that. I took classes on Linux, I read a book on Red Hat 9 years ago, so I know various things like piping and pushing the results of a query to a file, but I've not had to really use any of that since I started using Kubuntu in December.

(Plus, years of Windows use has had me rely on GUI apps too much, I guess. I've become a lot more comfortable with the command line, but I can get easily confused.)

Again, thanks :)

Whitelisting port 80 and 443 per default:
Pro:
- Most people will do this anyway
- Security risk not very big

Contra:
- Security risk does exist
- I've sometimes seen the question: "I still can surf to riaa.com! Why doesn't moblock work?"
- Upstream doesn't have per default whitelisting
- Users should at least be so experienced that they are ready to read the documentation.
- It's very easy to turn whitelisting on; I just commented out the line in moblock.conf.
- People running moblock not on their normal desktop machine don't want whitelisting

So, for now I think it's better to start with no whitelisting and just document this fact well. Most people will have no problem to change this behaviour - I hope so ;-)
If it causes to many troubles I can change it back on again.


I'm using the unofficial amd64 packages for feisty.
Often I got Problems to resolve google.com. Therefor I added to my /etc/moblock/MoBlock-ipq.sh this:
WHITE_TCP_OUT="http https"
WHITE_UDP_OUT="53"

$ sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
MOBLOCK_IN 0 -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW 0 -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
MOBLOCK_OUT 0 -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
QUEUE 0 -- anywhere anywhere

Chain MOBLOCK_IN (1 references)
target prot opt source destination
QUEUE 0 -- anywhere anywhere

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
QUEUE 0 -- anywhere anywhere


Now I can surf almost any where I want to.

What are the downsides? Is this compareable secure like using only this?
WHITE_TCP_OUT="http https"
WHITE_UDP_OUT=""

$ ping -c1 microsoft.com
PING microsoft.com (207.46.197.32) 56(84) bytes of data.

--- microsoft.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


Results in:

Blocked OUT: Microsoft Corp,hits: 3,DST: 207.46.197.32


What is the meaning of this output? (useless ranges)
Skipping useless range: Fastsearch[Spy]
Skipping useless range: 80ke.com
Ranges loaded: 230261
Merged ranges: 188
Skipped useless ranges: 5131
Is that ok?

Thanks for making it a bit more clear for me.

I am happy it helped. I always think about that give [a man a fish / teach a man to fish] thing -- you can just say 'type this stuff and it will work' but in the long run that is tacky since you end up with loads of perma-newbies (& then some elitist people moan about it when they are usually the ones who exacerbate the problem :) ).

What are the downsides? Is this compareable secure like using only this?

What programs are you using moblock for? If it is a p2p app that can be configured to accept incomming connections on port 80 then someone could run their app on port 80 and your p2p client would connect to them since adding http whitelists port 80... that is the risk. You have to decide whether it is acceptable to you or not.

The ping and skipping useless ranges looks normal - it is to be expected. I'm not 100% sure what the useless ranges actually are, but it might have something to do with lines that have an invalid layout... (?)

You don't need to whitelist your DNS port (53) unless your specific DNS server IPs are being blocked by moblock. This is highly unlikely so don't bother whitelisitng port 53 unless you cant connect to *any* site (it will either work 100% or block all sites).

I am happy it helped. I always think about that give [a man a fish / teach a man to fish] thing -- you can just say 'type this stuff and it will work' but in the long run that is tacky since you end up with loads of perma-newbies (& then some elitist people moan about it when they are usually the ones who exacerbate the problem :) ).
That's always a good way to go about it.

My main point of confusion was this part:

grep -v -i "whatever" merged.p2b.p2p | grep -v -i "whatever2" | grep -v "whatever3" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

I see the series of grep commands, all piped together, and I'm thinking I need to use them all. I guess it's like that to demonstrate how to whitelist several ranges at once. But it confused me.

I'm not entirely a newbie, but it is nice to have some help along the way.

I see the series of grep commands, all piped together, and I'm thinking I need to use them all. I guess it's like that to demonstrate how to whitelist several ranges at once. But it confused me.
Lazy people would use egrep for that purpose.
egrep -iv "whatever1|whatever2|whatever3" merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p

merged.p2b.p2p > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
Can one use "tee" to cleanup this part of the code?
merged.p2b.p2p |tee merged.p2b.p2p
I'm not sure about that, though.
This would result in this oneliner:
egrep -iv "whatever1|whatever2|whatever3" merged.p2b.p2p|tee merged.p2b.p2p

I'm using the version for Ubuntu Feisty in the regular repository (not the preview repository), if that makes any difference.
Err, there's no version for Feisty in the official (not preview) repository.

Note that nothing is "official", it's just a private project started by clessing who is not the moblock author. But well, this might be hairsplitting.

Suggestions for improvements: I really appreciate those suggestions, but please note that I have changed the scripts very much - so please first have a look at the new "moblock-control" from the preview repository.
The IP remove part has the following part there:
[ -z "$IP_REMOVE" ] || {
# Delete lines from the blocklist:
IFS=";"
for XIP in $IP_REMOVE ; do
grep -v -i $XIP merged.blocklist > merged.blocklist.tmp || { log_failure_msg " failed!"; exit 1; }
mv merged.blocklist.tmp merged.blocklist || { log_failure_msg " failed!"; exit 1; }
done
IFS=$STDIFS
}
log_end_msg $?
I admit that this is no one-liner :-)
But all that users have to do is to change in /etc/moblock/moblock.conf (the configuration file for moblock-control) this line:
IP_REMOVE=""
There they can place a ";"-seperated list of the lines that they want to remove from their guarding.p2p.
Feel free to send me suggestions how to make this better/nicer/shorter/...

BTW: There's also another option in moblock-control to directly whitelist IPs with iptables. This is done very similar to the port whitelisting that is already present in the current old script.

The "skipping useless range" is because you sometimes find lines like the following which contain only one IP in their range:
(050418) Unassigned 33437:208.42.224.236-208.42.224.236. But if you look through your whole guarding.p2p then you will find this line which already contains this IP.
Data393 Inc:208.42.224.0-208.42.237.223. This is why the useless first range is skipped. Note, that I haven't read the code, but it just has to be so :-)

Oh, any feedback for the preview repository?

greets
jre

I did work around the currently broken Ubuntu Gutsy base files. So here they are: moblock debs for Ubuntu Gutsy. Just add these lines to your /etc/apt/sources.list:
deb http://moblock-deb.sourceforge.net/preview/debian gutsy main
deb-src http://moblock-deb.sourceforge.net/preview/debian gutsy main and add my GPG key (see above) if you haven't done so already.

Currently I'm not going to make Ubuntu Edgy, Dapper or {even earlier distro} packets because they miss the netfilter libraries. If someone needs them I might look into it.

Feedback is still very welcome :-) Please always tell me what distro your using.

jre

Err, there's no version for Feisty in the official (not preview) repository.

greets
jre
There isn't?

Then I guess I'm using the Edgy packages. I didn't actually check Adept to see which repositories it's using for Moblock. *checks* Wow. So I've been using the Debian packages. That's interesting. (You can tell I don't often look back on this stuff.)

Well...okay then. Heh. :oops:

Previously I have been using the etch package. I just tried to use the packages from http://moblock-deb.sourceforge.net/preview/debian/dists/feisty/main/binary-i386/net/ (on feisty... ;) ) and I am getting problems when using either of them.

The nfq version doesn't seem to be blocking anymore (I tried installing the later version because of a dependency problem that kept driving me nuts when using aptitude) and I get a dependency problem.

If someone can explain how the hell I copy text from urxvt I would paste the output here (selecting it doesn't seem to copy) [resolved].

Edit: Ok, I went back to the -13 version at the start of the thread. It appears that I need to install libnfnetlink1 but the package won't install - it complains about trying to overwrite /usr/lib/libnfnetlink.so.1.0.0 which is also in package libnfnetlink0. [Incidentally, it does actually work like this still, it is just a real pain every time I want to add or remove a package with aptitude]

mark text -> paste with third mousebutton (wheel).
this is standard "behaviour" in X.

Thanks, I sort of knew that but was trying to cut with the x method then use the paste button in nedit -- I was unaware that would not work.

Edit: I re-broke it by upgrading to -17 and here is the output:

corcorigan@deidre:~/package/nfq$ sudo dpkg -i *.deb
Selecting previously deselected package moblock-nfq.
(Reading database ... 93433 files and directories currently installed.)
Unpacking moblock-nfq (from moblock-nfq_0.8-17+feisty_i386.deb) ...
dpkg: dependency problems prevent configuration of moblock-nfq:
moblock-nfq depends on libnfnetlink1 (>= 0.0.16); however:
Package libnfnetlink1 is not installed.
dpkg: error processing moblock-nfq (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
moblock-nfq

EDIT: Removed part to shorten post - see below for resolution - (when trying to install libnfnetlink1make sure libnfnetlink0 is not installed).

quixotic-cynic
In feisty there is libnfnetlink1 (0.0.16-1) in the "universe" section. So there should be no dependency problems.
Why is libnfnetlink0 installed on your machine? Go to aptitude to libnfnetlink and press "r" to see which installed package depends on this.
If it's only moblock-nfq then just uninstall moblock-... and libnfnetlink and then install moblock-nfq (0.8-17). I'm surprised that this doen't work automatically, but i don't know what to do.

Tell me if this worked and if moblock is blocking again. If not, then we have a problem ... :-/

Thanks for telling me that. That's a point for the howto!

pelle.k: i'd like to change the repository on sunday although i'm still late with updating the documentation (0.8-18 with some minor improvements is soon to come). have a look at the man page, NEWS.Debian, moblock.conf and blocklists.list.
tell me if you need to know something, i'll wait for your and quixotic-cynic's ok before moving the repository. thanks!

jre,

Thanks for replying. I just decided to try again. I removed the moblock package (& checked in aptitude) then installed moblock-nfq_0.8-17+feisty_i386.deb using dpkg. I then went into aptitude, pressed 'g' and got the dependencies.

Nothing I haven't tried before but this time IT WORKED! May have been a different permutation - or previously some stuff may have been left from an old install?

I still got the error message when trying to install libnfnetlink1- this truned out to be because libnfnetlink0 was still installed and occupied the area that libnfnetlink1 wanted to install to. So, to sum up, if people have problems installing between 0.8-13 and 0.8-17 make sure you remove libnfnetlink0 as well as moblock-nfq. (Or you look stupid like me... heh).

Thanks for you help - useful to know exactly what I needed. To explain the 'manual' install - I don't like adding pgp keys that I am unable to verfify properly (I have nothing against your *actual* key...) - you know i'm paranoid. ;)

EDIT: *looks in /etc/...* Nice script revamp!!! :D

EDIT2: Yes, it's definitely blocking. I find the ping test a little shakey since some of the ip ranges don't reply to pings no matter whether moblock is on or off. However, it passed the ping test as well as using http://www.advfilms.co.uk/ as a test... a useful indicator when combined with a log check (it's in one of the block ranges).

I'm currently updating the new homepage: http://moblock-deb.sourceforge.net/preview/. As always, feedback, suggestions etc. is welcome. I'm not a native speaker.

I find the ping test a little shakey since some of the ip ranges don't reply to pings no matter whether moblock is on or off. However, it passed the ping test as well as using http://www.advfilms.co.uk/ as a test... a useful indicator when combined with a log check (it's in one of the block ranges).
moblock-test pings the first IP in the blocklist and then checks via /var/log/moblock.log if the IP was blocked by moblock. So no need to worry if the test IP would have responded. But look at the current TODO in the svn, this needs to be improved (greets, sloter :-) ).

moblock-test pings the first IP in the blocklist and then checks via /var/log/moblock.log if the IP was blocked by moblock.

Ah, that's good - as you say, it doesn't really matter if the target would have replied or not...

In my /etc/moblock/blocklists.list file, some of the URLs for blocklists have a "#" at the start of the line.

What does that mean?

Thanks! (It's really bugging me. Like, are those URLs not loaded or something?)

Thanks for the tutorial.

In my /etc/moblock/blocklists.list file, some of the URLs for blocklists have a "#" at the start of the line.
Yes, these lines are commented out. So they are not used. They are just there as examples.

Another example are these two lines in /etc/moblock/moblock.conf:
WHITE_TCP_OUT=""
#WHITE_TCP_OUT="http https"
Here, only the first line is used (no port-whitelisting). When you remove the "#" in the second line and add it in the first line, then you will have whitelisted the http/www (80) and https (443) port for outgoing TCP connections.

Thanks. As always, I'll add this to the documentation.

jre

In my /etc/moblock/blocklists.list file, some of the URLs for blocklists have a "#" at the start of the line. What does that mean?

# Any line preceeded by a hash mark is a comment
# They are treated as human readable lines and not used in the script.
# Don't worry too much so long as level1 is uncommented (i.e. has no #-mark).

# Other useful lists are the templist, and level2 (imo). The iana ranges are good too since they shouldn't be in use (same with the bogon file).
# Spyware and trojan would be useful but only if you were on windows. On linux they are pretty pointless.
# The lists that are useful vary depending on your requirements.
# e.g. almost no-one needs the edu or microsoft ranges...

# You can find out what each does at www.bluetack.co.uk

I am not able to get past the first step of adding ´deb http://moblock-deb.sourceforge.net/debian unstable main´ & ´deb-src http://moblock-deb.sourceforge.net/debian unstable main´ to /etc/apt/sources.list . I tried to add those lines to sources.list via a terminal after invoking root privileges but all I keep on getting is the error code, ´bash: deb-src: command not found´ . What am I doing wrong? If I am doing something wrong, please tell me what exactly it is in complete laymanś terms, not computer geekesque language. Thank you very much. By the way, why can´t Ubuntu let you simply let you log in initially as root? If I f#@* something up, that is my problem, not anyone elseś problem. Part of being free is being free to mess up, isn´t it? Help me!!!!!

I am not able to get past the first step of adding ´deb http://moblock-deb.sourceforge.net/debian unstable main´ & ´deb-src http://moblock-deb.sourceforge.net/debian unstable main´ to /etc/apt/sources.list.

Ah, np, you just tried to put them in the wrong place... :)

Type sudo getit /etc/apt/sources.list, enter that, and then type your password.

When gedit loads up then you just have to add those two lines that you typed at the bottom. Put a little note on a line starting with # to remind you what it is (see previous post). Save the file and that is that step sorted.

sudo aptitude update
and sudo aptitude install moblock-nfq can then help. (The update is required for the system to recheck the sources.list and find the lines you added).

I've got block installed and running but the guarding.p2p file is empty. Isn't moblock supposed to auto update that itself or do I have to manually update my p2p lists all the time.

Mine never auto-updates. I do it manually each day. It *should* auto-update and appears to do so for most people.

However, your guarding.p2p should never be empty since the install does a manual update initially - which is a little strange.

Try the sudo sh /etc/cron.daily/moblock-nfq command and see if it is still blank - if it is then you have a more fundamental problem to worry about than auto update.

I finally did the switch! Just have a look at http://moblock-deb.sourceforge.net.

If you used the preview repository in your /etc/apt/sources.list then you simply have to remove the word "preview".

Have fun and thanks for all help. Last but not least to my precessor lestlest/clessing who founded moblock-deb.sourceforge.net.

jre

OK! Nicely done :)
I'll update the HOWTO accordingly. However, (i've pointed this fact out in the past) i am *not* running ubuntu nowadays, so if there are any errors you will have to correct me.

However, if "gutsy" delivers, i might reconsider running ubuntu again. ;)

OK! Nicely done :)
I'll update the HOWTO accordingly. However, (i've pointed this fact out in the past) i am *not* running ubuntu nowadays, so if there are any errors you will have to correct me.
Thanks. And don't worry: there are some guys around here who use ubuntu and do excellent support. I think it's time to tell that i really appreciate this; you know who you are.
Note that I am using Debian lenny and so can't check those things, too. I just hang around here because here are the most users ;-)

I had a look at your guide (nice):

older ubuntu versions: I can't comment that directly, but the dependencies in the packages are:
all versions:
iptables
lsb-base >= 3.0-6

etch
libc6 >= 2.3.6-6
libnetfilter-queue1 >= 0.0.12
libnfnetlink1 >= 0.0.16

lenny/sid
libc6 >= 2.6.1-1
libnetfilter-queue1 >= 0.0.13
libnfnetlink0 >= 0.0.25

feisty
libc6 >= 2.5-0ubuntu1
libnetfilter-queue1 >= 0.0.12
libnfnetlink1 >= 0.0.16

gutsy
libc6 >= 2.6-1
libnetfilter-queue1 >= 0.0.13
libnfnetlink0 >= 0.0.25


How do i keep it installed, without having it run at startup?
... MOBLOCK_INIT="0"

I'm still not sure it's running!
moblock-control status
will check the PID and if the process reacts to signals (kill -0)
However it's up to the users to check if the iptables rules are set correctly (they are also shown on "status")

whitelisting ports/IPs with iptables via moblock.conf requires "restart"
removing ranges from the blocklist via moblock.conf requires "reload" ("restart" is also ok)

automatic blocklist update:
on (default): MOBLOCK_CRON="1"
off: MOBLOCK_CRON="0"

for firehol users I recommend IPTABLES_SETTINGS="0". Then (re)starting moblock after firehol doesn't mess around with iptables.

greets
jre

PS: 20 hours switched - and no user complains. I think it works ;-)

Good points. I'll include this.

PS: 20 hours switched - and no user complains. I think it works
It would seem that way. :)

I just upgraded from 0.8.15 to 0.8.21 and I noticed that I lost internet access: I couldn't visit any websites, pidgin died, torrents died, couldn't ping anything. Is anyone else experiencing this problems?

Just wanted to say thanks to the writer of the tutorial (and the developer(s) of the application itself).

Set it up last night first time. Got a little impatient on install when it said it was updating the list and cancelled it because i thought it had crashed. Ran the moblock-control update to get it to download the lists again.

Thanks all.

I just upgraded from 0.8.15 to 0.8.21 and I noticed that I lost internet access: I couldn't visit any websites, pidgin died, torrents died, couldn't ping anything. Is anyone else experiencing this problems?

If I run moblock off my openbox start menu with the command rxvt -e sudo /etc/init.d/moblock-nfq start it completely nerfs my internet connection.

Starting with sudo /etc/init.d/moblock-nfq start run within a terminal usually does not give me problems.

Sometime it also messes up after updating moblock.

If you are experiencing this problem I would suggest:
1) manually stopping moblock
2) starting it
3) waiting a few seconds,
4) trying a program that should not be blocked/has not been previously

I am unsure of a 'permanent' fix - I start/stop and update moblock manually.

Please let me know how you get on... also - it may be worth comparing set-ups: I have a command line install running xorg/openbox on top.

I just upgraded from 0.8.15 to 0.8.21 and I noticed that I lost internet access: I couldn't visit any websites, pidgin died, torrents died, couldn't ping anything. Is anyone else experiencing this problems?

What ubuntu you run, what repo do you get moblock from, and what does "sudo moblock-control status" tell you?
See, it's all in how you supply the clues. Without those we can't help you.

After following your updated tutorial on how to install MoBlock on Gutsy, I receive this message after running `sudo apt-get install moblock-nfq`


Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
moblock-nfq: Depends: libc6 (>= 2.6-1) but 2.5-0ubuntu14 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.13) but 0.0.12-1 is to be installed
Depends: libnfnetlink0 (>= 0.0.25) but it is not installable
E: Broken packages

@LordKelvan:
try "tail -f /var/log/moblock.log" to see live if/which IPs are blocked.
Maybe your own and some/many IPs that you want to ping/connect via pidgin/... is in the blocklist. Major changes since 0.8-15:

- no more whitelisting of port 80 and 443: This only explains why you have problems with web surfing.
- new blocklists (additional to the old ones):
www.bluetack.co.uk/config/hijacked.gz
www.bluetack.co.uk/config/iana-multicast.gz
www.bluetack.co.uk/config/rangetest.gz
www.bluetack.co.uk/config/trojan.gz
www.bluetack.co.uk/config/iana-private.gz
www.bluetack.co.uk/config/iana-reserved.gz
Perhaps your own and/or the IPs you wanted to connect to/ping/... is in one of these lists.

If your problems continue and you see that the IPs are blocked in the logfile, then you have to whitelist IPs / ports and/or remove some IP ranges from the blocklist (both via moblock.conf) and/or don't use some blocklists (edit blocklists.list).

If no IPs are blocked then try restarting manually. If your problems continue then I'm quite clueless :-/

@Githlar:
current Gutsy:
libc6 is 2.6.1-1ubuntu7
libnetfilter-queue1 (0.0.12-1) in universe
libnfnetlink0 (0.0.25-1) in universe

So I think: you need to add "universe" to your sources.list and update your whole gutsy installation (this solves the libc6 and the libnfnetlink0) problem.
But then there's still a problem with libnetfilter-queue1. I'll try to sort this out, now. But I can't promise anything.

Note to pelle: add to the Howto that "universe" has to be in the sources.list.

greets
jre

I just installed the newly released gutsy beta today, and moblock *does* install flawlessly. Me thinks someone hasn't dist-upgraded in a while ;)
Both libnfnetlink, and libnetfilter-queue is in universe, which is activated by default after installation.

btw, updating the blocklists upon installation never did succeed.
However, the blocklists were downloaded to /var/spool/moblock, but the guarding.p2p was empty.

Updating blocklists and reloading MoBlock if any blocklist was updated ...done.
Empty blocklist!
Starting MoBlock ...done.
A manual update took care of that though.
I think it would be helpful with some kind of "progress indicator" of some sort, or better yet, what lists got updated. The update took a good 2-3 minutes with no indication on what was happening.

Other than that, great work! :)

I think the problem LordKelvan may be getting is more serious than what he wants being inside one of the block ranges. I get the problem too sometimes so I know what he means - your *whole* net connection goes... (I will work on this a bit more over the next few days I think).

I need a confirmation before installing if anyone can

MoBlock works well with IPTables and does not cancel each other out?

The problem arises where you try to use Moblock with a front end for iptables such as FireStarter?

And if i stop FireStarter from loading at startup (PS: the iptables firewall in ubuntu will still be running in FULL effect ... just not with the gui front end firestarter .. so all firewall rules will still be running) and use MoBlock that MoBlock will run perfectly with the iptables firewall.

Is all that correct?

Thanks.

Moblock does its own iptable rules (that is what iptables is, a set of rules). It *has* to redirect traffic in a certain way, for it to inspect and stop some of it.
That's why it doesn't work with other iptable constructions very well.
It could work with other iptables frontends (like firestarter), if support for redirecting traffic the way moblock does would be supported.
That way, moblock wouldn't have to create it's own (conflicting) rulesets, but leave that to firestarter (or whatever frontend).

So in effect; No, you can't run firestarter. Even if you don't run the GUI, the iptable rules (run by the daemon, not the GUI) will still apply, and thus conflict with moblock in some way.

I hear "ipblock" can work in harmony with another iptables firewall though (if i'm not mistaken). There's even a HOWTO right here in the ubuntuforums for it.

To JRE regarding updated Moblock on Feisty.

Great job btw. I just installed it and the updated .conf file is laid out really well. Was really simple to configure. I ran moblock successfully and all updates and configurations worked well for me. I did also try the setup with firehol and got lots of non success. So it's confirmed that it doesn't work with firehol out of the box. Heres what I got after configuring moblock (as per older firehol setup instructions above), updating, starting moblock. and then immediately starting firehol.

user@computer:~$ sudo firehol stop
FireHOL: Clearing Firewall: OK

user@compuer:~$ sudo moblock-control restart
(Re-)Starting MoBlock ...done.
user@computer:~$ sudo firehol start


--------------------------------------------------------------------------------
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 34 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_torrent_s1 -p tcp --dport 6881:6981 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 34 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_torrent_s1 -p tcp --sport 6881:6981 -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 3.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 40 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_http_c2 -p tcp --sport 32768:61000 --dport 80 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 4.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 40 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_http_c2 -p tcp --sport 80 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 5.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 41 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_https_c3 -p tcp --sport 32768:61000 --dport 443 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 6.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 41 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_https_c3 -p tcp --sport 443 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 7.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_all_c4 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 8.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_all_c4 -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 9.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_irc_c5 -p tcp --sport 32768:61000 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 10.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_irc_c5 -p tcp --sport 6667 --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 11.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 12.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 13.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 14.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 15.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 16.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport 1000:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 17.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 18.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 19.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 20.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR : # 21.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'

Stopped: Couldn't activate new firewall.

FireHOL: Restoring old firewall: OK

user@computer:~$


I think almost every single line that was added in firehol.conf referencing moblock led to an error. So heres out of the box errors. Don't know if they're useful to you at all. But my next thought is that why do you even need an additional firewall anyway? Your already blocking the ip lists, then can't you just manually enter blocks or allows as you need them in moblock?

Actually, I've been running Feisty for a while and I just got some upgrades today. I have it set to get proposed updates and stuff, so I just assumed it would kick me up to Gusty beta. I guess this isn't the case?

I've heard that all you have to do is change your synaptic links from feisty to gusty and it will update it all automatically. I heard in the same breath though that it can very easily break alot of your programs and settings so it might be prudent to wait until more stable releases. But my friend who said his programs broke was upgrading to dapper forever ago. So that might have alot to do with it.

I have it set to get proposed updates and stuff, so I just assumed it would kick me up to Gusty beta. I guess this isn't the case?
You people should really check these things out before you act. This is an OS, not a kitchen mixer ;)
No, feisty wont be updated to gutsy just by itself!

change your synaptic links from feisty to gusty and it will update it all automatically
No. You should run "sudo update-manager -c -d" after changing repos...

But my next thought is that why do you even need an additional firewall anyway? Your already blocking the ip lists, then can't you just manually enter blocks or allows as you need them in moblock?

Yes you can, but MoBlock is not exactly a firewall per-se - most firewall rules tend to focus on which ports are allowed rather than to which IPs (though IPs are also relevant, esp with your DNS provider and so on) so it could be desirable to have a firewall too.

That said, a reasonable DSL modem/router will have a firewall that does a decent job of stopping bad stuff coming in, and bad stuff going out is only really a problem on Windows. Ubuntu has no open ports facing the net open by default and so, provided that you keep it updated, you should not really have a problem on Ubuntu.

I am getting this error when running sudo apt-get update

Get:5 http://moblock-deb.sourceforge.net feisty Release.gpg [189B]
Ign http://moblock-deb.sourceforge.net feisty/main Translation-en_US
Hit http://moblock-deb.sourceforge.net feisty Release
Fetched 5B in 5s (1B/s)
Failed to fetch http://moblock-deb.sourceforge.net/debian/dists/feisty/Release Unable to find expected entry main/binary-amd64/Packages in Meta-index file (malformed Release file?)
Reading package lists... Done
E: Some index files failed to download, they have been ignored, or old ones used instead.

any ideas?
Is it because I am running 64 bit Ubuntu?

I just installed the newly released gutsy beta today, and moblock *does* install flawlessly. Me thinks someone hasn't dist-upgraded in a while ;)
Both libnfnetlink, and libnetfilter-queue is in universe, which is activated by default after installation.
Welcome back in the world of Debian packages :-)
Thx for reporting that. I checked http://packages.ubuntu.com/gutsy/libs/libnfnetlink0 yesterday and found the wrong version. today it was correct - hmm, time for a weekend without computer.


btw, updating the blocklists upon installation never did succeed.
However, the blocklists were downloaded to /var/spool/moblock, but the guarding.p2p was empty.

Updating blocklists and reloading MoBlock if any blocklist was updated ...done.
Empty blocklist!
Starting MoBlock ...done.
A manual update took care of that though.
I think it would be helpful with some kind of "progress indicator" of some sort, or better yet, what lists got updated. The update took a good 2-3 minutes with no indication on what was happening.
Added progress indicator to the TODO, but don't know yet how to do it.
Here the initial update worked, very strange, once again. Added as a possible bug.

@Neovos: Did you insert the MOBLOCK chain in the beginning of the firehol script?
# Moblock chain
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

Is it because I am running 64 bit Ubuntu?
Yes, the packages are only for i386, not for amd64. There's an really outdated 64 bit version on moblock-deb.sf.net. You could also build the package on your own - instructions are also on moblock-deb.
If someone provides me with 64bit packages (or an 64bit machine :-)) I'd be happy to offer this version, too. Just contact me.



Thx for all feedback and support of you!! I'll be back in a few days.

id love it if 64 bit debs are available in time for gutsy :)
otherwise soemone has to tell me how to make them myself again cos i forgot how :P

@jre

@Neovos: Did you insert the MOBLOCK chain in the beginning of the firehol script?
# Moblock chain
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE


Yes I did in fact. I actually went through the whole setup twice from scratch just for the sake of trying to see if I got the same errors. And same thing happened.

And also, weirdly enough, I after I started moblock, then started firestarter just to see exactly what it would do, my moblock would no longer start up at all. It just kept saying "...failed" when I hit the start command (sudo moblock-control start). It was weird. I restarted, opened and reclosed firewalls, uninstalled everything but moblock, still didn't start up. So I just put the firestarter/ipblocker combo back on there for now. I'll try again in a couple days cause as we all know, computers only work on certain lunar calender days when the amount of sunlight is just right and when......

@quixotic-cynic

Yes you can, but MoBlock is not exactly a firewall per-se - most firewall rules tend to focus on which ports are allowed rather than to which IPs (though IPs are also relevant, esp with your DNS provider and so on) so it could be desirable to have a firewall too.


Moblock is already editing the iptables, do you think it would be difficult from a development standpoint to add in there port management as well and make it a full fledged firewall? Get rid of this compatibility issue once and for all? Perhaps even merge it with the firehol project or something?

Moblock is already editing the iptables, do you think it would be difficult from a development standpoint to add in there port management as well and make it a full fledged firewall? Get rid of this compatibility issue once and for all? Perhaps even merge it with the firehol project or something?

I see no reason why not in theory (but it would be quite a bit of work for someone). Afaik moblock does not use one rule per range blocked - it is implemented in a pseudo-iptables manner with a few rules to implement blocking for the whole list - so to actually manage firewall rules too would require more than a few lines extra to code.

Moblock is already editing the iptables, do you think it would be difficult from a development standpoint to add in there port management as well and make it a full fledged firewall? Get rid of this compatibility issue once and for all? Perhaps even merge it with the firehol project or something?
Sure thing. That is essentially the problem. Firestarter (as an example) doesn't offer to send packets to NFQUEUE instead ACCEPT (the last time i checked).

If it did, we could do what moblock does, with firestarter. And yes, moblock *could* in theory be a full featured firewall since it deals with iptables, but that is not it's primary task.

In fact, moblock just does filtering in userspace (kernel), the iptables rules (created from a bash script) is just what is needed to get traffic to go that route.

I'm glad (in a way) that others experienced the same issue of the lists not updating on install.. i thought it was just me being impatient.

On a separate note I wonder if you guys could help a linux beginner out (it's slightly on topic!)...

EDIT: I think it's working and as it was off topic (slightly) i'll remove my question.

Thanks for this awesome tutorial. unfortunately I can't get moblock to start.

I have it installed on an ubuntu edgy server. (installed...uninstalled it...and reinstalled it to make sure) But I cannot get moblock to start/stop. When I give the command, it says "Starting MoBlock ...fail!"

It's like half started, because when I reboot, some of the ports are blocked, samba won't start and ssh only works because I whitelisted the port. When I do a stop or start, it says it failed, but if I do a reload, it stops whatever part of moblock is loaded, and then everything works.

this is what moblock-control.log says:

2007-09-29 12:36:59 AM CDT Begin: /usr/bin/moblock-control start
Inserting iptablesiptables: Chain already exists
iptables: Chain already exists
iptables: Chain already exists
...done.
Starting MoBlock/usr/bin/moblock: invalid option -- $
* Logging to &

MoBlock 0.8 by Morpheus
Syntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>

-d blocklist is an ipfilter.dat file
-n blocklist is a peerguardian 2.x file (.p2b)
-p blocklist is a peerguardian file (.p2p)
-q 0-65535 NFQUEUE number (as specified in --queue-num with iptables)
...fail!
2007-09-29 12:36:59 AM CDT End: /usr/bin/moblock-control start


ideas/suggestions?

I'm far from an expert on this but from that log it makes you think that moblock is already running... probably best waiting for an expert opinion tho.

I had a similar problem with the "....fail" error. And at first it just meant that I had a firewall running in the background that I had to close via the terminal. But eventually I got that every time as well.

invalid option -- $

The part above almost makes it sound like it is trying to start like sudo moblock-control start -$ (which I'm sure you know would not be right). The part below that is very much like what you get whenever you enter an invalid parameter on any terminal program you try to run... which could be significant, but not with what I know. I am wondering if the script being run is somehow trying to run part of moblock with an invalid parameter.

I would remove the autostart for moblock, remove any firewalls (I hope you have a hardware one...) and then restart. After that I would try to start moblock with sudo moblock-control start from within a terminal (as usual).

See if that produces the same problem. If it does then post a reply and I will try and think of something else.

PS: [ CODE ] tags are probably more useful than [ QUOTE ] tags in you prev. post (quotes disappear when writing a reply with a quote...)

Edit: updated

What ubuntu you run, what repo do you get moblock from, and what does "sudo moblock-control status" tell you?
See, it's all in how you supply the clues. Without those we can't help you.

Good points, I will provide more information in my future requests for help (and no, I'm not being sarcastic).

:
Major changes since 0.8-15:

- no more whitelisting of port 80 and 443: This only explains why you have problems with web surfing.
- new blocklists (additional to the old ones):
www.bluetack.co.uk/config/hijacked.gz
www.bluetack.co.uk/config/iana-multicast.gz
www.bluetack.co.uk/config/rangetest.gz
www.bluetack.co.uk/config/trojan.gz
www.bluetack.co.uk/config/iana-private.gz
www.bluetack.co.uk/config/iana-reserved.gz
Perhaps your own and/or the IPs you wanted to connect to/ping/... is in one of these lists.


Dude, much thanks man!! It was the fact that I wasn't whitelisting the http/https protocols (I read this from your updated instructions, I'm not sure if it is the same as not whitelisting ports 80 and 443). So I just uncommented the line:

WHITE_TCP_OUT="http https"

from moblock.conf and everything works. The thing with pidgin/torrents may have been due to some ISP problems I was coincidentally having :D

Cheers,
LK

So I just uncommented the line: WHITE_TCP_OUT="http https" from moblock.conf and everything works.

Of course, if your paranoia is rated medium-high you now have a big problem: http://ubuntuforums.org/showpost.php?p=3232624&postcount=589 (+ about 10 posts for whole discussion)

Actually I just discovered that the root of my problem goes a bit further. It appears that the newest version of moblock uses moblock.conf for configuration settings, and not MoBlock_nfq.sh for configuration. Thus my real problem would be that I didn't transfer the settings (I found this out when my IM began having problems). Can someone confirm this?

quixotic-cynic:
I am not a networking expert, so am I to understand that someone could set their BT port to 80, and in essence I would unwittingly connect to them? I guess I had always thought that moblock and other such applications merely prevent the RIAA/MPAA from scanning me (i.e. try to connect to me), but that it doesn't prevent me from connecting to them (for some reason I thought that that was safe). In any case, it doesn't really seem like the thread offers any solutions, so I suppose I will just have to accept this risk. I realize that I could not whitelist then add IP's on a case by case basis, but that seems like more trouble than I am willing to go through. I personally like the suggestion of enabling/disabling traffic based on an application (i.e. disable whitelisting for my p2p program). Is this something which is technically feasible, and can it be added to the next version of this really useful app ? :D

quixotic-cynic: I removed the autostart and tried to run it with the command you posted, but it says:

* MoBlock is configured not to start automatically at boot time.
* To change this edit the MOBLOCK_INIT entry in /etc/moblock/moblock.conf.

so I set it to autostart again, and ran the command again:

Starting MoBlock ...fail!

The fail came after a long pause. did a status, and it says that it was not running. This time, I am sure that moblock was not running when I started it, so I am once against stuck.

fyi: I'm not running any firewall on that linux machine.

quixotic-cynic: I removed the autostart and tried to run it with the command you posted, but it says:

* MoBlock is configured not to start automatically at boot time.
* To change this edit the MOBLOCK_INIT entry in /etc/moblock/moblock.conf.

Draggy, I have no idea why it should care about startup issues when running manually - I have never encountered this problem. I'm probably one of the least knowledgable 'support' people here though - so some of the other ppl may be able to help when they get the time.

Sorry I could not help more.

I am not a networking expert, so am I to understand that someone could set their BT port to 80, and in essence I would unwittingly connect to them? I guess I had always thought that moblock and other such applications merely prevent the RIAA/MPAA from scanning me (i.e. try to connect to me), but that it doesn't prevent me from connecting to them (for some reason I thought that that was safe).

You understood completely fine - apart from the bit about it being safe ;) Because with bittorrent and other P2P apps users act both as a client and a server you could connect out to them and then either download or upload stuff (probably both) and thus connecting to an 'adversary' would be a bad idea.

It can be a risk people are willing to take though - & it all depends on whether the adversary thinks of setting their port to 80 or is clueless... so you have to decide. :)

Hmm, I get it now. Like I said, I will wait for the per-application feature (i.e. disabling/enabling based on application).

just to add to the info I've given: I'm running ubuntu edgy and no firewall.

As nuskool said, it seems like it's running, even though it says that it fails to follow any of the commands. But when I test it, it says that the ip was not blocked.

It wouldn't be so bad if when it's supposedly "running" it would work. but all of my torrent traffic grinds to a halt when it's "running" The only way I'm able to connect to it was because I whitelisted my ssh port.

I just tried uninstalling moblock and those 2 libs and reinstalling, and I still have that problem.

i am running gutsy amd64. I put the deb-src in my sources.list and apt-get source moblock. i did a fakeroot dpkg-buildpackage like i should; it built the packages. I dpkg -i the -nfq version like i wanted to; life is good. I had all build deps, I have all install deps. It freezes at "updating the blocklist" portion of the "install". Killing that and trying to manually run an update also fails.

Any tips? Is the update server just overloaded or something?

just to add to the info I've given: I'm running ubuntu edgy and no firewall.

As nuskool said, it seems like it's running, even though it says that it fails to follow any of the commands. But when I test it, it says that the ip was not blocked.

It wouldn't be so bad if when it's supposedly "running" it would work. but all of my torrent traffic grinds to a halt when it's "running" The only way I'm able to connect to it was because I whitelisted my ssh port.

I just tried uninstalling moblock and those 2 libs and reinstalling, and I still have that problem.

I'm having the same problems as you, and I'm also running edgy. Did you manually install the net-debs also?

In my logs I see
2007-09-30 11:42:12 PM CEST Begin: /usr/bin/moblock-nfq-control restart
Deleting iptables ...fail!
Stopping MoBlock ...fail!
Inserting iptablesiptables: Chain already exists
iptables: Chain already exists
iptables: Chain already exists
...done.
Starting MoBlock/usr/bin/moblock: invalid option -- $
* Logging to &

MoBlock 0.8 by Morpheus
Syntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>

-d blocklist is an ipfilter.dat file
-n blocklist is a peerguardian 2.x file (.p2b)
-p blocklist is a peerguardian file (.p2p)
-q 0-65535 NFQUEUE number (as specified in --queue-num with iptabl$
...fail!
2007-09-30 11:42:16 PM CEST End: /usr/bin/moblock-nfq-control restart


And now I'm unable to uninstall mobck! :(

sudo apt-get remove moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
moblock-nfq
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
moblock-nfq
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 201kB disk space will be freed.
Do you want to continue [Y/n]?
(Reading database ... 55121 files and directories currently installed.)
Removing moblock-nfq ...
Stopping MoBlock ...fail!
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing moblock-nfq (--remove):
subprocess pre-removal script returned error exit status 3
Starting MoBlock ...fail!
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 255
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)


Also, moblock doesn't respond when trying to update the blocklist...

Help? :confused:

And now I'm unable to uninstall mobck!

turn off the auto start in /etc/moblock/moblock.conf, restart, and uninstall. And yes, I manually installed the net-debs provided

It freezes at "updating the blocklist" portion of the "install".

just wait for it, it takes a long time (unless you're installing through an ssh session like I was, then it might kick you off the session)

i am running gutsy amd64. I put the deb-src in my sources.list and apt-get source moblock. i did a fakeroot dpkg-buildpackage like i should; it built the packages. I dpkg -i the -nfq version like i wanted to; life is good. I had all build deps, I have all install deps. It freezes at "updating the blocklist" portion of the "install". Killing that and trying to manually run an update also fails.

Any tips? Is the update server just overloaded or something?

ok i tried to install again and left to go go the grocery store. it was stuck at that updating list thing when i left.

when i came back it was finished and said that the guarding.p2p was empty so i ran a manual update and it worked. tested moblock and it worked.

i dont know what was holding it up before but it is working now.

someone should really get the amd64 binaries hosted there though.

someone should really get the amd64 binaries hosted there though.
If jre had a 64bit computer, that could happen. But he doesn't.
Well, i'd be happy to post them in the HOWTO, if you attach the .deb in your next post. But for them to be in a repo, someone must really maintain them.

What if one used an Ubuntu PPA?

Here are the AMD64 Gutsy packages for MoBlock.

tank you, daradib! :)

Hmm, in Gutsy it doesn't seem to work. I'm using the deb repo from the moblock-deb site

Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.

well, I just gave up and upgraded to Feisty. Now moblock starts and stops with no problems. Everything seems to be working great! So if you have edgy...just upgrade :)



* MoBlock did not block the IP. Test failed.

btw, if you whitelist http/https the test WILL fail. Those must not be whitelisted if you want the test to work.

Hey, I also have a real live, so I can't spend as much time with answering and fixing bux etc as I'd like to ...

General: If you are experimenting or have some problems: If you want to reinstall then first purge (not remove) moblock.

btw, if you whitelist http/https the test WILL fail. Those must not be whitelisted if you want the test to work.
No, the test is based on ping and does not use these whitelisted ports. The test will work with these ports whitelisted.

following my comments to the last posts. If you miss something then please remind me.


draggy/ordou [edgy doesn't work; update to feisty helps]
I guess that you have problems (a bug) with the lsb init-functions in edgy (in packet "lsb-base"). Those are responsible for starting moblock. Solving the edgy problems doesn't have high priority. But I'm working on an all distribution version, not only Debian and Ubuntu ...


lucis (gutsy) [moblock-control test does not succeed]:
but moblock is running? please post the output of "moblock-control status"
Also, the test function might gice wrong results e.g. if moblock blocks many other things the same time. So do in another terminal an "tail -f /var/log/moblock.log" and see what's happening.


daradib:
thanks for the packages. I added the nfq version on the homepage. Also, feel free to do the PPA thing. Just heard of it and it sounds very interesting, but I haven't enough time to start this now (just made a bookmark on it). Also, personally I'm using Debian, not Ubuntu. Fell free to do it.


jamesford:
dude, just look at the moblock-deb homepage for instructions to make (amd64) packages ;-)
But daradib already did it.

feld:
[initial update took long time and resulted in empty blocklist; manual update works]
I'll look into this bug later and will add some status message on install. Thx

LordKelvan:
Yes, MoBlock_nfq.sh is NOT used in the debian packages. You have to do all configuration in moblock.conf.

Neovos [firehol problems]:
Can anybody confirm that moblock (new deb version 0.8-21) and firehol don't work together? I can't imagine why this should stop working.

quixotic-cynic:
so many thx for your work.
Just: "/etc/init.d/moblock COMMAND" is old. Always use "moblock-control COMMAND" instead.

pelle:
I think in Debian it's recommended to use aptitude instead of apt-get. But that's really unimportant;-) THX!


Greets to all
jre

No, the test is based on ping and does not use these whitelisted ports.

I tried it again, and it started failing (again). So I messed with it, reloaded it, checked the status, tested it, and it would always fail.

Then I did a update, and a reloaded (this is what I had done before to get it to work) and ran two tests, and they both succeed. Why would I need to update, and reload it for the test to work?

Well, that was a mouthfull! :)
Man am i happy you guys are helping out. (not that i've been *that* active lately, but anyway...)

Neovos [firehol problems]:
Can anybody confirm that moblock (new deb version 0.8-21) and firehol don't work together? I can't imagine why this should stop working.

Sure thing. :)
It's firehol that is broken, nothing else. There's nothing about it in launchpad so i guess i'll have to file a bug. (god i hate launchpad. maybe it's gotten better than the last time i used it?...)

I tried it again, and it started failing (again). So I messed with it, reloaded it, checked the status, tested it, and it would always fail.

Not an answer to your main question, but when you reload (and it fails) does it still occur if you replace the reload with a separate start command and stop command?

I.e. changing moblock-control restart to
sudo moblock-control stop
sudo moblock-control start

I had an issue recently that was simmilar and I was wondering if your issue behaves in the same way as my one did... if I autoloaded moblock or started it from my openbox menu it would not work. Reloading didn't fix it but for some reason stopping/starting did... it was weird.

Now I can't seem to get it to test successfully at all anymore


sudo moblock-control test
Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.
sudo moblock-control stop
Stopping MoBlock ...done.
sudo moblock-control start
Starting MoBlock ...done.
sudo moblock-control test
Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.
sudo moblock-control update
Updating blocklists and reloading MoBlock if any blocklist was updated ...done.
sudo moblock-control test
Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.
sudo moblock-control reload
Reloading MoBlock ...done.
sudo moblock-control test
Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.
sudo moblock-control update
Updating blocklists and reloading MoBlock if any blocklist was updated ...done.
sudo moblock-control reload
Reloading MoBlock ...done.
sudo moblock-control test
Testing MoBlock: trying to ping 3.0.0.0 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.



This is what the log says most recently:
But most of the log file consists of skipping useless ranges, whatever that means.

tail /var/log/moblock.log
Skipping useless range: (050326) Unassigned 33437
Ranges loaded: 241839
Reopening logfile.
Blocked IN: tzulo, inc,hits: 1,SRC: 208.77.17.4
Blocked OUT: Bogon,hits: 1,DST: 76.10.160.164
Blocked IN: tzulo, inc,hits: 2,SRC: 208.77.17.4
Blocked OUT: GAMES-BEZEQINT,hits: 1,DST: 212.179.109.105
Blocked OUT: General Electric Company,hits: 1,DST: 3.0.0.0
Blocked OUT: GAMES-BEZEQINT,hits: 2,DST: 212.179.109.105
Blocked OUT: GAMES-BEZEQINT,hits: 3,DST: 212.179.109.105


It looks like it's blocking ips, so why doesn't the test work correctly?


here's my status

Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT)
target prot opt source destination
RETURN 0 -- anywhere anywhere
moblock_in 0 -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
moblock_fw 0 -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
RETURN 0 -- anywhere anywhere
moblock_out 0 -- anywhere anywhere state NEW

Chain moblock_fw (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_in (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp dpt:8888
RETURN tcp -- anywhere anywhere tcp dpt:ssh
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_out (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp dpt:8888
RETURN tcp -- anywhere anywhere tcp dpt:ssh
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 9093.

I think I have the same test failure problem as above guy.
Doing "moblock-control test" outputs FAILURE in 9 out of 10 times.
And sometimes like 1 out of 10 times I get SUCCESS. And it's the same test ip What's going on man, Is it on or off??

Listen people, as jre has told us before, the "test" isn't foolproof in it's design. Let me show you why;
Blocked OUT: General Electric Company,hits: 1,DST: 3.0.0.0
Blocked OUT: GAMES-BEZEQINT,hits: 2,DST: 212.179.109.105
Blocked OUT: GAMES-BEZEQINT,hits: 3,DST: 212.179.109.105
See, ip "3.0.0.0" *was* blocked, but i guess ip "212.179.109.105" was hammering you so fast that the script (that checks the *last* line in the log file) didn't catch the result of a succesful block...

Fesity AMD64 Error: (I'd like to build it from source but i thought i'd try the gusty packs.)

~$ sudo dpkg -i moblock-nfq_0.8-21+gutsy_amd64.deb
Selecting previously deselected package moblock-nfq.
(Reading database ... 125379 files and directories currently installed.)
Unpacking moblock-nfq (from moblock-nfq_0.8-21+gutsy_amd64.deb) ...
dpkg: dependency problems prevent configuration of moblock-nfq:
moblock-nfq depends on libc6 (>= 2.6-1); however:
Version of libc6 on system is 2.5-0ubuntu14.
moblock-nfq depends on libnetfilter-queue1 (>= 0.0.13); however:
Version of libnetfilter-queue1 on system is 0.0.12-1.
moblock-nfq depends on libnfnetlink0 (>= 0.0.25); however:
Package libnfnetlink0 is not installed.
dpkg: error processing moblock-nfq (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
moblock-nfq

Fesity AMD64 Error: (I'd like to build it from source but i thought i'd try the gusty packs.)

Nothing strange about that...
The gutsy packages has it's dependencies pointing to packages *in* gutsy.

It seems 64bit is gaining popularity. I tell all feisty owners the same thing i told 64bit gutsy owners. compile a .deb and i will post it in the guide.

Hi,

when i try to do this:

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B

i get this:

gpg: requesting key 9072870B from hkp server wwwkeys.eu.pgp.net
?: [fd 4]: read error: Connection reset by peer
gpgkeys: HTTP fetch error 7: couldn't connect: eof
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


is this an error on my end?

thanks

sorry if this has been resolved already. friend is getting this error:

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg: requesting key 9072870B from hkp server wwwkeys.eu.pgp.net
gpg: no valid OpenPGP data found.
gpg: read_block: read error: invalid packet
gpg: Total number processed: 0
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

thanks for any help.

i would say the server is temporarily down. try again later.

@all:
I changed the test log message for less confusion.
Also I put some lines to the install script to tell the users to be patient and have a look at the moblock.log to follow the update process.


If I run moblock off my openbox start menu with the command rxvt -e sudo /etc/init.d/moblock-nfq start it completely nerfs my internet connection.
Maybe there are environment problems when you use your openbox menu.
Do a "rxvt -e sudo printenv > printenv.rxvt" from the openbox start menu (like the way where moblock does not work) and a "sudo printenv > printenv.terminal" (like the way where moblock works). This will save the output of printenv in two files. Please send me a diff of those files.
Also, please give me the lines of moblock-control.log when starting does not work and the output of "iptables -L -v"

@pelle.k, feld and some others [empty blocklist after installation:]
Did you check if the blocklist was really empty? Perhaps it was just the wrong output of my installation script.

greets
jre

Hello jre. I did some investigating, and it turns out this is why the blocklists doesn't add to guarding.p2p at install time - after an update, it reloads;
do_reload() {
pidofproc $DAEMON > /dev/null 2>&1
DAEMON_STATUS=$?
if [ $DAEMON_STATUS -eq "0" ] ; then # If daemon was already running return value is 0
build_blocklist
echo -n "Reloading $DESC"
kill -HUP `pidofproc -p $PIDFILE $DAEMON`
RETVAL=$?
log_end_msg $RETVAL
elif [ $DAEMON_STATUS -eq "3" ] ; then
log_success_msg "$DESC is not running."
RETVAL=0
else
log_failure_msg "$DESC has some strange status."
log_failure_msg "Try \"`basename $0` stop\". Otherwise kill all $NAME processes,"
log_failure_msg "delete $PIDFILE and all iptables rules related to $DESC."
RETVAL=$DAEMON_STATUS
fi
}
And since the daemon isn't running [ $DAEMON_STATUS -eq "3" ], it quits without building the blocklist.
To have it build a blocklist after an update, the daemon has to be running already...

Also, can i suggest you background the ping in test_daemon;
# Send one icmp echo request to the tested IP address
ping -c1 $TEST_IP > /dev/null 2>&1 &

This removes the gap between the ping and the grep, and makes the test work if moblock is currently logging other blocked ip:s at the same time.

I'll be more than happy to generate a package if someone is willing to instruct me.

Thx pelle! That's really great to hear such suggestions. Both things happily accepted. I will release 0.8-22 soon.

I'll be more than happy to generate a package if someone is willing to instruct me.

From moblock-deb.sourceforge.net:
mkdir foo
cd foo
apt-get build-dep moblock
apt-get source moblock
cd moblock-VERSION
dpkg-buildpackage -rfakeroot
Just ask if you need further help

jre

(Added MoBlock for 32-bit feisty to /etc/apt/sources.list)
david@Devlon:~/moblock$ sudo apt-get update
...
Hit http://packages.medibuntu.org feisty/free Packages
Hit http://packages.medibuntu.org feisty/non-free Packages
Fetched 2188B in 25s (86B/s)
Failed to fetch http://moblock-deb.sourceforge.net/debian/dists/feisty/Release Unable to find expected entry main/binary-amd64/Packages in Meta-index file (malformed Release file?)
Reading package lists... Done
E: Some index files failed to download, they have been ignored, or old ones used instead.

david@Devlon:~/moblock$ sudo apt-get build-dep moblock
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Could not open file /var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_feisty_main_sourc e_Sources - open (2 No such file or directory)


I'm running Kubuntu AMD64-bit Feisty 7.01... Like I said I used the 32-bit Feisty resposatory, from the first post in this thread.

Ah, source retrieval fails, too :-/

Instead of "apt-get build-dep moblock" install these packages:
debhelper (>= 4.0.0), iptables-dev, dpatch, libnetfilter-queue-dev, libnfnetlink-dev

Instead of "apt-get source moblock" download these files:
http://moblock-deb.sourceforge.net/debian/dists/feisty/main/source/net/moblock_0.8-21+feisty.diff.gz
http://moblock-deb.sourceforge.net/debian/dists/feisty/main/source/net/moblock_0.8.orig.tar.gz
(and eventually this one: http://moblock-deb.sourceforge.net/debian/dists/feisty/main/source/net/moblock_0.8-21+feisty.dsc)
then unpack both files and apply (dpatch !?) the orig with the diff.

Then continue with the instructions. Sorry this is just a quick shot, not tested.

Greets and thx
jre

david@Devlon:~/moblock/moblock-0.8$ ls
00list moblock.conf moblock-nfq.init
blocklists.list moblock-ipq-control moblock-nfq.install
changelog moblock-ipq.cron.daily moblock-nfq.logrotate
Changelog moblock-ipq.dirs moblock-nfq.manpages
Changelog~ moblock-ipq.init moblock-nfq.postinst
compat moblock-ipq.install MoBlock-nfq.sh
control moblock-ipq.logrotate MoBlock-nfq.sh.dpatch
COPYING moblock-ipq.manpages NEWS.Debian
copyright moblock-ipq.postinst rbt.c
docs MoBlock-ipq.sh README
Makefile MoBlock-ipq.sh.dpatch README.blocklists
makefile.dpatch moblock.man README.Debian
makefile-moblock-control.dpatch moblock-nfq-control rules
moblock_0.8-21+feisty.dsc moblock-nfq.cron.daily THANKS
MoBlock.c moblock-nfq.dirs TODO.Debian

david@Devlon:~/moblock/moblock-0.8$ dpkg-buildpackage -rfakeroot
dpkg-parsechangelog: error: cannot open debian/changelog to find format: No such file or directory
dpkg-buildpackage: unable to determine source package is



Any ideas?

Why does MoBlock on Gutsy prevent me from accessing isoHunt.com and Doomworld.com, and why is it blocking my gmail and weather applets? It never blocked any these on Feisty.

Why does MoBlock on Gutsy prevent me from accessing isoHunt.com and Doomworld.com, and why is it blocking my gmail and weather applets? It never blocked any these on Feisty.

Moblock used to have port 80 whitelisted by default. Due to potentially weakened protection against adversaries this is no longer the case. If you read the howto that pelle.k posted at the start of the thread you can change this to allow port 80 (or just find the right place in the config file) but be aware that your 'protection' will be weakened (see link a few posts back).

You can (alternatively) use fewer lists to reduce these problems (e.g. just use Level1 list) and the use of a web proxy such as ecoproxy.com can let you get round the problem for minor cases (don't use for secure sites etc).

What kind of "adversaries" are we talking about here?

What kind of "adversaries" are we talking about here?

Microscopic, one-in-a-thousand (million?) chance, that some malware (installed on *your* computer) (virtually non-existant in linux) could use a whitelisted port to receive communication from an outside source that is in the blocklist.
IMHO people should be more worried about the lack of a proper firewall, than this scenario i describe above. But sure, this could happen.

Well I whitelisted port 80 but it still denies my gmail applet...

What port is your gmail applet using? You might need to whitelist that port also.

P.S. I'm still stuck with the error message with the compiling posted above.

I can't find what port it uses, no docs or anything for it can be found.

I can't find what port it uses, no docs or anything for it can be found.
Use the power of the command line! :D
Close down pretty much all programs that are using internet connectivity, and then run
netstat -a --program
You might figure it out that way...
*or*, you could figure out what the blocked "range" is in the moblock log file, and put that in moblock.conf so that moblock filter that "range" out when it rebuilds the blocklist for you. Just a couple of suggestions for ya...

Follwed jre's instruction, I created deb package for feisty amd64.
Great job jre!! many thanks. =D>

Here's deb package for feisty amd64.

Excellent! Added to howto.

Hi Pelle,

I am using a simple text based firewall

#!/bin/sh

if [ -r /lib/lsb/init-functions ]; then
. /lib/lsb/init-functions
fi

firewall_start()
{
# Flush all rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

# Default policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow everything on the loopback network
iptables -A INPUT -i lo -j ACCEPT

# Allow ICMP from the intranet router
iptables -A INPUT --protocol icmp --source 192.168.0.1 -j ACCEPT

# Allow everything from the home server
iptables -A INPUT --source 192.168.0.2 -j ACCEPT

# Allow established sessions
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming SSH sessions
iptables -A INPUT --protocol tcp --dport 22 --source 192.168.0.0/24 \
-m state --state NEW -j ACCEPT

# Allow incoming ftp sessions
iptables -A INPUT --protocol tcp --dport 21 --source 192.168.0.0/24 \
-m state --state NEW -j ACCEPT
iptables -A INPUT --protocol udp --dport 21 --source 192.168.0.0/24 \
-m state --state NEW -j ACCEPT
iptables -A INPUT --protocol tcp --dport 22 --source 192.168.0.0/24 \
-m state --state NEW -j ACCEPT
iptables -A INPUT --protocol udp --dport 22 --source 192.168.0.0/24 \
-m state --state NEW -j ACCEPT

# Allow incoming bittorent sessions
iptables -A INPUT --protocol tcp --dport 6881 -m state --state NEW -j ACCEPT
iptables -A INPUT --protocol udp --dport 4444 -m state --state NEW -j ACCEPT

# Allow incoming ICMP echo request and errors
iptables -A INPUT --protocol icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT --protocol icmp --icmp-type destination-unreachable \
-j ACCEPT

# Drop intranet broadcasts
iptables -A INPUT --protocol udp --destination 192.168.0.255 -j DROP

# Drop and log other packets
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
}

firewall_stop()
{
# Flush all rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

# Default policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
}

case "$1" in
start)
log_begin_msg "Starting firewall..."
firewall_start
log_end_msg 0
;;

stop)
log_begin_msg "Stopping firewall..."
firewall_stop
log_end_msg 0
;;

restart)
log_begin_msg "Restarting firewall..."
firewall_stop
firewall_start
log_end_msg 0
;;

*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac


So If I replace ACCEPT with NFQUEUE and run moblock first and then my firewall - will this mean my firewall will filter packets first bassed on port and then moblock will filter what is sent to NFQUEUE based on ip ?



Sure thing. That is essentially the problem. Firestarter (as an example) doesn't offer to send packets to NFQUEUE instead ACCEPT (the last time i checked).

If it did, we could do what moblock does, with firestarter. And yes, moblock *could* in theory be a full featured firewall since it deals with iptables, but that is not it's primary task.

In fact, moblock just does filtering in userspace (kernel), the iptables rules (created from a bash script) is just what is needed to get traffic to go that route.

I installed Moblock succesfully in Fiesty about a week ago, the log file showed my schools IP blocked over and over and such and all was well and good.

Since then I have upgraded to Gutsy. I followed the same proccess to install Moblock but no IP's at all are showing up in var/log/moblock.log. I have made sure that my blocklists are updated and the correct lists are uncommented, but still noting. Any ideas?

So If I replace ACCEPT with NFQUEUE and run moblock first and then my firewall - will this mean my firewall will filter packets first bassed on port and then moblock will filter what is sent to NFQUEUE based on ip ?

AFAIK, the moblock rules should be below the port blocking rules if you want it to function like that. Manually editing the ipfilter rules should work fine - the problem with Firestarter etc is a deficiency in the program and not in ipfilter.

I can't comment on the actual file since I understand firewall theory but not iptables syntax yet (still, shame on me).

I think that replacing ACCEPT with NFQUEUE basically means that the firewall 'ok-s' the packets from it's perspective and passes them on to moblock (rather than just letting them through completely).

Hopefully pelle.k or jre can clarify for you.

I have made sure that my blocklists are updated and the correct lists are uncommented, but still noting. Any ideas?

Is your schools IP range actually in the current edu file? If not, you could find out the IP range using www.whois.sc or simmilar and add it in the manual range section (see faq @ start).

So If I replace ACCEPT with NFQUEUE and run moblock first and then my firewall - will this mean my firewall will filter packets first bassed on port and then moblock will filter what is sent to NFQUEUE based on ip ?
I'm no iptables guru either, but it should work if you do just that.
Remeber to deactivate iptables in /etc/moblock.conf.

I'm reasonably inexperienced with MoBlock, and I've just run into a problem: After installing MoBlock I see the following:

2007-10-10 09:07:15 AM PDT End: /usr/bin/moblock-control restart
* Logging to /var/log/moblock.log
* Ranges loaded: 242399
* Using .p2p file format
* Merged ranges: 274
* Skipped useless ranges: 7345
NFNETLINK answers: Invalid argument

I then can't connect to anything...

Can anyone explain what's happening here? And perhaps how to remedy it? :confused:

I've put the amd64 packages also to moblock-deb.sf.net. Thx to the contributors - and always stay with the current version :-)
daradib, minijoe: How did you download the sources? Didn't you have the problems that DaveTheAve has?

P.S. I'm still stuck with the error message with the compiling posted above.

Finally an answer, although minijoe already made a packet for feisty. These are the instructions to build your own moblock packages (in this example for version 0.8-23. The source of the versions 0.8-23, 0.8-23+feisty and 0.8-23+gutsy is always the same.)

Make a directory:
mkdir foo
cd foo

Get the build dependenies:
apt-get build-dep moblock
or install the build dependencies manually instead: debhelper (>= 4.0.0), iptables-dev, dpatch, libnetfilter-queue-dev, libnfnetlink-dev

Get the source:
apt-get source moblock
or get the source manually instead:
wget http://moblock-deb.sourceforge.net/debian/dists/sid/main/source/net/moblock_0.8.orig.tar.gz
wget http://moblock-deb.sourceforge.net/debian/dists/sid/main/source/net/moblock_0.8-23.diff.gz
wget http://moblock-deb.sourceforge.net/debian/dists/sid/main/source/net/moblock_0.8-23.dsc
tar xvzf moblock_0.8.orig.tar.gz
zcat moblock_0.8-23.diff.gz | patch --strip=0
chmod +x debian/rules

or take the actual development version (normally there are no or not much differences to the released version) instead:
svn co https://moblock-deb.svn.sourceforge.net/svnroot/moblock-deb/moblock moblock-deb

Compile and build the package:
cd moblock-0.8
dpkg-buildpackage -rfakeroot

@wilberfan:
Huh, never seen this error messages ("NFNETLINK answers: Invalid argument"). And google has it only 4 times, including you.
Did it work before you did the "restart"?
Which distro are you using (feisty!?), which kernel version? Are you on i386 or amd64? What's the version of your moblock .deb (0.8-23+feisty !?)? I guess you are using the -nfq version!?
Are all kernel modules loaded correctly ("lsmod")?
Did you change any configuration files or anything else (if yes, then "purge" moblock and then reinstall it)? Or post/send me your configuration file so that I can check it for errors.

greets
jre

@wilberfan:
Huh, never seen this error messages ("NFNETLINK answers: Invalid argument"). And google has it only 4 times, including you.
Did it work before you did the "restart"?
Which distro are you using (feisty!?), which kernel version? Are you on i386 or amd64? What's the version of your moblock .deb (0.8-23+feisty !?)? I guess you are using the -nfq version!?
Are all kernel modules loaded correctly ("lsmod")?
Did you change any configuration files or anything else (if yes, then "purge" moblock and then reinstall it)? Or post/send me your configuration file so that I can check it for errors.
jre

Well, I am getting that error under Debian Sid (specifically, Sidux). MoBlock DID work properly the first day I installed it--I remember having to wrestle with changing settings to let Thunderbird get access to my pop servers... A couple of days later, (Beginning, perhaps, yesterday?) I was getting that NFNETLINK message...

(I have done a dist-upgrade--which, for those unfamiliar with Sidux--is always the latest of everything from the Debian Sid repos--including the latest kernel, etc... I have no idea if/how that would effect moblock!)

I currently have Gutsy 64-bit installed on one box--but I thought I'd try moblock out first under my (32-bit) Debian (Sidux).

Here's my moblock.config file:

# moblock-control configuration file

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="0"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"


################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

# Define which traffic shall be sent to NFQUEUE (if it is sent there).
# 0 - All traffic
# 1 - Only NEW traffic
IPTABLES_STATE="1"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
#WHITE_TCP_OUT="http https"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist
# Seperate lines with a semicolon. The example will delete lines that contain
# either "Bogon", "General Electric Company" or "4.2.162.144-4.2.162.151"
#IP_REMOVE="Bogon;General Electric Company;4.2.162.144-4.2.162.151"

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0

Whilst I don't specifically know how to solve the problem my best guess, based on intuition, is that somehow the netfilter package that moblock depends upon has been screwed up somehow in the update and is either broken or something else is causing it problems.

I would try purging that package and reinstalling it (rather than the moblock one) and, if that does not solve the problem, devoting your investigation in that direction.

Probably not a major insight, but that is the best thing I can think of atm.

@wilberfan : funny you should mention that... I just had the same error a moment ago. seems to be caused by the new 2.6.23 kernel (check what your sidux install is using) - I reverted to 2.6.22.9 and everything is working, for now, but it is something that will need to be dealt with somehow in the future...

I did try updating all moblock deps to the latest versions, but that didn't help so I think it's the kernel itself.

Sorry, which specific package are you suggesting I try removing and reinstalling? I just did one of these

apt-get remove --purge libnetfilter-queue1

But it uninstalled moblock-nfq as well...

@wilberfan : funny you should mention that... I just had the same error a moment ago. seems to be caused by the new 2.6.23 kernel (check what your sidux install is using) - I reverted to 2.6.22.9 and everything is working, for now, but it is something that will need to be dealt with somehow in the future...

I did try updating all moblock deps to the latest versions, but that didn't help so I think it's the kernel itself.

You know, I was wondering about that...cuz I upgraded to 2.6.23 on both machines yesterday/today...

Thanks for the hint...!

[EDIT] I just installed MoBlock on my 64-bit Gutsy via the .deb, and it seems to be working OK. Lends credence to our 'kernel theory'...? (Gutsy is using 2.6.22-13 at the moment?)

I just filed a bug report on moblock website, we'll see how that goes...

I looked through the changes in linux 2.6.23 and this seems to be due to the recent change in nf_queue.c:
if (pf >= NPROTO)
return -EINVAL;
was added to nf_register_queue_handler, and this seems to be where the moblock syscall fails. I hope somebody fixes this.. in the mean time I've patched my kernel to revert the 2.6.23 change in nf_queue.c.

Actually I think the problem lies with libnetfilter_queue rather than with moblock, but their Bugzilla server is down so I can't file a bug.

I made a stupid mistake; booted into 2.6.22 instead of the patched 2.6.23. Therefore, my post isn't valid: the problem must lie elsewhere. I'm currently compiling 2.6.23 with netfilter debugging to try to find the cause of all this.

I looked through the changes in linux 2.6.23 and this seems to be due to the recent change in nf_queue.c:
if (pf >= NPROTO)
return -EINVAL;
was added to nf_register_queue_handler, and this seems to be where the moblock syscall fails. The moblock developers don't seem to be very active, but I hope somebody fixes this.. in the mean time I've patched my kernel to revert the 2.6.23 change in nf_queue.c.

So patching the kernel would just involve removing those two lines from nf_queue.c? If so, that's not too bad - I compile my own kernels anyways...

Thanks for the info, btw, I've added that to the bugreport.

Sorry, which specific package are you suggesting I try removing and reinstalling? I just did one of these

apt-get remove --purge libnetfilter-queue1

But it uninstalled moblock-nfq as well...

That was what I meant. Since moblock-nfq had it as a dependency I guess apt-get auto-removed moblock too (i'm used to using aptitude). It's not a problem though - since moblock-nfq was not purged and thus you don't loose all your config changes when re-installing it.

So patching the kernel would just involve removing those two lines from nf_queue.c? If so, that's not too bad - I compile my own kernels anyways...

Thanks for the info, btw, I've added that to the bugreport.

I made a stupid mistake; booted into 2.6.22 instead of the patched 2.6.23. Therefore, my post isn't valid: the problem must lie elsewhere. I'm currently compiling 2.6.23 with netfilter debugging to try to find the cause of all this.

I am new to Moblock as well, and it blocks Pidgin from connecting. How would I enable it to access?

I am new to Moblock as well, and it blocks Pidgin from connecting. How would I enable it to access?

Find out what is being blocked by looking in /var/log/moblock.log

Edit /etc/moblock/moblock.conf and add the IPs that you want to unblock to the exclude section...

So I installed Moblock today and followed the instructions and it still blocks all of my HTTP traffic. With Moblock on I cannot access any webpages at all.

YES I did delete the hash in the configuration file on line 68.
YES I did restart moblock (even my computer a few times)
YES I did re-install with no luck.
and YES after doing all of that it still blocks my http traffic.

Can anyone please help?

Thanks,
Tipsqueal.

[edit] It apparently blocks my all of my GAIM traffic (port 5190) and the traffic that the weather applet uses too.

I made a stupid mistake; booted into 2.6.22 instead of the patched 2.6.23. Therefore, my post isn't valid: the problem must lie elsewhere. I'm currently compiling 2.6.23 with netfilter debugging to try to find the cause of all this.

The Moblock developer has provided a temporary fix for the 2.6.23 kernel - you'll find it in the bug report here (https://developer.berlios.de/bugs/?func=detailbug&bug_id=12156&group_id=2509).

Can anyone please help?


sudo moblock-control status
paste the output here...

it says:

Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 18768 packets, 19M bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT 0 -- lo any anywhere anywhere
0 0 ACCEPT 0 -- lo any anywhere anywhere
44 2200 ACCEPT 0 -- lo any anywhere anywhere
2 100 ACCEPT 0 -- lo any anywhere anywhere
0 0 moblock_in 0 -- any any anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw 0 -- any any anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT 18996 packets, 3108K bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT 0 -- any lo anywhere anywhere
0 0 ACCEPT 0 -- any lo anywhere anywhere
44 2200 ACCEPT 0 -- any lo anywhere anywhere
2 100 ACCEPT 0 -- any lo anywhere anywhere
0 0 moblock_out 0 -- any any anywhere anywhere state NEW

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- any any anywhere anywhere tcp dpt:https
0 0 RETURN tcp -- any any anywhere anywhere tcp dpt:www
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 10537.


Hope that helps...

Chain INPUT (policy ACCEPT 18768 packets, 19M bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT 0 -- lo any anywhere anywhere
0 0 ACCEPT 0 -- lo any anywhere anywhere
44 2200 ACCEPT 0 -- lo any anywhere anywhere
2 100 ACCEPT 0 -- lo any anywhere anywhere
0 0 moblock_in 0 -- any any anywhere anywhere state NEW
Your input output chains look a bit odd. Is this some iptables configuration i don't recognize, or is it simply broken somehow.
I only have one RETURN target before moblock_*, not 4 ACCEPT.
Can anyone on feisty confirm?

HI all,

I've just updated from an older version of Moblock (using the old 'unstable' repo to the current one on page 1, and I've noticed that the Gnome Panel Weather applet cannot update successfully.

If relevant, the weather update is pointing to the server for Adelaide, Australia.

Now, how can I go about finding what IP or Port that I need to whitelist, and how do I do it?

many thanks for any and all help.

cheers

Scruffy

Edit: Moblock Status Report:
Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 303K packets, 257M bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT 0 -- lo any anywhere anywhere
44 4107 ACCEPT 0 -- lo any anywhere anywhere
2267 237K moblock_in 0 -- any any anywhere anywhere state NEW
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw 0 -- any any anywhere anywhere state NEW
Chain OUTPUT (policy ACCEPT 273K packets, 199M bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT 0 -- any lo anywhere anywhere
44 4107 ACCEPT 0 -- any lo anywhere anywhere
985 120K moblock_out 0 -- any any anywhere anywhere state NEW
Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0
Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
2267 237K NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- any any anywhere anywhere tcp dpt:https
8 480 RETURN tcp -- any any anywhere anywhere tcp dpt:www
977 119K NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0
Please check if the above printed iptables rules are correct!
* moblock is running, pid is 8203.


Also I note that www.google.com is now blocked !

EDIT: SOLVED THE PROBLEM!

sudo gedit /etc/moblock/blocklists.list

Locate lines 22, 23 & 24 - they are the ones referring to IANA. Comment them out.

Then:
sudo moblock-control reload

And after a short time, the weather update and websites such as Google will be back.

Your input output chains look a bit odd. Is this some iptables configuration i don't recognize, or is it simply broken somehow.
I only have one RETURN target before moblock_*, not 4 ACCEPT.
Can anyone on feisty confirm?

Hi, pelle.k, here is my one:

Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo any anywhere anywhere
0 0 moblock_in 0 -- any any anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw 0 -- any any anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- any lo anywhere anywhere
0 0 moblock_out 0 -- any any anywhere anywhere state NEW

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- any any anywhere anywhere NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 6360.

So the strange lines would appear to be:

2 100 ACCEPT 0 -- lo any anywhere anywhere
44 2200 ACCEPT 0 -- lo any anywhere anywhere
2 100 ACCEPT 0 -- lo any anywhere anywhere

Hi,

Long time Windows user, just recently started with Linux and have a quintuple boot sys with XP, Vista, PcLinux 2007, Ubuntu 6.10 and Kubuntu 7.04. I have Moblock running in Ubuntu but Kubuntu is giving me some probs.

It seems to be blocking almost everythin but when I ping Microsoft nothing shows up in the logfile and get ¨packet filtered¨ bla bla in the ping terminal.

Here are a few tests I ran.

pidof moblock
6015




tail -f /var/log/moblock.log

Merged range 'Easynet UK', with range 'Easynet UK'
Ranges loaded: 238346
Merged ranges: 265
Skipped useless ranges: 6898
NFQUEUE: binding to queue '0'
Blocked OUT: New Dream Network, LLC,hits: 1,DST: 208.113.142.250
Blocked OUT: Max-Planck-Institut fur Plasmaphysik (IPP),hits: 1,DST: 130.183.3.145
Blocked OUT: New Dream Network, LLC,hits: 2,DST: 208.113.140.203
Blocked OUT: Opera Software,hits: 1,DST: 193.69.116.32
Blocked OUT: BBC,hits: 1,DST: 212.58.226.73
Blocked OUT: BBC,hits: 2,DST: 212.58.226.77
Blocked OUT: BBC,hits: 3,DST: 212.58.226.77
Blocked OUT: BBC,hits: 4,DST: 212.58.226.77
Blocked OUT: BBC,hits: 5,DST: 212.58.226.77
Blocked OUT: BBC,hits: 6,DST: 212.58.226.77
Blocked OUT: BBC,hits: 7,DST: 212.58.226.77



ping microsoft.com

PING microsoft.com (207.46.232.182) 56(84) bytes of data.
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=24 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=42 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=43 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=144 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=145 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=238 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=255 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=394 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=395 Packet filtered
From 207.46.35.134 icmp_seq=396 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=433 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=446 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=447 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=448 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=515 Packet filtered
From po14.tuk-65ns-mcs-1a.ntwk.msn.net (207.46.35.134) icmp_seq=516 Packet filtered


Edit:

When I visit the MS page, MS will get blocked however.

Blocked OUT: NetIQ,hits: 1,DST: 63.88.212.184
Blocked OUT: Microsoft Corp,hits: 1,DST: 207.46.18.254
Blocked OUT: NetIQ,hits: 2,DST: 63.88.212.184
Blocked OUT: Microsoft Corp,hits: 2,DST: 207.46.18.254
Blocked OUT: NetIQ,hits: 3,DST: 63.88.212.184
Blocked OUT: Microsoft Corp,hits: 3,DST: 207.46.18.254
Blocked OUT: NetIQ,hits: 4,DST: 63.88.212.184
Blocked OUT: Microsoft Corp,hits: 4,DST: 207.46.18.254



regards,

If you want to make your own moblock binary package from source and install it, you can use the following instructions. This worked for me on Ubuntu Gutsy 64-bit, but it should work on any system. Tell me how it goes.


mkdir moblock
cd moblock
sudo apt-get build-dep -y moblock
apt-get source moblock
cd moblock-*
dpkg-buildpackage -rfakeroot
cd ..
sudo dpkg -i moblock-nfq*.deb
sudo apt-get purge -y iptables-dev libnetfilter-queue-dev libnfnetlink-dev
sudo apt-get install -f


Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better.

These commands make the directory moblock and then changes the current working directory to it. It then installs moblock's development dependencies. The moblock source package is downloaded and changes the current working directory to it. The source and binary packages are built and the working directory moves one directory up. Then the moblock-nfq*.deb is installed and its dependencies are installed. Finally, the development dependencies (including configuration files) are removed.