A new problem has arrived. Moblock is suddenly blocking all http traffic via any search engine. Google and Yahoo gets blocked.

I still want to keep HTTP blocked and only let searches via Google and Yahoo to get through. How do I go about that?

I have already read all 75 pages yesterday to solve other problems.:popcorn:

What I mean: what and where do I put the IP ranges for Google?

I have tried the following to solve the above problem:

Uncommented the Iana lines > no result

Still everything blocked. Have to switch to xp to even log in here.:confused: Why did it work in the first place?

A new problem has arrived. Moblock is suddenly blocking all http traffic via any search engine. Google and Yahoo gets blocked.

I still want to keep HTTP blocked and only let searches via Google and Yahoo to get through. How do I go about that?

I have already read all 75 pages yesterday to solve other problems.:popcorn:

What I mean: what and where do I put the IP ranges for Google?

Hi,
In your '/etc/moblock/blocklists.list' have you uncommented the 'Spiders' list?
if soo, you need to re-comment it, like so;
# bluetack.co.uk/config/spider.gz
then, 'stop', 'update', 'restart' then 'reload' moblock, like so;
sudo moblock-control stop
sudo moblock-control update
sudo moblock-control restart
sudo moblock-control reload
hope that helps.

If your inexperienced with using blocklists just use the ones that you need i.e. level1, using too many can cause conflicts.

Unfortunately the advice came a bit too late.:lolflag:

After changing /etc/moblock/moblock.conf I performed a reload and Kubuntu completely froze. The only way to get out was a hard reboot. After this I cannot get into Kubuntu anymore. The startscreen appears but at the end of the startup cycle, Kubu hangs and then goes to a alternate screen where it says: "fsck dies with exit status 1" and "Mount: special device .dev/dsk/by-uuid/463a-19b5 does not exist" and from there on nothing happens.

I had a look into the files of Kubuntu via PcLinux and corrected the moblock file but this didn't help. Is there another file that I could edit to fix this?

I had a look into the files of Kubuntu via PcLinux and corrected the moblock file but this didn't help. Is there another file that I could edit to fix this?
The problem you have is not with moblock. You computer froze, probably while writing some stuff to the kubuntu root partition, and thus it's "broken". I can only recommend that you run "fsck.ext3 -fp /dev/<insert device here>" as root in pclinuxos.

belgoflac, I don't think that your fsck/mount problem is related to moblock.

General: Have a look at /usr/share/doc/moblock-nfq/README.blocklists.gz to get an idea which lists are used. Then you will see that the spider list is more than Google and Yahoo. You can also look directly at the lists (/var/spool/moblock/...).

I don't know why not using the IANA lists should fix problems with Google/Yahoo/Weather Panel. Of course these lists also can cause problems, just others ;-)

So, if google and yahoo are your friends then my advice is to set in moblock.conf
IP_REMOVE="google;yahoo".
Alternatively you can "tail -f /var/log/moblock.conf" while using google and yahoo and add the blocked IPs to IP_TCP_OUT="..."

EDIT: SOLVED THE PROBLEM!

sudo gedit /etc/moblock/blocklists.list

Locate lines 22, 23 & 24 - they are the ones referring to IANA. Comment them out.

Then:
sudo moblock-control reload

And after a short time, the weather update and websites such as Google will be back.


Thanks that helped a lot! Although it still blocks my Evolution email client from getting my Gmail mail. Anyone have any ideas?

Thanks,
Tipsqueal

I've updated the FAQ to help you solve your problem.

I solved the Gmail problem by whitelisting two ports that Gmail required to be open. I don't remember what ports they were, but you can find it in the help section of Gmail that discusses setting up POP.

Hi,

say i go to one of my favourite sites (not knowing its anti-p2p) and realise its being block by moblock (beacuse using a list that blocks it and http;https is commented out), so i add a couple of the blocked ips to the white tcp out list.

although now i would be able to access the website what about the warez i'm downloading with bittorrent on port 5****?

won't there be the potential that the site i've unblocked for browsing beng able to connect to me through the p2p client?

you see this is why i think 'system wide blocking in this case doesn't work.

for the system broadcasting/processes etc.. i.e...
IANA
LAN blocking
bogon
and spersific http blacklists i.e. AD servers...
moblock works great.

It would work best imo if you could just, say, bind moblock to certain programs i.e. p2p aps (BT, amule).
This working beacuse you woulded have to unblock anything, including http access to and from that spersific program. This is why emules updated IPfilter can contain vitually all the blocklist including spiders list (All google, yahoo) and if you used the same in moblock it would block nearly all websites!

What im basically asking is it more secure, less secure?, pros?, cons? in using ip blocking only on the spersific ports/programs that need it. i.e.
ADS lists only used on all http/https access
iana/bogon/lan lists used system wide
and level1/templist/spiders only in the the programs you need it. (without having to unblock anything.

correct me if im wrong :KS...

rant..

Listen, it doen't serve you to be this paranoid.
Like always, the only thing we can do is add "layers" of protection, and if that doesn't work, so be it. The only thing we can do is try.
I tell you, there's not a single computer on the net that is perfectly safe. If a hacker want's in, in theory ha can, it's just a matter of time and persistance (could be a minute or a hundred years, but still).

The fact is, that if you whitelist a specific ip _out, that means you will only allow new connections _out, not _in.
Of course you allow RELATED connections in, but those are only invited in by you initiating a connection *first*. Like with firefox, (you contact ip xxx.xxx.xxx.xxx, that ip replies).

Sure that could be a bad guy, but do you really think these blocklists are 100% correct? I would say you are probably contacting *far* more bad IP:s without knowing it because these lists are incomplete in some way, so worrying about a few whitelisted IP:s dont really serve you, IMHO.

thank you for your reply, i see your point entirely.

p.s. keep up the good work, nice guide :)

p.p.s. 'The leading causes of death in the United States are: 1. Heart Disease 2. Chuck Norris 3. Cancer'

Listen, it doesn't serve you to be this paranoid.

What?!?! Heresy!!!! ;)

:)

I just released moblock 0.8-26. It includes the "patch" from upstream for the kernel 2.6.23 problem. Since gutsy still fails to build here I recommend gutsy users to build the package manually.
Debian package changelog: http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/moblock/moblock-0.8/moblock-0.8/debian/changelog?view=markup

greets
jre

I have created a page on the Ubuntu Community Documentation. If you don't mind, pelle.k, I'd like you to take a look at it (corrections, edits, comments). It can be used to maintain the howto up to date. Instructions for FireHOL users and apparently the new packages need to be added on to the page.

https://help.ubuntu.com/community/MoBlock

I could not get the source package for moblock gutsy 0.8.26 (0.8.21 is the latest provided) so that I could compile it. I will try again tomorrow to see if the server has been updated. If not, should I use the Feisty source packages to compile a binary Gutsy 64-bit package?

Cool! I might even consider linking there, and use that as the "howto" instead. It seems it would be more trouble updating both guides, than to maintain just one of them...
Is that what you had in mind?

hi, im using 7.04
until yesterday the moblock-control test worked, today i downloaded the update, tried the test but it says:

* MoBlock did not block the IP. Test failed.
* Have a look at "/usr/bin/moblock-control status"
ok i read that there is a problem with the test, but there is a mode to test it? any ping or something?

i dont have any BLOCK in tail -f /var/log/moblock.log, just

...
[infinite Skipping useless range items]
...
Ranges loaded: 245274
Merged ranges: 320
Skipped useless ranges: 5586
moblock-control: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.


thx

I could not get the source package for moblock gutsy 0.8.26 (0.8.21 is the latest provided) so that I could compile it. I will try again tomorrow to see if the server has been updated. If not, should I use the Feisty source packages to compile a binary Gutsy 64-bit package?

daradib, I can't compile Gutsy currently (I don't know why it doesn't work, remember I make the packages under a Debian system with "pbuilder"). And since I can't compile them the source doesn't get uploaded ...
But you can use any other (sid, etch, lenny, feisty) entry for your sources.list - the source is always the same.

@dodoalien: I think you just have to wait a bit longer until moblock has loaded it's whole configuration. And by the way: the "test" pings the first IP of the blockfile and then checks the logfile if this IP was blocked.

jre

@dodoalien: I think you just have to wait a bit longer until moblock has loaded it's whole configuration. And by the way: the "test" pings the first IP of the blockfile and then checks the logfile if this IP was blocked.

i have waited (since i booted my pc 4 hours ago, is enought? ;)) and nothing changed.

sudo moblock-control test
Testing MoBlock: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP. Test failed.
* Have a look at "/usr/bin/moblock-control status"


tail -f /var/log/moblock.log
Skipping useless range: (050327) W32.Spybot 1433
Skipping useless range: (050309) W32.Rahack 4899
Skipping useless range: (050428) W32.Spybot 1433 6000
Skipping useless range: (050412) W32.Rahack 4899
Skipping useless range: (050326) Unassigned 33437
Ranges loaded: 245274
Merged ranges: 320
Skipped useless ranges: 5586
moblock-control: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...


moblock can work with firestarter? can firestarter be the "problem"?

moblock can work with firestarter? can firestarter be the "problem"?

moblock cannot work with firestarter - the problem is mentioned in the howto on thread page 1...

* Firestarter (most iptables firewalls) does not work with moblock ATM

Pleeeeeeaassseee, read stuff, oki? ^_^

ops, but i got FS up yesterday and all was ok... mistery ;)

im going to remove it then :) thx



EDIT:
yep removed FS, rebooted, and now all is ok...

sorry mates :)

pelle.k and jre - off topic, but why do you use debian (iirc) and not ubuntu - I'm just curious...

Edit: I ran dpkg-buildpackage under gutsy so are they gutsy packages or feisty ones? :confused:

Why isn't the source for 0.8-26 copied into the gutsy folder too?

I'm relatively new to ubuntu, and I'm trying to install moblock. I got everything installed, but It seems that moblock is having a hard time starting up. I'm on Ubuntu 7.10 fully updated. I'm getting the message

sudo moblock-control test
Testing MoBlock: head: cannot open `/etc/moblock/guarding.p2p' for reading: No such file or directory
trying to ping from /etc/moblock/guarding.p2p ...
tail: cannot open `/var/log/moblock.log' for reading: No such file or directory
* MoBlock did not block the IP. Test failed.


I tried a manual update, restarting moblock to no avail.
When i tried an update, all i got is

sudo moblock-control update
Updating blocklists and reloading MoBlock if any blocklist was updated

any help would be appreciated

I suggest you instead of making a new thread make a wiki page. https://wiki.ubuntu.com/MoBlock

Correct me if I'm wrong, but Isn't the Ubuntu forum designed to help us newbies to use and understand Ubuntu? Well, I'm here with a legitimate question and I don't think making a wiki page just for a simple request for help will do much. I have already read the moblock documentations, searched the forums, and now, after exhausting all other means of getting answers, I am directly asking in a relevant forum thread. If you can't help me, please don't send me on some wild goose chase. Again, I greatly appreciate any help.

Dude, not talking to you but the original poster of this thread! :)

Ha Ha, oh... in that case, Yeah, make a Wik!!! ;)

pelle.k: yes, that is what I had in mind.

I have also attached an updated shell script (which installs dependencies and does not remove the generated debs) so they can be attached to this thread. The shell scripts should work on all recent Ubuntu releases (all architectures), but I have only tested it on Ubuntu Gutsy 64-bit.

I used the source package from feisty repository and created the following two debs. (I changed the top part of debian/changelog to the following (it was feisty before), so that the generated debs would be 0.8-26+gutsy not 0.8-26+feisty.

moblock (0.8-26+gutsy) gutsy; urgency=low

* binary upload

-- jre <jre-phoenix@users.sourceforge.net> Tue, 16 Oct 2007 20:05:50 +0200

Edit: I ran dpkg-buildpackage under gutsy so are they gutsy packages or feisty ones? :confused:

It appears to be Feisty because the the top part of debian/changelog has not been changed from Feisty to Gutsy. See my last post. I changed debian/changelog so that the packages would say Gutsy.

Why isn't the source for 0.8-26 copied into the gutsy folder too?[/QUOTE]

See jre's last post (http://ubuntuforums.org/showpost.php?p=3550341&postcount=770).


I can't compile Gutsy currently (I don't know why it doesn't work, remember I make the packages under a Debian system with "pbuilder"). And since I can't compile them the source doesn't get uploaded ...
But you can use any other (sid, etch, lenny, feisty) entry for your sources.list - the source is always the same.


I guess you just have to change debian/changelog.

I suggest you instead of making a new thread make a wiki page. https://wiki.ubuntu.com/MoBlock

Actually, I created one. See it at https://help.ubuntu.com/community/MoBlock

I would appreciate if people look over it to make sure there are not any mistakes and of course to improve/add.

Wow! Well done Sir, outstanding job!

pelle.k and jre - off topic, but why do you use debian (iirc) and not ubuntu - I'm just curious... it shouldn't really matter if you run debian or ubuntu, just as long as you use pbuilder to compile in a chroot, of say, feisty or any other version of debian/ubuntu...
btw, i run gutsy :)

As a follow-up to my post (http://ubuntuforums.org/showpost.php?p=3509046&postcount=728) from a week ago or so, I wanted to let everyone know that MoBlock seems to be working now on my Sidux install! (Yay!)

I tend to keep Sidux up-to-date (that's the FUN of Sidux!), so I don't know if a different kernel made the difference, or....? (At the moment, I'm running kernel 2.6.23.1-slh-smp-3?)

I always like to try and understand why something works (or doesn't)--any idea what would have changed in the last week or so that would make MoBlock run OK now?

I got everything installed, but It seems that moblock is having a hard time starting up. I'm on Ubuntu 7.10 fully updated. I'm getting the message:

sudo moblock-control test
Testing MoBlock: head: cannot open `/etc/moblock/guarding.p2p' for reading: No such file or directory
trying to ping from /etc/moblock/guarding.p2p ...
tail: cannot open `/var/log/moblock.log' for reading: No such file or directory
* MoBlock did not block the IP. Test failed.

Check that the /etc/moblock/guarding.p2p and /var/log/moblock.log exist, using a file manager or a terminal /w the cd & ls commands. If they don't then either try a reinstall (and actually purge the config files too) or try creating the two files (just blank ones using a text editor via sudo - eg sudo gedit in a terminal) and then re-update.

sudo aptitude purge moblock-nfq; sudo aptitude install moblock-nfq would do a reinstall.

The update message looks fine.

For daradib:
Thanks for the suggestions. I found what I think is the debian/changelog, and edited the appropriate section, however, the files created are still labelled as feisty ones. I also tried changing the word feisty anywhere in the folders to gutsy and tried again but that didn't work either - guess I must have missed a few. I saw the one-liner about jre not putting up gutsy source because it wouldn't compile (fair enough, it's not my choice to make), but if I had moblock_0.8-26+gutsy.diff.gz would it not make the whole process much easier?

quixotic-cynic: daradib basically said everything: you just have to change the first line in moblock-0.8/debian/changelog and your package will have a new name.
The source diff is created automatically when I do the compiling (everything is done by pbuilder/pdebuilder, dupload and debarchiver). Have a look at the script that I use to make the packages, to get an idea why I won't create this manually: http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/stuff/admin/moblock-deb-packager.sh?view=log

wilberfan: Which moblock version are you using? I applied the "patch" from the upstream author in 0.8-26.
As I understood it it was a bug in the kernel.
Was the kernel or any library moblock depends on updated since you experienced the problem first?
moblock 0.8-26 + no relevant updates --> patch fixed the problem
moblock < 0.8-26 --> some other update fixed your problem; you have to tell us what was updated.
Please answer so that I know if I can remove the patch again.

OFFTOPIC discussion: I run Debian because, hmm, my brothers told me 8 years ago that it is a nice distro. At that time there was no Ubuntu. But I really like the "testing" version of Debian which is always quite actual AND stable. I prefer this to making every six months a dist upgrade.

c1rcu17: What's in /var/log/moblock-control.log when you do a "update"? I can only see that the update failed and that because of this you don't have the /etc/moblock/guarding.p2p.

dodoalien: I'm glad that everything is working now, you made me think that I released a buggy package ;-)

daradib: I had a quick look at the wiki although I didn't read it in depth, very nice - like its sources ;-)
- the test function should not have any problems any more (except when you 're reloading moblock at the same time)
- I missed a hint to turn off the daily update (via moblock.conf)
- it's not that important, but I'm the new maintainer of moblock-deb.sf.net, clessing unfortunately hasn't enough time now.

quixotic-cynic: daradib basically said everything: you just have to change the first line in moblock-0.8/debian/changelog and your package will have a new name.

Ok, thanks. I can do it now I think.

The source diff is created automatically when I do the compiling (everything is done by pbuilder/pdebuilder, dupload and debarchiver). Have a look at the script that I use to make the packages, to get an idea why I won't create this manually: http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/stuff/admin/moblock-deb-packager.sh?view=log

I understood why you didn't want to make .debs by hand, but didn't realise that the source files/packages where so difficult to create/customise.

OFFTOPIC discussion: I run Debian because, hmm, my brothers told me 8 years ago that it is a nice distro. At that time there was no Ubuntu. But I really like the "testing" version of Debian which is always quite actual AND stable. I prefer this to making every six months a dist upgrade.

Thanks. I could ask more Qs but since it is so O-T I will go and do some research myself now I think.

daradib: I had a quick look at the wiki although I didn't read it in depth, very nice - like its sources ;-)
- the test function should not have any problems any more (except when you 're reloading moblock at the same time)
- I missed a hint to turn off the daily update (via moblock.conf)
- it's not that important, but I'm the new maintainer of moblock-deb.sf.net, clessing unfortunately hasn't enough time now.

Thanks. I had a problem with the test function before (when I was using 0.8-21 on Gutsy 64-bit), but I don't have that issue with the new 0.8-26 Gutsy 64-bit package. I will keep that the text "The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time)." just to be sure, especially since there is no new Ubuntu Feisty 64-bit package.

I fixed everything else.

I also made a link to this thread under Further Reading. Should I point the link to the Linux forum of phoenixlabs.org instead?

Hi Guys.Girls,

Here´s the continuation of my Linux adventures of last week.:lolflag:

Recollection of the events: Moblock blocked all google, Yahoo traffic and through too much fiddling I lost Kubuntu, one of my quintuple boots.

After more fiddling I also lost PcLinuxOS.:mad:

Had to take a break and today re-installed PcLinuxOs and then Linux MInt. Installed Moblock, inserted Google and Yahoo in Ip_Remove and Bob´s your uncle.:popcorn:

Thanks to all for your help.

Hi,

I don't use any LAN, WAN, or want to broadcast anything out side my one non modem to pc setup, soo beacuse of this i use the blocklists IANA, non-LAN ect..

everyone will probpley know if your using these, it tends to block an IANA hit every minute or in my case ever 2 seconds, this i don't mind btw, its doing its job.

question is, how to i stop the IANA activity happerning in the first place?
has it got anything to do with my modem with dhpc trying to assisign more IP's were there is no network, or is it sometinhg to do with requesting broadcasting from DNS?

or am i completey off the mark, if soo, throw me a bone here!

:) ta

I also made a link to this thread under Further Reading. Should I point the link to the Linux forum of phoenixlabs.org instead?
Well for Ubuntu this here is a good place. Currently there's much more posting here then at phoenixlabs.
For general improvement discussions phoenixlabs is the better place

belgofac117, glad that everything is running now. I'm sure you learned much ;-)

gav616, I don't understand what you use the network for. If you don't do it then jsut try "/etc/init.d/networking stop".

jre

eith@ubuntudesktop:~$ tail -f /var/log/moblock-control.log
Updating blocklists ...
Updating ads-trackers-and-bad-pr0n.gz * .
Updating bogon.gz * .
Updating dshield.gz * .
Updating hijacked.gz * .
Updating iana-multicast.gz * .
Updating iana-private.gz * .
Updating iana-reserved.gz * .
Updating level1.gz * .
Updating level2.gz


This all I am getting. It doesn't get past the updating phrase. I have even restarted the PC and it still sticks here. Any suggestions???

Moblock is running fine in Mint Cassandra but I am having trouble with Firehol. Installed Firehol as per page 1 but refuses to start.

My question:

1. With Moblock installed, why is it still so important to have a Firewall installed?

2. Is it not possible to block everything, including all ports
in Moblock?

3. Why is Firestarter working with Moblock in Ubuntu 6.10 but cannot work in higher versions?

The only thing I want to do is browse a bit with Firefox on the web without my pc getting scanned by unwanted organisations.

just a little tip for anyone having problems. I have gutsy and the newest moblock

It always said I failed the test when running sudo moblock-control test At times it gave messages saying it loaded 0 ranges etc.. and it never blocked a thing. The solution it so remove the iptables package which removes mobock. After this reinstall moblock. When removing iptables I would suggest purging the config files by using the "completely remove" option in synaptic as opposed to just regular uninstall.

It still fails the test but watching the tail on the logfile and trying to browse known blocked sites I can tell its blocking it

question is, how to i stop the IANA activity happening in the first place? has it got anything to do with my modem with dhpc trying to assisign more IP's were there is no network, or is it something to do with requesting broadcasting from DNS? or am i completely off the mark, if so, throw me a bone here!

I can probably help with this but some more details would be useful. The most useful information is what IP or IP block range is being hit. Also useful would be exactly what your modem is (DSL Modem/Router?). Does your router have NAT translation and/or a firewall?

If others are connected to the router (probably not, from your description) you can get hits from broadcasts, or netbios, etc. With a router by itself and no other PCs connected then you can be getting hits from outside. Some people do not configure their NAT router properly (or disable the NAT function) and broadcast their own computer's local IP across the internet (esp. with bittorrent/p2p) and thus this shows up as blocks on your log if you run one of the applications.

If that is what is causing it, it is nothing to worry about (for you anyway, not so sure about the people you are blocking).

There can be other causes too (some people IP spoof in the IANA ranges, or use an IP outside of conventional ranges, etc)

With Moblock installed, why is it still so important to have a Firewall installed?

Type netstat -l in a terminal and look in the "Active Internet connections" section. localhost:???? entries only pay attention to packets from somewhere else on your pc (iirc) and thus are not a risk. Entries such as *:8342 indicate a server running on your pc. If the server is up to date and no vulnerabilities exist on it then anyone connecting to that server cannot do any damage, if not, then your pc is has a security vulnerability that can be exploited unless you have a firewall that does not permit packets on that port.

So, run netstat -l ... and if you don't have any *:port entries then you don't have anything to worry about (remember running or installing software may change this). If you do, then you may want a firewall to block the ports. If you have a NAT router to access the internet then you don't have to worry (except where you have forwarded ports or disabled the NAT function) since it acts as a firewall for inbound connections.

To sum up, Moblock filters based on IP but to be secure from the above (real) risks then you need to filter by destination port on incoming connections too.

Is it not possible to block everything, including all ports in Moblock?

Not afaik.

Why is Firestarter working with Moblock in Ubuntu 6.10 but cannot work in higher versions?

I was unaware that it could - but then, I'm not sure I used both together in 6.10. If you want a firewall you can set moblock and then edit the iptables file to put in the port blocks. Takes a little more effort than firestarter but on the other hand you learn how firestarter actually works then. I guess you have to decide whether it is worth the effort of learning something new.

The only thing I want to do is browse a bit with Firefox on the web without my pc getting scanned by unwanted organisations.

Organisations can't "scan you" as such - they need you to initiate a connection to their web server to learn anything about you (Firefox doesn't act as a server - i.e. doesn't open a *:80 server on your pc or anything). You could use moblock to avoid connecting to sites that you don't want to connect to but there are better ways of protecting your 'privacy' online...

Privoxy with +hide-accept-language{block}, +hide-forwarded-for-headers, +hide-from-header{block}, +hide-if-modified-since{-1}, +hide-referrer{conditional-block}, +hide-user-agent{whatever you want here}, +crunch-incoming-cookies and +crunch-outgoing-cookies would be a good start. (You add exceptions for trusted sites by editing user.action through http://config.privoxy.org/show-status).

You can also achieve most of this with a decent firefox config.

I wish everyone hid their user agent and then web site designers would have no idea which browser to design for and would have to make their page *shock/horror* standards compliant, instead of the infuriating "We are sorry but this website has been designed to function on Microsoft Internet Explorer please download the latest version from...". It's better than it used to be with FFx near 15% but it is still there for lesser-known browsers. Do they really have a right to tell us what browser we should be using?

*looks up* oopsie... >.< *rant ends*

Anyway, I hope that helps a bit. :)

So I'm having a problem with moblock. I have it installed with no other firewall software. I would like to run firestarter with it (wikki addition?) but I can mess with that later. I have moblock running with the lists updated. When i test moblock, it always fails. here is my moblock config file.

# moblock-control configuration file

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"


################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

# Define which traffic shall be sent to NFQUEUE (if it is sent there).
# 0 - All traffic
# 1 - Only NEW traffic
IPTABLES_STATE="1"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_TCP_OUT="http https"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist
# Seperate lines with a semicolon. The example will delete lines that contain
# either "Bogon", "General Electric Company" or "4.2.162.144-4.2.162.151"
#IP_REMOVE="Bogon;General Electric Company;4.2.162.144-4.2.162.151"

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0

I need to know if i need to change something. I'm still new to Ubuntu, and I don't know anything about the iptables stuff. Like I said, moblock test keeps failing, and I don't know what to do. Thanks for your help!

I would like to run firestarter with it
Can't be done. Sorry.
btw, please post logs, config files etc within "code" tags, because "quote" doesn't have a scrollbar, and that makes some very long posts, depending on the size of the output.

Restart moblock, "test" it, and post "tail /var/log/moblock.log" for us.

Ok, I restarted moblock, still failed the test. When I did the "tail /var/log/moblock.log" I got, Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: (050501) HTTP Probe 1593
Skipping useless range: (050501) HTTP Probe 1672
Skipping useless range: (050501) HTTP Probe 1596
Skipping useless range: (050501) HTTP Probe 1669
Skipping useless range: (050501) HTTP Probe 1668
Ranges loaded: 2988
Merged ranges: 1
Skipped useless ranges: 134

I posted this in another thread, but I may get a better reply here. Sorry if this has been asked here already, but this is a huge thread....

So I have moblock installed and running on my install of Xubuntu Gusty. While browsing with firefox, most (if not all) site take a very long time to load and some don't load at all. When I disable moblock (moblock-control stop) pages immediately load normally. My output file looks odd:


~$ tail /var/log/moblock.log
Blocked OUT: AltaVista Company,hits: 2,DST: 209.73.188.78
Blocked OUT: AltaVista Company,hits: 3,DST: 209.73.188.78
Blocked OUT: AltaVista Company,hits: 4,DST: 209.73.188.78
Blocked OUT: AltaVista Company,hits: 5,DST: 209.73.188.78
Blocked OUT: Google Inc,hits: 1,DST: 64.233.165.147
Blocked OUT: Google Inc,hits: 2,DST: 64.233.165.147
Blocked OUT: Google Inc,hits: 3,DST: 64.233.165.147
Blocked OUT: Google Inc,hits: 4,DST: 64.233.165.147
Blocked OUT: Google Inc,hits: 5,DST: 64.233.165.147



I can post more outputs if needed. Is there a fix for this?

Hello ladies and gentlemen!

I'm using moblock on my ubuntu router / server. I installed moblock in order to protect myself while doing certain activities...

I also host a plethera of services that need to be accessable from the outside world, many of these taking up port ranges of like 2000-2050. I need to tell moblock to allow (whitelist) all of these ports, and entering them in one by one is quite time consuming (about 10 ranges of 20-30 ports), but I guess it can be done. Is there a way to specify port ranges for the whitelist?

Also, is there a way to whitelist all forwarded traffic through moblock? I don't need moblock for the LAN since any sensitive data is port forwarded to the server, and it would make configuration of moblock a lot easier.

Thanks!

Problem solved, I had missed the part in the initial post about editing the moblock.conf file...

So can someone recommend an easy to use firewall that will work with moblock? I had been using firestarter since I switched to linux because of how nice it was, but now I'm not sure what will work and what won't.

I also host a plethera of services that need to be accessable from the outside world, many of these taking up port ranges of like 2000-2050. I need to tell moblock to allow (whitelist) all of these ports, and entering them in one by one is quite time consuming (about 10 ranges of 20-30 ports), but I guess it can be done. Is there a way to specify port ranges for the whitelist?
I find it easier to use firehol to do this kind of magic with moblock. moblock-control was never meant to do anything else than basic iptables stuff to redirect traffic to NFQUEUE really.

So can someone recommend an easy to use firewall that will work with moblock? I had been using firestarter since I switched to linux because of how nice it was, but now I'm not sure what will work and what won't.

You need a firewall that can send packets that pass the firewall rule to the mechanism that moblock uses to filter the packets. Firestarter is essentially a front end to the iptables firewall - unfortunately it ignores the modification of the iptables file by moblock and just overwrites it so that any ok-d packets go straight to your system.

If you cant find a front-end that does not bulldoze all of your current iptables set up when it runs, you would have to use iptables directly.

About 10 pages ago there was someone trying to do this and the comments there may help.

I'm using Gutsy (7.10), and I have followed your directions (pertinent to this version) to the letter. I had attempted to use MoBlock with feisty previously, but it didn't work for me. When I type "moblock" into command line, I receive a message along the lines of
" Moblock 0.8 by Morpheus
Syntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>"

This is followed by various command line options which I will not bother typing out right now.

I was simply wondering if I have (based on this limited information) appeared to have installed MoBlock correctly. Thanks for the help!

Ok, I typed "moblock-control reload", followed by "moblock-control test". This seems to have worked. Sorry about the unnecessary posts.

Sorry. Last one, I promise.

I've noticed that my email client no longer functions, and I can no longer connect to search engines such as google or yahoo. Does anyone know how to fix this? Thanks for the help.

Found my answer on page 76 of the very same thread. I'm sorry. Maybe I'll learn to be intelligent next time I have a problem arise. Carry on.

I also host a plethera of services that need to be accessable from the outside world, many of these taking up port ranges of like 2000-2050. I need to tell moblock to allow (whitelist) all of these ports, and entering them in one by one is quite time consuming (about 10 ranges of 20-30 ports), but I guess it can be done. Is there a way to specify port ranges for the whitelist?
Port ranges are specified in the format "port:port" (just added to the documentation, thx). [EDIT:I still hate the automatic smiley conversion. The above means "port : port" - but without the spaces.]
So for example:
WHITE_TCP_IN="2000:2050 3000:3050"

Also, is there a way to whitelist all forwarded traffic through moblock?
You'd have to edit /usr/bin/moblock-control and remove the lines regarding FORWARD (that is those that contain "$NAME\_fw ").

This all I am getting. It doesn't get past the updating phrase. I have even restarted the PC and it still sticks here. Any suggestions???
I don't know why you can't download the level2.
Is your harddisk on path /var/spool/moblock/ full?
What happens if you comment (#) the line with level2 in /etc/moblock/blocklists.list?

Ok, I restarted moblock, still failed the test. When I did the "tail /var/log/moblock.log" I got,
There should be a line NFQUEUE: binding to queue '0'.
No idea why this doesn't happen.
Is your whole system up to date?
Can you post (as CODE) your "moblock-control status" and "tail /var/log/moblock-control.log"?

I'm having problems similar to c1rcu17. Moblock-control test always fails (uses 3.0.0.0 as the test ip). I'm running Ubuntu Gutsy, all updates applied. Moblock worked fine for me in Feisty. I went as far as to uninstall Firestarter and uninstall/reinstall both iptables and moblock-nfq. I'm no iptables expert but at a glance everything looks correct.


/var/log/moblock-control.log (just last update):

2007-10-22 11:25:07 PM AKDT Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating level1.gz * .
Updating level2.gz * . No update available.
Updating ads-trackers-and-bad-pr0n.gz * . No update available.
Updating bogon.gz * . No update available.
Updating dshield.gz * . No update available.
Updating hijacked.gz * . No update available.
Updating iana-multicast.gz * . No update available.
Updating iana-private.gz * . No update available.
Updating iana-reserved.gz * . No update available.
Updating Microsoft.gz * . No update available.
Updating rangetest.gz * . No update available.
Updating spider.gz * . No update available.
Updating spyware.gz * . No update available.
Updating templist.gz * . No update available.
Updating trojan.gz * . No update available.
* Blocklists updated.
Building blocklist ...done.
Installing blocklist to /etc/moblock/guarding.p2p ...done.
Reloading MoBlockWarning! Empty blocklist, nothing to clear!
...done.
2007-10-22 11:26:49 PM AKDT End: /usr/bin/moblock-control update
2007-10-22 11:32:56 PM AKDT Begin: /usr/bin/moblock-control reload
Building blocklist ...done.
Installing blocklist to /etc/moblock/guarding.p2p ...done.
Reloading MoBlockWarning! Empty blocklist, nothing to clear!
...done.
2007-10-22 11:32:58 PM AKDT End: /usr/bin/moblock-control reload
2007-10-22 11:33:02 PM AKDT Begin: /usr/bin/moblock-control restart
Deleting iptables ...done.
Stopping MoBlock* Ranges loaded: 246121
* Ranges loaded: 246518
* Ranges loaded: 246518
...done.
Inserting iptables ...done.
Starting MoBlock ...done.
2007-10-22 11:33:10 PM AKDT End: /usr/bin/moblock-control restart
* Logging to /var/log/moblock.log
* Ranges loaded: 246518
* Using .p2p file format
* Merged ranges: 304
* Skipped useless ranges: 6563


head /var/log/moblock.log (cleared, and then moblock-control reload)

NFQUEUE: binding to queue '0'

Got SIGHUP! Dumping and resetting stats, reloading blocklist


Then there's lots of Skipping useless ranges and duplicate range lines...I'm assuming that's normal.

tail /var/log/moblock.log (after moblock-control test):

Skipping useless range: (050409) W32.Gaobot 1434
Skipping useless range: (050429) W32.Spybot 1433
Skipping useless range: (050510) VRML 4200
Skipping useless range: (050507) W32.Spybot 1433 6000
Skipping useless range: (050327) W32.Spybot 1433
Skipping useless range: (050309) W32.Rahack 4899
Skipping useless range: (050428) W32.Spybot 1433 6000
Skipping useless range: (050412) W32.Rahack 4899
Skipping useless range: (050326) Unassigned 33437
Ranges loaded: 246518


Iptables:

Current iptables rules (this may take awhile):

Chain INPUT (policy DROP)
target prot opt source destination
RETURN 0 -- anywhere anywhere
ACCEPT tcp -- 192.168.0.1 anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 192.168.0.1 anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP 0 -- anywhere 255.255.255.255
DROP 0 -- anywhere 192.168.0.127
DROP 0 -- 224.0.0.0/8 anywhere
DROP 0 -- anywhere 224.0.0.0/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Input'
moblock_in 0 -- anywhere anywhere state NEW

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Forward'
moblock_fw 0 -- anywhere anywhere state NEW

Chain OUTPUT (policy DROP)
target prot opt source destination
RETURN 0 -- anywhere anywhere
ACCEPT tcp -- hungary 192.168.0.1 tcp dpt:domain
ACCEPT udp -- hungary 192.168.0.1 udp dpt:domain
ACCEPT 0 -- anywhere anywhere
DROP 0 -- 224.0.0.0/8 anywhere
DROP 0 -- anywhere 224.0.0.0/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
OUTBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Output'
moblock_out 0 -- anywhere anywhere state NEW

Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- 192.168.0.27 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:53886
ACCEPT udp -- anywhere anywhere udp dpt:53886
ACCEPT tcp -- anywhere anywhere tcp dpt:53885
ACCEPT udp -- anywhere anywhere udp dpt:53885
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT udp -- anywhere anywhere udp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:5901
ACCEPT udp -- anywhere anywhere udp dpt:5901
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:6964
ACCEPT udp -- anywhere anywhere udp dpt:6964
ACCEPT tcp -- anywhere anywhere tcp dpts:49152:60000
ACCEPT udp -- anywhere anywhere udp dpts:49152:60000
LSI 0 -- anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP 0 -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain moblock_fw (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_in (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_out (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 7725.


I've looked around this thread for a few hours and tried all the solutions that seemed applicable, but I apologize if I missed something. Let me know if you need anything else, and thanks.

Edit:
I should add that I can't ping 3.0.0.0 anyway, but I can ping some of the other IPs listed in the blocklist. Does moblock-control test just tested to makes sure the outgoing ping was blocked?

You need a firewall that can send packets that pass the firewall rule to the mechanism that moblock uses to filter the packets. Firestarter is essentially a front end to the iptables firewall - unfortunately it ignores the modification of the iptables file by moblock and just overwrites it so that any ok-d packets go straight to your system.

If you cant find a front-end that does not bulldoze all of your current iptables set up when it runs, you would have to use iptables directly.

About 10 pages ago there was someone trying to do this and the comments there may help.

How about this firewall script:


#!/bin/sh
#
# A simple firewall initialization script
#
WHITELIST=/etc/whitelist.txt
BLACKLIST=/etc/blacklist.txt
IFACE=eth+
ALLOWED="22"

#
# Drop all existing firewall rules
#
# iptables -F

#
# First, run through $WHITELIST, accepting all traffic from the hosts and networks contained therein.
for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
done

#
# Now run through $BLACKLIST, dropping all traffic from the hosts and networks contained therein.
#
for x in `grep -v ^# $BLACKLIST | awk ' {print $1}'`; do
echo "Blocking $x..."
iptables -A INPUT -i $IFACE -t filter -s $x -j DROP
done

#
# Next, the permitted ports: What will we accept from hosts not appearing on the blacklist?
#
for port in $ALLOWED; do
echo "Accepting port $port..."
iptables -A INPUT -i $IFACE -t filter -p tcp --dport $port -j ACCEPT
done

#
# Finally, unless it's mentioned above, and it's an inbound startup request, just drop it.
#
# iptables -A INPUT -i $IFACE -t filter -p tcp --syn -j DROP

# Drop all ping requests
iptables -A INPUT -i $IFACE -p icmp --icmp-type ping -j DROP

That goes in /etc/init.d/firewall

Will that work with moblock?

Ok, some progress here. If your moblock-control test is failing, it might be due to an incompatibility in your iptables settings.

If you're behind a router with a firewall and have that protection, try reseting iptables (allowing all connections).

You can try save your iptables with:

iptables-save > iptables.backup


and then reset iptables:

iptables -R
iptables -t nat -F
iptables -t mangle -F
iptables -X


Then try restarting moblock:

moblock-control restart


and see if "NFQUEUE: binding to queue '0'" shows up in moblock.log

tail /var/log/moblock.log


If it doesn't work, you can restore your old iptables settings from your backup like so:

iptables-restore < iptables.backup


This worked for me. Once you clear out your iptables settings, you can set up your new configuration and save your final settings to a backup file...

Some helpful sites:
Thread tutorial (http://forums.pcper.com/showthread.php?t=432469)
IPTablesRocks.org (http://www.iptablesrocks.org)

im wondering, if i wanted to go back to using the 0.8.10 is there any reason why i shouldnt do that? will it not work in gutsy for example?

the reason im asking is that 0.8.10 always worked perfectly
while 0.8-26 amd64 by daradib does not. what happened this morning was that for some reason moblock hadnt been able to download level1, if this happened with htte old version moblock would just use the old level1 already on harddisk, but this didnt, it completely ignored level1 and i was left for hours with a blocklist containing some 60 000 entries instead of the normal 224 000 or so

so can i go back to useing the old version, of so how do i uninstall the previous version properly without fcking up iptables or whatever?

or is there something i can do to fix the current version

thanks

jamesford, I'm working on fixing this. Until then you can just "purge" the current version and install the old one or (recommended) just put a "notimestamp" before the entries in your blocklists.list.

Gutsy users with problems, please try a newer version (for example "test" was fixed in 0.8-25). Since I can't build the packages for gutsy currently you have to build your own packages. Just use this in your /etc/apt/sources.list:
deb-src http://moblock-deb.sourceforge.net/debian sid main and compile your own package as described on http://moblock-deb.sourceforge.net/.
Current user-built packages for gutsy and/or amd64 are always welcome and will be published.
Sorry that I can't answer you correctly at the moment ...

greets
jre

are the problems solved if i build my own packages? or do they only exist in the readymade debs?

Alright, I have moblock working fine but I still have no firewall and this troubles me a bit (tho I do have a router with a hardware firewall so I'm not hanging in the breeze). I'm going to uninstall moblock and start using the blocklist feature in Deluge (it looks like it was just added as a plugin). Ktorrent users can also use a blocklist updater.

Alright, I have moblock working fine but I still have no firewall and this troubles me a bit (tho I do have a router with a hardware firewall so I'm not hanging in the breeze). I'm going to uninstall moblock and start using the blocklist feature in Deluge (it looks like it was just added as a plugin). Ktorrent users can also use a blocklist updater.

BTW, I would consider a software firewall on my computer redundant when I have a firewall in my router, but that's just my opinion.

are the problems solved if i build my own packages? or do they only exist in the readymade debs?

Problem with test was fixed in 0.8-25.

One problem with gutsy and the current kernel was fixed in 0.8-26.

I can't comment just now on possible other problems with gutsy, you have to try ...

It would be very appreciated if someone made new packages for amd64 (every distribution) and i386 (gutsy).

greets
jre

ill make amd64 debs for gutsy when i get the time to do so, probably this weekend

I'm going to uninstall moblock and start using the blocklist feature in Deluge (it looks like it was just added as a plugin). Ktorrent users can also use a blocklist updater.

Darganot, I looked over your firewall code above. It doesn't look quite right to me - i'm not sure that ACCEPT was the right thing to use. That said, editing iptables by hand is beyond me at present so I am afraid I can't really help much.

The Ktorrent and Deluge blocklists both worked rubbish for me, and are much less customisable (I tried KTorrent and use Deluge). Overall I found moblock to be the best solution. Good luck, however; if you can get one or the other to work fast enough then that would be good.

It would be very appreciated if someone made new packages for amd64 (every distribution) and i386 (gutsy).

Well, here's updated gutsy i386 packages (built from feisty source).

Darganot, I looked over your firewall code above. It doesn't look quite right to me - i'm not sure that ACCEPT was the right thing to use.
Darganot, quixotic-cynic is right.
[EDIT: Removed wrong advice, see my next post.]
Note that i did no complete check of your script.

I should add that I can't ping 3.0.0.0 anyway, but I can ping some of the other IPs listed in the blocklist.
That should be fixed with [Edit: EDIT: Removed wrong advice, see my next post.]

I just changed the "test" to tell you if the ping was unsuccessful (good) but the test IP is not in moblock.log (bad) that you might have filtered it with your firewall.

Does moblock-control test just tested to makes sure the outgoing ping was blocked?
Yes.

All in all, as I see it now there are no problems with moblock and gutsy. These are "only" problems of integrating moblock with an custom firewall.

The version to fix the update problem and with improved "test" will be released soon (TM).

greets
jre

ill make amd64 debs for gutsy when i get the time to do so, probably this weekend

Actually, you can already get the amd64 gutsy deb. It is here (http://moblock-deb.sourceforge.net/moblock-nfq_0.8-26+gutsy_amd64.deb).

But 0.8-26 deb packages for other Ubuntu 64-bit releases would be nice. Maybe I'll try to set up pbuilder.

Updated the MoBlock Ubuntu Community Documentation (https://help.ubuntu.com/community/MoBlock) to include link to Ubuntu 7.10 32-bit package.

Maybe I'll try to set up pbuilder.
pbuilder is really nice! this is some further reading if you're interested;
http://ubuntuforums.org/showthread.php?t=206382

I usually add the source repos and "apt-get source <packagename>" or use dget on the actual location of the .dsc from a repository to down load the source.
If i need to make an adjustment (like with the feisty -> gutsy package) i "dpkg-source - x <package>.dsc", and edit the changelog in the "debian" directory of the source.
If i made some adjustment (and therefore adjusted the changelog), i just "dpkg-source -b <new_package_folder>" and i get a new .dsc complete with diff.
Finally, i just "sudo pbuilder build <package>.dsc".

Darganot, quixotic-cynic is right, use RETURN instead of ACCEPT if you want this traffic to be checked by moblock. Then, if you start moblock after your script, everything should work. Note that i did no complete check of your script.
Daradib/AKShane: D'oh (once again), not RETURN but send traffic to moblock_in (from INPUT) or moblock_out/_fw instead of ACCEPT if you want it to be checked by MoBlock.
Also, start MoBlock BEFORE your script with option
IPTABLES_ACTIVATION="0"

jre

i compliled these just now on gutsy64 following the instructions here http://moblock-deb.sourceforge.net/

i made this little thing for myself, i dont know if anyone can use it but what it does is it loads a terminal in the systray when the computer starts with 2 tabs, tab1 shows the output of the log (i.e. what is being blocked) the other tab shows the moblock-control log, which dispalys info about recent updates, how many ranges loaded etc. i find it a bit useful

you need to install alltray for this to work and also edit the icon path to point to an icon of your choice

alltray -i /path/to/prefered/icon.png "gnome-terminal --tab --active --title=molog --command='tail -f /var/log/moblock.log' --tab --title=moblock-control --command='tail -f --lines=99 /var/log/moblock-control.log'" &

add this to your startup

I'm stuck with the new version. I figured out how to make firefox work by whitelisting http(s), but how to do I whitelist say a company name, like you used to with the old version? (e.g. I want to be able to connect to any I.P. belonging to say... Blizzard Entertainment... so I can connect to WoW even if Moblock is on.).

I tried to modify /etc/moblock/moblock.conf and adding Blizzard Entertainment to the 'Remove lines from the blocklist' section. That didn't seem to work at all. Is there any other way to simply white list the company name?

Edit:
I've managed to get firefox working without whitelisting http(s) now by commenting out the spiders list. yay.

I still can't seem to get World of Warcraft working without turning off moblock. It's like the IP_REMOVE= does absolutely nothing. even rebooted, and ran the moblock-control reload as well. Still nothing, have to turn it off while running WoW. I'm using the most up to date Gutsy, and Moblock.

quick question:
is it safe to remove moblock-nfq from /etc/cron.daily and place it elsewhere so that it can be run via crontab at a more convenient time, or does it have to be in /etc/cron.daily for moblock to function properly?

@oni: A
diff /etc/moblock/guarding.p2p /etc/moblock/guarding.p2p.backup
will show you if your blocklist was modified by the IP remove entry (First remove all your entries, then make a "reload", then insert your entries, make a "reload" again and then the diff).

Please tell us the version number and not "the most up to date Gutsy". As you can see on the previous pages I have problems with creating Gutsy packages and so they have to be built manualyy/downloaded from other users.

quick question:
is it safe to remove moblock-nfq from /etc/cron.daily and place it elsewhere so that it can be run via crontab at a more convenient time, or does it have to be in /etc/cron.daily for moblock to function properly?
Yes.

@oni: A
diff /etc/moblock/guarding.p2p /etc/moblock/guarding.p2p.backup
will show you if your blocklist was modified by the IP remove entry (First remove all your entries, then make a "reload", then insert your entries, make a "reload" again and then the diff).

Please tell us the version number and not "the most up to date Gutsy". As you can see on the previous pages I have problems with creating Gutsy packages and so they have to be built manualyy/downloaded from other users.

quick question:
is it safe to remove moblock-nfq from /etc/cron.daily and place it elsewhere so that it can be run via crontab at a more convenient time, or does it have to be in /etc/cron.daily for moblock to function properly?
It's safe to remove.

I just upgraded the old Moblock to the newest version on Feisty. It makes Internet very slow, I can't even connect to the most common domain when it is running.
www.google.com
www.yahoo.com.

Do others experience this also?

jingo811: no i dont and i dont think most people do..cant help u with why u have this problem though. im sure some of the other guys will when they see your message

I did these commands in order to start from scratch.

$sudo apt-get remove moblock-nfq
$sudo apt-get autoremove

Then I tested to see if there where some traces left. And it seems like it's clean.

$sudo moblock-control test
sudo: moblock-control: command not found

Then I install like usual.
$gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
$gpg --export --armor 9072870B | sudo apt-key add -

Did the repository thing. Then installed the program.
$sudo apt-get install moblock-nfq

Then tested it.
$moblock-control test
Testing MoBlock: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
* MoBlock blocked the IP. Test succeeded.

Tried to surf to www.google.com in Firefox it's totally blocked :(


PS.
Does anybody else use Compiz Fusion with a working MoBlock on their Feisty?

It works perfectly in 7.04, but after I've upgraded to Gusty, it starting to block all my google.com traffics!!
:(
---

PS. The download link of "moblock-nfq_0.8-26+gutsy_i386.deb" is actually pointing to "moblock-nfq_0.8-26+gutsy_amd64.deb"


^^^^^^^^^^^^^^^^^^^^^^

Thanks! Problems solved (yes, just whitelist it)

Page 76 #753 (http://ubuntuforums.org/showpost.php?p=3528634&postcount=753) and #756 (http://ubuntuforums.org/showpost.php?p=3530638&postcount=756) is very helpful!

Oh crap! Thanks for the heads up...

you need to whitelist. All blocklists are used by default, and that means block pretty much everything....

yeha when i installed moblock on gutsy i could not longer enter a webpage... i mean no one.. it was like everything got on in slow motion, When i tried to access demonoid i just saw the demonoid marker were you write http address... but was loading forever... so i uninstall it... and tried with Ipblock same problem there.

Oh crap! Thanks for the heads up...

you need to whitelist. All blocklists are used by default, and that means block pretty much everything....

It worked now I can reach google and ubuntuforums with MoBlock turned on.
But is this the same as not having MoBlock running?
In what way is opening up port 80 and 443 to all traffic bad for me the user?

Hello,

Yes after a fresh install of moblock all the ports are blocked by default.
So just refer to the first post of this thread and look at the section "Some applications can't connect to the internet any more!".


Opening tpc out ports for http and or https is not so dangerous.
And p2p applications uses others ports which remains blocked by moblock.


Thank you,
sloter

I think the issue is that there is the potential for another p2p peer/client to connect to you on an unblocked port, like port 80 and therefore bypass MoBlock.

is there any way to get the system mail moblock sends when updating to include whats been updated, how big files, how many total blocked ranges etc ? i miss that from previous versions. alternatively, how do i get it to send no email at all, since currently the info it sends is useless and annoying ?

When I try to install Moblock as described i get an error:apt-get install moblock-nfq
[...]
Richte moblock-nfq ein (0.8-26+etch) ...
Starting MoBlockinvoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: Fehler beim Bearbeiten von moblock-nfq (--configure):
Unterprozess post-installation script gab den Fehlerwert 170 zurück

I have no idea what causes this error. Any Ideas?

Hello,

Yes after a fresh install of moblock all the ports are blocked by default.
So just refer to the first post of this thread and look at the section "Some applications can't connect to the internet any more!".


Opening tpc out ports for http and or https is not so dangerous.
And p2p applications uses others ports which remains blocked by moblock.


Thank you,
sloter

I've double checked my "/etc/moblock/MoBlock-nfq.sh"

and made sure that http, https, 1863 (for msn messenger) are all in my white list as follows:


WHITE_TCP_IN="http https 1863"
WHITE_TCP_OUT="http https 1863"

But the newer version of moblock installed in my 7.10 Gusty seems to ignore these settings? it used to work properly in my previous 7.04 Feisty.

=== Problem Solved ===

I think I've double checked almost everything except carefully reading the very first post of this thread :

The actual "TCP Port's White List" settings should be located in /etc/moblock/moblock.conf and NOT "/etc/moblock/MoBlock-nfq.sh" like it used to work in the earlier versions.

I don't know, maybe that's my fault, but moblock on gutsy make me feel noob. I'm just keeping on trying to make it work, and it keeps to fail. When I update, the /etc/moblock/guarding.p2p remain empty, so the tests fail, and it seems not to be under my comand, well, everything I do, it seems useless.
I don't know why I can't update the list, /etc/moblock/blocklist.list is full of adress, but the update keeps on fail, because that ******** file remain empty. Any idea? iplist was rubbish, I don't want to change software...
Please, help.

You did notice that the latest version 0.8-26 never got onto the repositories, right? You have to manually install it (the deb is in the HOWTO).

Try 1;
However, i just did a fresh install of 0.8-26, and according to the moblock-control log, "updating" level1 never completed, so i had to kill the update script (ctrl-c).

Try2;
After that, i ran an update manually, and it succeeded, without problems. The strange thing is, the log said level1 didn't have to be updated, and sure enough it was complete from the first run, even though that time it "froze" there...

Try3;
It got stuck on "updating" level1 this time as well. I tried changing level1 to notimestamp in blocklists.list, but that only made it freeze on "downloading" level1 instead of "updating" it...

@ jre
It would seem a timeout would be preferable in the function that download individual blocklists. I also think a flat text file log report on what *was* updated vs. what lists were kept as they were and when this happened would be in order...

@ everyone
You can, however download the blocklist(s) you miss manually from the URLs in /var/moblock/blocklists.list, and then move them to /var/spool/moblock as a temporary measure. Then just use
moblock-control reload to generate a new guarding.p2p
Still, even if you download the lists manually, moblock uses the uncommented URLs in blocklists.list to also single out what files should be used (like level1 etc) when building the guarding.p2p.

It worked now I can reach google and ubuntuforums with MoBlock turned on.
But is this the same as not having MoBlock running?
In what way is opening up port 80 and 443 to all traffic bad for me the user?

Find my first post to this thread (probably using search) and then read the next few pages. Hopefully that can give you your answer.

=== Problem Solved ===

I think I've double checked almost everything except carefully reading the very first post of this thread :

The actual "TCP Port's White List" settings should be located in /etc/moblock/moblock.conf and NOT "/etc/moblock/MoBlock-nfq.sh" like it used to work in the earlier versions.

Thanks, you solved my problem with MSN that kept me from using Moblock!

First off, thanks for this! MoBlock is superawesome, nice job. But I've got an issue.

and made sure that http, https, 1863 (for msn messenger) are all in my white list as follows:


WHITE_TCP_IN="http https 1863"
WHITE_TCP_OUT="http https 1863"
I was sure that this would solve my problem, but it did not. I can't connect to MSN anymore, I'm using Pidgin for that. Do I have to enable something else? I'm sorry but I can't read 85 pages right now...I hope somebody can help me, thanks!

If I stop MoBlock, I can connect to MSN via Pidgin and if I turn on MoBlock it's still connected, but that's not a long term solution...


€dit: AHA! It worked now, after I deleted the WHITE_TCP_OUT="http https 1863" and the other one I added. I just added the port 1863 to the one I had to uncomment (removing the "#") to use Firefox. So it looks like this:

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_TCP_OUT="http https 1863"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

Just installed moblock tested and it failed

Also uncommented the http from moblock.conf

I followed all the steps to get this installed properly on Gutsy I'm not sure if its at all working properly.

I'm running Gutsy as it is I haven't downloaded/installed firestarter or any firewall for that matter.

Also I know from using peerguardian you could choose from several locations to get the blocklists. Is this possible with moblock and if so were do I get a list of the locations I can get the blocklists from. Also were do I go change the location is it moblock.conf ?

:) Thanks in advance

This appears to be working great. Am I right in thinking that MSN Messenger ports only need to be opened because Microsoft stuff is banned? I mean, I don't need to open ports for IRC and wotnot, do I?

I just installed moblock on an ubuntu-server 7.10 via a ssh terminal
using "dpkg" saying couldn't complete the installation so I started "aptitude" to find out a dependency was not matched ( something like in..quue0) which I decided to install
the installation went on ...moblock update ... moblock start

and now I am kicked out of the system :-( leaving aptitude hanging (hopefully no damage)
Why is that? I'm entering via lan.

BTW: the howtos and the package you did helped me to install it at all! thanks for your effort!

just found out:
to add the lan ips in the white list
so now i can maintain the server via the lan :-)

hi to you all

is there a possibility to open a range of ports without keying every single port in the list? also to open the whole lan ips at once?

is there a possibility to use different lists for different ports?

thanx in advance

Hi if anyone could help me that be great!

I installed moblock on Xbuntu Gutsy Gibbon using your guide. However I can't get the test to work, it always says it failed. How do I fix this? Also how do I load my ipfilter.dat files into moblock? Thanks for your time!

... However I can't get the test to work, it always says it failed. How do I fix this? Also how do I load my ipfilter.dat files into moblock? ...

1st: what do you mean by failed? exactly

2nd: read first and then edit /etc/moblock/blocklists.list

First off, I were offline the last 2 weeks. Additionally I had problems with creating the repository. That's working now (never use symlinks in /etc !), even gutsy is back :-)
So at the time of writing I'm releasing 0.8-29. The major change is that *complete* downloaded lists are copied to /var/spool/moblock/used.

When I try to install Moblock as described i get an error:apt-get install moblock-nfq
[...]
Richte moblock-nfq ein (0.8-26+etch) ...
Starting MoBlockinvoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: Fehler beim Bearbeiten von moblock-nfq (--configure):
Unterprozess post-installation script gab den Fehlerwert 170 zurück

I have no idea what causes this error. Any Ideas?
170 is "missing external binary/function". Have a look at /var/log/moblock-control.log, there should be something more verbose.

It would seem a timeout would be preferable in the function that download individual blocklists.
It is: wget -T 120 (timeout 120 secs).
You really have funny update problems - if they continue with 0.8-29 please tell me.

is there any way to get the system mail moblock sends when updating to include whats been updated, how big files, how many total blocked ranges etc ? i miss that from previous versions. alternatively, how do i get it to send no email at all, since currently the info it sends is useless and annoying ?
I also think a flat text file log report on what *was* updated vs. what lists were kept as they were and when this happened would be in order...
pelle and jamesford: Even before reading this I added a warning when any update did not work (just a warning, not an error since I have the "used" dir for complete lists now).
If you want more then send me a patch ;-) To be honest I have no idea how to change this without a major restructuring of moblock-control. The text that is mailed is sent to standard output while *all the rest* is sent to the log file. Of course I might remove the logfile (I added this when wget's output was much more verbose) so that everything is mailed.
Some of the info is in /var/log/moblock-control.log. The informational point of the mail is the final "."! If it's there everything should have gone well, if not the update aborted.
I just added to my TODO:
- find a better way for the output (different verbosity levels, what is sent to the logfile, what to standard output)

is there a possibility to open a range of ports without keying every single port in the list? also to open the whole lan ips at once?
Port ranges are specified in the format "port:port" [EDIT: "p o r t : p o r t" - I hate the smiley theme] in moblock.conf
For ip ranges you can use network masks: e.g. use "192.168.178.0/255.255.255.0" for 192.168.178.0-192.168.178.255

is there a possibility to use different lists for different ports?
you might run several moblock instances. But you have to do this on your own - it's not possible by simply using the deb's.

Also how do I load my ipfilter.dat files into moblock? Thanks for your time!
ipfilter.dat has another format then the predefined lists. So ATM you can't use both at the same time!
If you want to use only ipfilter.dat then edit /etc/moblock/blocklists.list (the URL of your list) and /etc/moblock/moblock.conf (the format of your list)

jre

EDIT: Someone to post new amd64 packages?

hi jre

that is quite an update :-)

I like the keeping of the lists (in /var/spool/moblock/used)

the description of ips and ports really helped, thx.

as Im new to the moblock "thing" I will need to wrap my mind around it a little longer to figure out how it works exactlly before I can use two instances of moblock.

for now: have a nice day

PS. I deeply appreciate the efford U're all putting in this project and I really enjoy reading this threat!
(too cheesy?)

I will post packages for Ubuntu Gutsy 64-bit as soon as possible, but unfortunately my hard drive is failing me (I'm using a Windows computer to post this). Once I get set up again I will post new packages for Gutsy 64-bit. Someone else, however, may be able to post it sooner.

jre: BTW, what do you mean by "The moblock package for dapper drake is not updated since i put it here" (on the first post). Doesn't dapper drake use the etch repos which have 0.8-29, or is this referring to something else?

Also on the first post, "Dapper drake (6.04)" should be 6.06.

It's just some minor things I noticed while updating MoBlock in the Community Documentation (https://help.ubuntu.com/community/MoBlock).

jre: BTW, what do you mean by "The moblock package for dapper drake is not updated since i put it here" (on the first post). Doesn't dapper drake use the etch repos which have 0.8-29, or is this referring to something else?
Oh, you mean me i suppose ;)
That's an error on my part, from when i had those packages compiled before the repos shift and the updates from jre. I'll remove that comment...

quick question: so if i have firestarter installed, moblock won't run [properly]?

Oh, you mean me i suppose ;)
That's an error on my part, from when i had those packages compiled before the repos shift and the updates from jre. I'll remove that comment...
I think so, too ;-)
Further I think Dapper is broken the same way as Edgy (bug in lsb init function). But of course we can wait until someone confirms this.

Thanks for all feedback - that makes this work fun.

greets
jre

quick question: so if i have firestarter installed, moblock won't run [properly]?

Referring to a previous post:

You need a firewall that can send packets that pass the firewall rule to the mechanism that moblock uses to filter the packets. Firestarter is essentially a front end to the iptables firewall - unfortunately it ignores the modification of the iptables file by moblock and just overwrites it so that any ok-d packets go straight to your system.

If you cant find a front-end that does not bulldoze all of your current iptables set up when it runs, you would have to use iptables directly.

About 10 pages ago there was someone trying to do this and the comments there may help.

The bottom line is Firestarter doesn't work in conjunction with MoBlock, as far as I know, at least in Ubuntu 7.04 and above.

Caution: MoBlock doesn't behave well with most other firewalls (iptables rules). There's only a known solution for moblock in combination with firehol. You may also try iplist (http://iplist.sourceforge.net/) by uljanow (http://forums.phoenixlabs.org/member.php?u=8022).
Source: http://moblock-deb.sourceforge.net/

To fidle with the code a little to find out how it works and how to get timestamps and portnumbers logged:

I have tried to compile the moblock code but the compiler is asking for

libnetfilter_queue/libnetfilter_queue.h

do I need other headerfiles also?

and because I'm new to ubuntu (2weeks of ubuntu server) and the debian packaging I wonder where to find the headerfiles for moblock to compile and is there a rule in ubuntu where to put them?

I already had a look at the code and found some places where to put some code but any advice of you would be highly appreciated!

Thank you in advance

I suppose you use the makefile to compile, right?
All build dependencies should be installed with "apt-get build-dep moblock-nfq", and found if you use the supplied makefile i guess.

Here are the 0.8-29 amd64 packages for Gutsy. I used a live CD to do this since my hard drive has failed me.

EDIT: I have tested the nfq package on the Live CD and it does appear to work

ah then i wont have to upload those i just made myself :)

Well, if you don't mind, could you test the packages I generated? They do appear to work on the live CD, but it would be better if someone tested it on a (updated) Ubuntu Gutsy 64-bit [hard drive] installation.

I was thinking i might phase out the HOWTO by removing key parts of it (the parts already covered by the one on the wiki https://help.ubuntu.com/community/MoBlock). Just so you guys now...
I will of course keep "news" items, and links to the wiki article etc.

I suppose you use the makefile to compile, right?
All build dependencies should be installed with "apt-get build-dep moblock-nfq", and found if you use the supplied makefile i guess.

Yes I use the Makefile and your answer really helped, I got the libs and the sources and it compiled nicely.

(Sorry I should have read http://moblock-deb.sourceforge.net/, but I was and still am a little bit lost in the dir-tree and the not knowing how are things done in ubuntu/debian which is to me like a jungle)

To test one of my own betas I have to rename "moblock" to "moblock-nfq" & copy it to /usr/bin, right?

EDIT (5h later): I just did it (compile, rename & copy) and it works fine.

thank you

I just added a little bit of code into moblock.c to have the time logged too.

default format would be:
12:59:59 Blocked OUT ....

but one can also choose between:
2007-01-21 12:59:59 Blocked OUT ...
20070121 125959 Blocked OUT ...
125959 Blocked OUT ...

(format must still be chosen before compiling)

I used the latest source I got by "apt-get source moblock" so it should be new.And it works fine.

If someone is interested I could post the source code. or the compiled version as moblock-nfq (arch would be i586)

Have a nice day!

I tried to put a peerguardianlist "http://peerguardian.sourceforge.net/lists/p2p.php" into blocklist.list (that of course worked :) ) but after "moblock-control update" it crashed.

Any idea?

I guess a patch would be preferable. Make one with "diff".

I just added a little bit of code into moblock.c to have the time logged too.

I always appreciate such work!
But our upstream author has done this already, too. In the current CVS repository you'll find (quoting from an email from september):
- timestamping
- log to syslog
- support for RETURNing packets and an example start script (MoBlock-nfq-reject.sh) that rejects instead of dropping.
Further he already has a patch for libdbus support for communication with a GUI that is under development.

So, for everyone who's working with the code of the daemon itself I recommend to have a look at the CVS repository at http://moblock.berlios.de/ first.
The packages that I release are based on the last official version (0.8) [EDIT: gna, fifth time I hate the smiley theme; it's "( 0 . 8 )."] instead.

People working on the code of moblock-control should have a look at the development repository from moblock-deb.sf.net (Although this is in most times in sync with the Debian packages).

I tried to put a peerguardianlist "http://peerguardian.sourceforge.net/lists/p2p.php" into blocklist.list (that of course worked :) ) but after "moblock-control update" it crashed.

The name of the blocklist has to be the same as the basename of the URL in blocklists.list. So php redirects are not possible.
I just documented that and made a check for it in the source. Sorry, that's necessary because I need to know the name of the blocklist so that I can copy complete lists to "used". I'll code something savvier when I've time.

http://peerguardian.sourceforge.net/lists/p2p.php is just a mirror of www.bluetack.co.uk/config/level1.gz

Greets and good coding
jre

I always appreciate such work!
Thanks

.. In the current CVS repository you'll find (quoting from an email from september):...I recommend to have a look at the CVS repository at http://moblock.berlios.de/ first.
Thank you, yes I went there before to have a look, just by the html pages and couldn't find something for logging. And the comment in the forum was from july. So I thought...

But anyway, I just did it so I have a time logging now and it is just an offer, for those desperate to have the time logged for the time being.
It wasn't/isn't intended to disturb the mainline. Just a quick fix.


I guess a patch would be preferable. Make one with "diff".
Maybe Im going to install cvs so I can make a diff.

The name of the blocklist has to be the same as the basename of the URL in blocklists.list. So php redirects are not possible.... that's necessary because I need to know the name of the blocklist
I thought so.


Greets and good coding

U 2 :)

Further he already has a patch for libdbus support for communication with a GUI that is under development.
Wow! That is some *great* news! I've always missed this kind of functionality, since it's not really "proper" to use logfiles and whatnot to interpret what is happening when you design a gui "client" to interact with the system.

hi pelle,jre et all!

Do you have any idea of cvs?
I just installed it, loaded the moblock sources had a look in the cvs-docs and I'm stunned.
I have the moblock.c I changed earlier in a different dir what should I do now?

Geetings

I am trying to test it
and get
Testing MoBlock: head: cannot open `/etc/moblock/guarding.p2p' for reading: No such file or directory
trying to ping from /etc/moblock/guarding.p2p ...
* Some error occured with ping, no test result.

I rebooted my system and now works like a charm. Amazing howto.
Thanks

I just installed moblock on an ubuntu-server 7.10 via a ssh terminal
using "dpkg" saying couldn't complete the installation so I started "aptitude" to find out a dependency was not matched ( something like in..quue0) which I decided to install
the installation went on ...moblock update ... moblock start

and now I am kicked out of the system :-( leaving aptitude hanging (hopefully no damage)
Why is that? I'm entering via lan.

BTW: the howtos and the package you did helped me to install it at all! thanks for your effort!

just found out:
to add the lan ips in the white list
so now i can maintain the server via the lan :-)

Did you manage to get this sorted? I tried it in a test enviroment first and this happened

Am very glad I didnt do it on server first because there is on SSH haha

Did you manage to get this sorted? I tried it in a test enviroment first and this happened

Am very glad I didnt do it on server first because there is on SSH haha

The server is on a lan so no real deep annoying problem, but I had to mount a monitor and a keyboard to fix the conf file where I changed the white-list to let my lan addresses pass (192.168.0.0/255.255.255.0):
moblock.conf:
...
ip_tcp_in="192.168.0.0/255.255.255.0"
ip_udp_in="192.168.0.0/255.255.255.0"
ip_tcp_out="192.168.0.0/255.255.255.0"
ip_udp_out="192.168.0.0/255.255.255.0"
...
so now it works nicely.

But I think there should be a warning anyway or the local addresses should be in the white list (10.0.0.0, 192.168.x.x and there is another one I just cant remember)

BTW: thats just for the lan but if the server is external the according ports should be opened if one is not callig in from a fixed ip.

hi pelle,jre et all!

Do you have any idea of cvs?
I just installed it, loaded the moblock sources had a look in the cvs-docs and I'm stunned.
I have the moblock.c I changed earlier in a different dir what should I do now?
For you CVS is just a method to download the actual version of upstream's current code. (Indeed since the cvs server doesn't respond to me after asking for the password I just browsed the CVS repository and downloaded each file manually.)
You can edit these files and copy them to the directory that you got when you made the "apt-get source moblock". In the next release ALL files that I added for the debian packaging will be in the folder "debian/" and in the main will folder will be exactly the same content as you see it when you make the CVS checkout from upstream's source (burrently it's a wild mix ofd upstream's code and my code).


Odin25. I added a big warning in the package description, but I don't want to whitelist any IPs. But I'm still open for discussions about which blocklists should be on per default.

greets
jre

For you CVS is just a method to download the actual version of upstream's current code. (Indeed since the cvs server doesn't respond to me after asking for the password I just browsed the CVS repository and downloaded each file manually.)

I had the same problem (I think it's just because I don't yet understand how to use cvs) but after entering the 2nd line mentioned on the berlios side
1st: cvs -d:pserver:anonymous@cvs.moblock.berlios.de:/cvsroot/moblock login
2nd: cvs -z3 -d:pserver:anonymous@cvs.moblock.berlios.de:/cvsroot/moblock co modulename
my cvs checked out the sources (I found the first line in a file in the repository. I think it's just for my cvs to know where to get the files)

You can edit these files and copy them to the directory that you got when you made the "apt-get source moblock".
Okay, if I have done that how do I get a diff-file (what "cvs...."-instruction do I have to enter)?

In the next release ALL files that I added for the debian packaging will be in the folder "debian/" and in the main will folder will be exactly the same content as you see it when you make the CVS checkout from upstream's source (burrently it's a wild mix ofd upstream's code and my code).

That is interesting news, even though I think it's maybe a lot of work for you. Highly appreciated


Odin25,I added a big warning in the package description, but I don't want to whitelist any IPs. But I'm still open for discussions about which blocklists should be on per default.

For most of the cases and users the Installation routine is totally sufficient and best of all: low maintenance! which is a great achievement!

The thing which hit me of guard was: while installing the ssh connection was blocked so I had no chance to change the moblock.conf file at any time, therefor my suggestion with the IP-ranges mentioned (which are restricted to local LANs as I recall).
I found a comment in the peerguardian linux forum by morpheus =?= upstreamer who also doesn't understand why these ranges are in a blocklist.
But anyway it wouldn't help if the server is not in a lan.
I think the warning is a good way to go for now.

Thank you for doing such a great job!

Have a nice day!
odin25

Why i receive this error(and moblock doens't starts)?

root@server:/home/garret# moblock-control update
Updating blocklists and reloading MoBlock
root@server:/home/garret# moblock-control status
Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 885 packets, 782K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 852 packets, 82812 bytes)
pkts bytes target prot opt in out source destination

Please check if the above printed iptables rules are correct!

* moblock is not running.
root@server:/home/garret#

Why i receive this error(and moblock doens't starts)?
Have a look at /var/log/moblock-control (or post it). Did this happen only once or does a reboot fix it?
jre

Have a look at /var/log/moblock-control (or post it). Did this happen only once or does a reboot fix it?
jre

Here there is the log -> http://rafb.net/p/iexqJ147.html

(it always happens)

Bluetack has some problems with the level1. So moblock can't build a blocklist because level1 fails to download,
Can it be because of this?;
Dear members and guests,

Regretfully we need to let you all know that in one weeks time the site may be closing indefinitely. Our web hosting bill is currently 3 months behind and without this server in operation there will also be no more blocklist updates possible.

We ask you to make a choice and decide on our future. If you want to help keep us alive then we need your support and donations.

There are literally millions of people downloading our files, however only a very small proportion of people find the time to invest anything in return to ensure that our free services can continue.

Everything we do here is offered free of charge, we make absolutely no money whatsoever. We do however spend quite a lot of time to keep everything running as best as we can for your benefit.

In the event that we cannot afford to continue offering our services for free, then we may need to consider introducing a small subscription/fee based service for downloading the blocklist updates and possibly looking towards using ads throughout the site.

We also need more server mirrors to cope with the excessive bandwidth/traffic associated with hosting the lists.

So now you can either choose to do nothing and let BISS die or help support us so that we can continue to support you. If you find any value in our free programs and services here then please consider donating.

The choice is now yours.

Our donation page is here :
http://www.bluetack.co.uk/donate/index.html

So no one can't use moblock? Or all you use other lists?

So no one can't use moblock? Or all you use other lists?

we use them! at least the version we have.

the problem in your case seems to be that your moblock couldn't build the guardian.p2p file and therefore doesn't start.

try update again

we use them! at least the version we have.

the problem in your case seems to be that your moblock couldn't build the guardian.p2p file and therefore doesn't start.

try update again

WoW now it seems to work, or not????

garret@server:~$ sudo moblock-control update
[sudo] password for garret:
Updating blocklists and reloading MoBlock ...done.
garret@server:~$ sudo moblock-control status
Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 13449 packets, 15M bytes)
pkts bytes target prot opt in out source destination
75 6084 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
77 11626 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain OUTPUT (policy ACCEPT 11806 packets, 1337K bytes)
pkts bytes target prot opt in out source destination
75 6084 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
933 70227 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
77 11626 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
7 420 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
585 35100 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
341 34707 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 5305.
garret@server:~$

WoW now it seems to work, or not????

try:
sudo moblock-control test

also try:

tail -f /usr/log/moblock.log
this will show you the progress while generating the guardian.p2p and later shows you which connections are blocked (if you do the test you will also see the blocking)

and

tail -f /usr/log/moblock-control.log

Results:

garret@server:~$ sudo moblock-control test
[sudo] password for garret:
Testing MoBlock: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
* MoBlock blocked the IP. Test succeeded.
garret@server:~$ tail -f /usr/log/moblock.log
tail: impossibile aprire `/usr/log/moblock.log' per la lettura: Nessun file o directory
tail: nessun file rimasto
garret@server:~$ tail -f /usr/log/moblock-control.log
tail: impossibile aprire `/usr/log/moblock-control.log' per la lettura: Nessun file o directory
tail: nessun file rimasto
garret@server:~$

garret@server:~$ tail -f /usr/log/moblock.log

sorry it should have been var not usr:

tail -f /var/log/moblock.log
tail -f /var/log/moblock-control.log

but the
Testing MoBlock: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
* MoBlock blocked the IP. Test succeeded.
shows that it was successful anyway :-)

congrats

EDIT: PS: I don't know how familiar you are with linux (so just in case): you don't need "tail" you can also have a look with an editor into the log-files; tail is used to continuously show the last lines of the log

in /var/log/moblock.log:
Reopening logfile.
Blocked OUT: Cky Murray Electric,hits: 1,DST: 65.114.125.144
Blocked OUT: Istituto Elettrotecnico Nazionale Galileo Ferraris,hits: 1,DST: 193.204.114.105
Blocked OUT: ETH/UNIZH Camp Net,hits: 1,DST: 129.132.73.207

in /var/log/moblock-control.log:
2007-11-26 06:18:54 CET Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating ads-trackers-and-bad-pr0n.gz * .
Updating bogon.gz * .
Updating dshield.gz * .
Updating hijacked.gz * .
Updating iana-multicast.gz * . No update available.
Updating iana-private.gz * . No update available.
Updating iana-reserved.gz * . No update available.
Updating level1.gz * .
Updating level2.gz * .
Updating Microsoft.gz * .
Updating rangetest.gz * .
Updating spider.gz * .
Updating spyware.gz * .
Updating templist.gz * .
Updating trojan.gz * . No update available.
* Blocklists updated.
Building blocklist ...done.
Installing blocklist to /etc/moblock/guarding.p2p ...done.
Reloading MoBlock ...done.
2007-11-26 06:20:15 CET End: /usr/bin/moblock-control update

works not?

Try going to moblock website and getting newest version for gutsy...

then in terminal you just type sudo moblock-control update and it should work

Try going to moblock website and getting newest version for gutsy...

then in terminal you just type sudo moblock-control update and it should work

But i have the repo of moblock-deb.... so i have the last version.

in /var/log/moblock.log:


in /var/log/moblock-control.log:


works not?

everything looks great, everything that should be blocked is blocked; and you know how to check for it
you can relax now :-)

Have a nice day

good catch! thanks odin. :)

But with moblock-deb is the same thing of peerguardian on windows or for example moblock has more lists(or less...)?

But with moblock-deb is the same thing of peerguardian on windows or for example moblock has more lists(or less...)?
The lsits are the same + some more. Have a look at /etc/moblock/blocklists.list to see which lists are used.

The functionality is the same, per default no ports are whitelisted (like with peerguardian blocking everything, also http).

adam@Server1:~/.scripts$ cat /etc/moblock/moblock.conf | grep "IP_REMOVE"
#IP_REMOVE="Bogon;General Electric Company;4.2.162.144-4.2.162.151"
IP_REMOVE="72.55.129.46"
adam@Server1:~/.scripts$ ping yi.org
PING yi.org (72.55.129.46) 56(84) bytes of data.

--- yi.org ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4001ms
What am i doing wrong?

adam@Server1:~/.scripts$ cat /etc/moblock/moblock.conf | grep "IP_REMOVE"
#IP_REMOVE="Bogon;General Electric Company;4.2.162.144-4.2.162.151"
IP_REMOVE="72.55.129.46"
adam@Server1:~/.scripts$ ping yi.org
PING yi.org (72.55.129.46) 56(84) bytes of data.

--- yi.org ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4001ms
What am i doing wrong?

The IP_REMOVE works with "grep" ["try "man grep" to learn more], so it has to match exactly (in parts) lines of your blocklist. But the IP you inserted is not noted down in the blocklist explicitly, only as part of a bigger range.

Alternatively you can directly whitelist IPs, e.g.
IP_TCP_OUT="72.55.129.46"
(also check the IN/FORWARD and the UDP entries, depending on your needs).
If you need help for this I need to know why you want to whitelist the IP

yi.org is a dynDNS provider, i have no idea why they are even blocked

it uses ez-ipupdate with the gnudip2 protocol to update your list of IP's

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN="72.55.129.46"
IP_UDP_IN="72.55.129.46"
IP_TCP_OUT="72.55.129.46"
IP_UDP_OUT="72.55.129.46"
IP_TCP_FORWARD="72.55.129.46"
IP_UDP_FORWARD="72.55.129.46"

Ive tried that, and i still cant get a ping response (and yes, i did restart moblock)

I just want that IP to be whitelisted, is that possible?

Thanks for any help :)

I am getting the problem where I run the command

moblock-control test


and then I get:

Testing MoBlock: head: cannot open `/etc/moblock/guarding.p2p' for reading: No such file or directory
trying to ping from /etc/moblock/guarding.p2p ...
* Some error occured with ping, no test result.

I tried uninstalling moblock and reinstalling using this method:

aptitude purge moblock-nfq; aptitude install moblock-nfq


There were some errors, but it tried again a few times and ended without errors at the finish. I tried starting moblock and updating and reloading it and it seems to work fine. I get the impression that the guarding.p2p file is just a test ip that it blocks to see if its being blocked, so if no solutions seem to work, would someone mind sharing the contents of that file?

guarding.p2p is the blocklist, without it, moblock will be quite useless

try moblock-control update

I've been using moblock for a log time now, and I just got a new laptop so I wanted to put moblock on it, but it won't fully install.....it looks like it cant download any of the lists right after the installation during the update....does anyone know if the bluetack site is down or something....this is the logfile output when I try to install


2007-11-28 12:27:23 PM EST Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating ads-trackers-and-bad-pr0n.gzstat: cannot stat `ads-trackers-and-bad-pr0n.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating bogon.gzstat: cannot stat `bogon.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating dshield.gzstat: cannot stat `dshield.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating hijacked.gzstat: cannot stat `hijacked.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating iana-multicast.gzstat: cannot stat `iana-multicast.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating iana-private.gzstat: cannot stat `iana-private.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating iana-reserved.gzstat: cannot stat `iana-reserved.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating level1.gzstat: cannot stat `level1.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating level2.gzstat: cannot stat `level2.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating Microsoft.gzstat: cannot stat `Microsoft.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating rangetest.gzstat: cannot stat `rangetest.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating spider.gzstat: cannot stat `spider.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating spyware.gzstat: cannot stat `spyware.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating templist.gzstat: cannot stat `templist.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
Updating trojan.gzstat: cannot stat `trojan.gz': No such file or directory
/usr/bin/moblock-control: line 412: [: -gt: unary operator expected
* . No update available.
* Blocklists updated.
Building blocklist * Error 6: www.bluetack.co.uk/config/ads-trackers-and-bad-pr0n.gz not available. Check your /etc/moblock/blocklists.list and try a "moblock-control update" first. Aborting!

It *is* indeed down. I'm afraid it might (i'm not really sure) be bëcause of this (i've posted this before, people);

Dear members and guests,

Regretfully we need to let you all know that in one weeks time the site may be closing indefinitely. Our web hosting bill is currently 3 months behind and without this server in operation there will also be no more blocklist updates possible.

We ask you to make a choice and decide on our future. If you want to help keep us alive then we need your support and donations.

There are literally millions of people downloading our files, however only a very small proportion of people find the time to invest anything in return to ensure that our free services can continue.

Everything we do here is offered free of charge, we make absolutely no money whatsoever. We do however spend quite a lot of time to keep everything running as best as we can for your benefit.

In the event that we cannot afford to continue offering our services for free, then we may need to consider introducing a small subscription/fee based service for downloading the blocklist updates and possibly looking towards using ads throughout the site.

We also need more server mirrors to cope with the excessive bandwidth/traffic associated with hosting the lists.

So now you can either choose to do nothing and let BISS die or help support us so that we can continue to support you. If you find any value in our free programs and services here then please consider donating.

The choice is now yours.

Our donation page is here :
http://www.bluetack.co.uk/donate/index.html

yi.org is a dynDNS provider, i have no idea why they are even blocked

it uses ez-ipupdate with the gnudip2 protocol to update your list of IP's

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN="72.55.129.46"
IP_UDP_IN="72.55.129.46"
IP_TCP_OUT="72.55.129.46"
IP_UDP_OUT="72.55.129.46"
IP_TCP_FORWARD="72.55.129.46"
IP_UDP_FORWARD="72.55.129.46"

Ive tried that, and i still cant get a ping response (and yes, i did restart moblock)

I just want that IP to be whitelisted, is that possible?
ok, first I think IP_TCP_OUT="72.55.129.46" should be enough, but it won't hurt you to use more entries.

Now, I can't imagine that you can't ping this IP. Please post your iptables rules (just do a "moblock-control status"). There should be the entries for this IP.
If not, please check the last "start" section in /var/log/moblock-control.log for iptables errors.
Also check /var/log/moblock.log to see if the IP is really blocked by moblock.
If it's not blocked by moblock you can try "traceroute 72.55.129.46" to see where the ping gets stopped.

Alternatively, (I just had a look at guarding.p2p) you can use this entry:
IP_REMOVE="Groupe iWeb Technologies inc:72.55.128.0-72.55.191.255"

greets
jre

Ok, so i double checked at phoenix labs forums, and bluetack is apparently safe for now (last minute donations), and they are working on getting the site up again.
Still, you really should consider donating some money. Maybe that would also not only save bluetack, but also give more reliable blocklist transfers and updates in the future (they need new servers).

sorry, I didnt see that you had posted that already......yeah I was actually about to donate a little bit of cash, its the least we can do considering priceless service that they provide us....with out them the feds would have surely been knocking on my door ages ago.

Hm, I've got moblock installed (gutsy 64), but it is not passing it's test:

sudo moblock-control test
Testing MoBlock: trying to ping 4.18.162.102 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP, however 4.18.162.102 did not answer.
*
* Maybe 4.18.162.102 is down/doesn't answer to pings
* or your firewall filtered the ping.
*
* Have a look at "/usr/bin/moblock-control status" and do some manual testing.

Here is the output of the status command
sudo moblock-control status
Current iptables rules (this may take awhile):

Chain INPUT (policy DROP 6 packets, 3194 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.0.0.2 0.0.0.0/0 tcp flags:!0x17/0x02
497 138K ACCEPT udp -- * * 10.0.0.2 0.0.0.0/0
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
195 20347 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 DROP 0 -- eth0 * 0.0.0.0/0 255.255.255.255
12 2970 DROP 0 -- * * 0.0.0.0/0 10.0.0.255
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
25 1052 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI 0 -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
77608 60M INBOUND 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain OUTPUT (policy DROP 3 packets, 3010 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 10.0.0.4 10.0.0.2 tcp dpt:53
498 31973 ACCEPT udp -- * * 10.0.0.4 10.0.0.2 udp dpt:53
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
9 382 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
102 12711 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
85359 27M OUTBOUND 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
76468 60M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1097 308K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
43 7470 LSI 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination

Chain LSI (2 references)
pkts bytes target prot opt in out source destination
43 7470 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
43 7470 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
43 7470 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
18 2405 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
79081 27M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
61 7543 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6199 502K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain moblock_fw (2 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (2 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (2 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 28733.

I don't really know thing 1 about iptables, so I don't really know what I'm looking at or what I should be manually testing. I'd appreciate some advice. Thanks.

Help! my google inc is begin blocked, here are my moblock.conf and moblock-nfq sh files. what do i need to change?
moblock.conf
# moblock-control configuration file

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"


################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

# Define which traffic shall be sent to NFQUEUE (if it is sent there).
# 0 - All traffic
# 1 - Only NEW traffic
IPTABLES_STATE="1"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN="yahoo Google Inc"
WHITE_UDP_IN="yahoo Google Inc"
WHITE_TCP_OUT="yahoo Google Inc"
WHITE_TCP_OUT="http https 5050 1863 60481 pop3 smtp"
WHITE_UDP_OUT="yahoo Google Inc"
WHITE_TCP_FORWARD="yahoo Googl Inc"
WHITE_UDP_FORWARD="yahoo Google Inc"

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN="Google Inc"
IP_UDP_IN="Google Inc"
IP_TCP_OUT="Google Inc"
IP_UDP_OUT="Google Inc"
IP_TCP_FORWARD="Google Inc"
IP_UDP_FORWARD="Google Inc"

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist
# Seperate lines with a semicolon. The example will delete lines that contain
# either "Bogon", "General Electric Company" or "4.2.162.144-4.2.162.151"
IP_REMOVE="Google Inc"

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE="Yahoo"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0
moblock-nfq sh

#!/bin/sh
#
# MoBlock.sh - MoBlock start script
# ---------------------------------

ACTIVATE_CHAINS=1
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="http https 1863 5050 pop3 smtp"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""
IP_REMOVE="yahoo\! Google Inc"


PIDF=/var/run/moblock.pid

FNAME=`basename $0 .sh`
MODE=`echo $FNAME|awk -F- '{print $2}'`

if [ -f $PIDF ]; then
PID=`cat $PIDF`
if [ `ps -p $PID|wc -l` -gt 1 ]; then
echo "$0: $PIDF exists and processs seems to be running. Exiting."
exit 1;
fi;
fi;

if [ -f /usr/bin/moblock-ipq ]; then
modprobe ip_queue
TARGET="QUEUE"
elif [ -f /usr/bin/moblock-nfq ]; then
modprobe ipt_NFQUEUE
TARGET="NFQUEUE"
fi;

modprobe ipt_state

# Filter all traffic, edit for your needs

iptables -N MOBLOCK_IN
iptables -N MOBLOCK_OUT
iptables -N MOBLOCK_FW

if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;


iptables -I MOBLOCK_IN -p all -j $TARGET
#iptables -I MOBLOCK_IN -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I MOBLOCK_OUT -p all -j $TARGET
#iptables -I MOBLOCK_OUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I MOBLOCK_FW -p all -j $TARGET
#iptables -I MOBLOCK_FW -m state --state ESTABLISHED,RELATED -j ACCEPT

for PORT in $WHITE_TCP_OUT; do
iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_OUT; do
iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_IN; do
iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_IN; do
iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_FORWARD; do
iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_FORWARD; do
iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
done


# Loopback traffic fix

iptables -I INPUT -p all -i lo -j ACCEPT
iptables -I OUTPUT -p all -o lo -j ACCEPT

# Here you can change block list and log files
/usr/bin/moblock $@

# On exit delete the rules we added

if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;

iptables -D INPUT -p all -i lo -j ACCEPT
iptables -D OUTPUT -p all -o lo -j ACCEPT

iptables -F MOBLOCK_IN
iptables -X MOBLOCK_IN
iptables -F MOBLOCK_OUT
iptables -X MOBLOCK_OUT
iptables -F MOBLOCK_FW
iptables -X MOBLOCK_FW

if [ -f $PIDF ]; then
rm $PIDF;
fi

Hm, I've got moblock installed (gutsy 64), but it is not passing it's test:
Your iptables settings are too complex, so I won't have a look at them.

General answer: moblock works this way:
All IPs listed in /etc/moblock/guarding.p2p will be dropped if the iptables rules are configured to send packets to moblock (moblock checks packets with the target NFQUEUE).
All dropped packets are listed in /var/log/moblock.log.

Since the "test" is really basic you have to test moblock manually. Open a terminal and do a "tail -f /var/log/moblock.log" - here you will see live which packets are dropped.
Now ping in another terminal any IP from the blocklist (the "test" checks the very first IP).
If they appear in the logfile - good
If they answer - bad
If they don't appear in the logfile but also don't answer - make a traceroute and check out when the packet is lost:
- first hop: good, some of your iptables rules did block the IP
- any later hop: bad, the packet left your machine and just got lost somewhere else

Help! my google inc is begin blocked, here are my moblock.conf and moblock-nfq sh files. what do i need to change?
Only moblock.conf, MoBlock-nfq.sh is not used.
To not block Yahoo and Goofle set in moblock.conf
IP_REMOVE="yahoo;google"
and do a "moblock-control reload". Don't set the same variable several times (as you did in your moblock.conf), since then only the last entry will be used.

This is only one solution, you also might do it other ways. Please have a look at the HOWTO before you ask further questions.

greets
jre

Another thing, please folks - use [CODE] tags, because that's what they're for. quotes have no scrollbars, and thus take up unnecessary space in the thread.

Tried what JRE said, still google is blocked. Applied temp fix, I added ports 995 and 465 to the whitelist and i can send and receive mail with evolution now, however i dont see this as a permanent fix. I still cant unblock google using the "IP_REMOVE=google" script :(
Current rules

WHITE_TCP_OUT="http https 5050 1863 60481 5222 465 995"

Thanks for your edit raffytaffy. now, did you remove the second IP_REMOVE variable like jre said?
###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist
# Seperate lines with a semicolon. The example will delete lines that contain
# either "Bogon", "General Electric Company" or "4.2.162.144-4.2.162.151"
IP_REMOVE="Google Inc"

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE="Yahoo" ## remove this line!!!!!

Also, "Google Inc" is neither a domain name nor an ip adress, so remove those entries you made...
################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN="Google Inc"
IP_UDP_IN="Google Inc"
IP_TCP_OUT="Google Inc"
IP_UDP_OUT="Google Inc"
IP_TCP_FORWARD="Google Inc"
IP_UDP_FORWARD="Google Inc"

Again, "Google Inc" and "yahoo" are also *not* valid TCP/UDP ports in any way, so remove those as well...

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN="yahoo Google Inc"
WHITE_UDP_IN="yahoo Google Inc"
WHITE_TCP_OUT="yahoo Google Inc"
WHITE_TCP_OUT="http https 5050 1863 60481 pop3 smtp"
WHITE_UDP_OUT="yahoo Google Inc"
WHITE_TCP_FORWARD="yahoo Googl Inc"
WHITE_UDP_FORWARD="yahoo Google Inc"

I suggest you read up a bit on some of those terms i just mentioned, because moblock isn't, and never was meant for the general public, but rather for advanced users or at least people who at least know to some degree what they are doing.

I suggest you follow my advice in the FAQ and track down *what* you need to unblock in real-time. Then, either whitelist a port number (nothing wrong with that) or a "search term" in ip remove depending on what you found out when tracking moblock.log.

Good luck.

I updated my system last night and the update listed Moblock as an update. I figured nothing could go wrong by just updating. Man was I wrong. My Moblock install is hosed. Could someone give me some advice here. I will include some stuff here to see if any of you guys can figure it out. I have tried to uninstall and I still ge t the error 6 code.


Here are the commands I have tried to run:

keith@ubuntudesktop:~$ sudo moblock-control test
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
keith@ubuntudesktop:~$ sudo gedit /etc/moblock/moblock.conf

keith@ubuntudesktop:~$ sudo moblock-control restart
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
keith@ubuntudesktop:~$ tail -f /var/log/moblock.log
Skipping useless range: (050309) W32.Rahack 4899
Skipping useless range: (050428) W32.Spybot 1433 6000
Skipping useless range: (050412) W32.Rahack 4899
Skipping useless range: (050326) Unassigned 33437
Ranges loaded: 257286
Reopening logfile.
Blocked IN: IMC ONLINE,hits: 1,SRC: 66.155.119.35
Blocked IN: DSL.net, Inc,hits: 1,SRC: 65.86.215.78
Blocked IN: DSL.net, Inc,hits: 2,SRC: 65.86.215.78
Got SIGTERM! Dumping stats and exiting.




Here is my /etc/moblock/moblock.conf file:

# moblock-control configuration file

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"


################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

# Define which traffic shall be sent to NFQUEUE (if it is sent there).
# 0 - All traffic
# 1 - Only NEW traffic
IPTABLES_STATE="1"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_TCP_OUT="http https"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist
# Seperate lines with a semicolon. The example will delete lines that contain
# either "Bogon", "General Electric Company" or "4.2.162.144-4.2.162.151"
#IP_REMOVE="Bogon;General Electric Company;4.2.162.144-4.2.162.151"

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0

Thanks.

There's a bug in MoBlock: When you use multiple lists and ranges have to be merged then IPs which are higher than the first merged range aren't blocked. See here: https://sourceforge.net/tracker/index.php?func=detail&aid=1818886&group_id=162910&atid=825649

Workaround: use a clean list.
Warning: if you use a list in ipfilter.dat format then you have to change the option how MoBlock loads this.

I'll prepare new packages when I find some time (not now).


On a better side I released MoBlock 0.8-32 yesterday. Changelog: http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/moblock/moblock-0.8/moblock-0.8/debian/changelog?view=markup
Including:
- New option to insert custom iptables rules
- more output to STDOUT (sent by mail from cron), but also configurable turn off STDOUT

Tried what JRE said, still google is blocked.
Did you "moblock-control reload"?
Which are the IPs that are blocked? (/var/log/moblock.log)

I updated my system last night and the update listed Moblock as an update. I figured nothing could go wrong by just updating. Man was I wrong. My Moblock install is hosed. Could someone give me some advice here. I will include some stuff here to see if any of you guys can figure it out. I have tried to uninstall and I still ge t the error 6 code.
Well, I guess you kept your old moblock.conf.
Just place a
VERBOSITY="1"
somewhere in moblock.conf. Or purge and reinstall moblock.

Thanks pelle for your last post, I totally agree.

Wondering if anyone can help I just reinstalled Gutsy and added the repository and key per the instructions on the Moblock Deb website. I am having an error installing Moblock though...


E: moblock-nfq: subprocess post-installation script returned error exit status 6


can anyone tell me what to do to fix this? I have to remove it completely to install any other packages...

Thanks ahead of time.

Well, I guess you kept your old moblock.conf.
Just place a
VERBOSITY="1"
somewhere in moblock.conf. Or purge and reinstall moblock.

Thanks pelle for your last post, I totally agree.

Thanks man. That was exactly the problem. You are a lifesaver.

I'm trying to remove moblock so that I can reinstall, but I keep getting this error:

Removing moblock-nfq ...
* MoBlock: /etc/moblock/moblock.conf not installed.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing moblock-nfq (--purge):
subprocess pre-removal script returned error exit status 6
* MoBlock: /etc/moblock/moblock.conf not installed.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)


Trying to stop moblock doesn't work either.

Any help would be much appreciated. Thanks.

I seemed to have solved my problems. As someone before mentioned there was an update which indeed broke my moblock. So I removed it with all config files, and reinstalled. Configured the lists from scratch and it works well now. Here is the moblock.config I use now.
# moblock.conf - configuration file for moblock-control

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"

# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"

################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
WHITE_TCP_OUT="80 443 5050 1863 5222 465 995"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
# IP_TCP_OUT="192.168.178.0/24"
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".

# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0

you dont need to reinstall everything
this morning I do update and moblock was broken but...
just by adding

VERBOSITY="1"

which was not in my moblock.conf
and after
sudo moblock-control restart
problem is solved
;)

E: moblock-nfq: subprocess post-installation script returned error exit status 6
6 is configuration error. In most cases this means that a blocklist (configured in /etc/moblock/blocklists.list) could not be downloaded. Therefore moblock won't start.
Just remove the missing blocklists from the conffile for a while or try updating the lists again.

Thanks for these posts...I was very sad last night when my beloved Moblock wouldn't install on my new mythbuntu partition! :(

(Boy, you don't miss the water, till the well runs dry, do ya!)

All seems well this morning! :guitar:

Well, I guess you kept your old moblock.conf.
Just place a
VERBOSITY="1"
somewhere in moblock.conf. Or purge and reinstall moblock.

Thanks pelle for your last post, I totally agree.

Works perfectly, thanks!

btw, I've never done a purge, how is that done?

sudo apt-get purge moblock-nfq; sudo apt-get install moblock-nfq
This is recommended, since the VERBOSITY variable may not be the only thing changed in the last update. save your changes from moblock.conf and merge them when you've purged the installation.

sudo apt-get purge moblock-nfq; sudo apt-get install moblock-nfq
This is recommended, since the VERBOSITY variable may not be the only thing changed in the last update. save your changes from moblock.conf and merge them when you've purged the installation.

Fantastic. I was having trouble trying to remove moblock, it simply wouldn't do it.

Thanks again!

6 is configuration error. In most cases this means that a blocklist (configured in /etc/moblock/blocklists.list) could not be downloaded. Therefore moblock won't start.
Just remove the missing blocklists from the conffile for a while or try updating the lists again.

Thanks. I got moblock working but it scared me when it would give me the error whenever i would reinstall it (after removing it) but I have tailed the log and it is blocking sites.

Thanks again.

Is there any way to allow HTTP traffic like PeerGuardian?

Is there any way to allow HTTP traffic like PeerGuardian?


Look in this section of the moblock.conf?:

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
WHITE_TCP_OUT="80 443 5050 1863 5222 465 995"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

Look in this section of the moblock.conf?:

I did that, and it's still blocking. Maybe it's blocking another port that firefox needs before it contacts port 80.

I'm using pipfilter.dat.gz (Paranoid IP filter).

# Do a "moblock-control restart" when you have changed these settings.
And no, http traffic generally uses port 80.

when i start moblock, i can't access the internet.

i have allowed for http and https.

but when i allow certain ports in UDP, it works. (the ports being used changes when i restart comp)

can anyone tell me what's up? i'm using swiftfox btw.

In the next version (0.8-33) I have removed the distinction between UDP and TCP protocol. So whitelisting (ports or IPs) will work for all protocols then - I think that solves many problems some users had.
After the experience of the last update this is also an warning to replace your old conf files on the next update with the maintainer conf file because the name of the whitelisting changes, there will only be:
WHITE_IP_IN
WHITE_IP_OUT
WHITE_IP_FORWARD
WHITE_PORT_IN
WHITE_PORT_OUT
WHITE_PORT_FORWARD
The old variables
WHITE_TCP_...
WHITE_UDP_...
IP_TCP_...
IP_UDP_... aren't used any more.

Further I've changed the default blocklist to www.bluetack.co.uk/config/nipfilter.dat.gz because of bug 1818886 (https://sourceforge.net/tracker/index.php?func=detail&aid=1818886&group_id=162910&atid=825649).
So the configured blocklist format changed to ipfilter.dat (-d) instead of peerguardian .p2p text (-p) format (changed in moblock.conf AND blocklists.list)!

greets
jre

whats the status on fixing bug 1818886 ? i presume the aim is to get it fixed. im kinda unhappy with the nipfilter solution cos its not updated very regularly, and of course u cant choose the blocklists that suits u
(yes im aware i can use moblock the 'old' way still - just enquiring about the status and what the plans are)

whats the status on fixing bug 1818886 ? i presume the aim is to get it fixed. im kinda unhappy with the nipfilter solution cos its not updated very regularly, and of course u cant choose the blocklists that suits u
(yes im aware i can use moblock the 'old' way still - just enquiring about the status and what the plans are)

well, I have no more info than what is written in the bug report. So the upstream author recommends to use a clean blocklist for now and he'd like to fix the bug. But there are no changes in the CVS yet.
Personally I'm not able to do that, I'm only a script kiddie ;-)

greets
jre

Moblock is blocking my router.

I've tried
IP_TCP_IN="192.168.10.1"
IP_UDP_IN="192.168.10.1"
IP_TCP_OUT="192.168.10.1"
IP_UDP_OUT="192.168.10.1"

And did a moblock-control restart, but it still does not work
I tried 192.168.10.1/24 as well.

I want to enable 192.168.10.1 (router), and 192.168.10.101-192.168.10.255 (computers).

If I ping my router, I get
Blocked OUT: Bogon,,hits: 1,DST: 192.168.10.1

By the way, what are WHITE/IP_TCP/UDP_FORWARD="" ?

Eh, i suggest you read this post by jre. (4 posts up)
http://ubuntuforums.org/showpost.php?p=3920594&postcount=935

Also, if you are using those variables, you didn't replace those files in the latest update with the "maintainers version", and that is another reason to purge moblock, and reinstall it.

Eh, i suggest you read this post by jre. (4 posts up)
http://ubuntuforums.org/showpost.php?p=3920594&postcount=935

Also, if you are using those variables, you didn't replace those files in the latest update with the "maintainers version", and that is another reason to purge moblock, and reinstall it.

That does not answer my question.

its blocking you i.e localhost 127.0.0.1 out..

:) doing its job then

its blocking you i.e localhost 127.0.0.1 out..

:) doing its job then

I need it to not block my router and other computers on my local network. They are in the bogon list.

My problem is that local network my router is in the BOGON list and my NETWORK is in the EMC List.

Whitelisting IP addresses DOES NOT WORK.

I've tried
"192.168.10.0-192.168.10.255"
"192.168.10.0/24-192.168.10.255/24"
"192.168.10.0:192.168.10.255"
"192.168.10.0/24:192.168.10.255/24"
"192.168.10.1"
"192.168.10.101"

I've tried that for all
IP_TCP_IN, IP_UDP_IN, IP_TCP_OUT, IP_UDP_OUT, IP_TCP_FORWARD, IP_UDP_FORWARD.

It does not work

IPTABLES_SETTINGS=1 as well

It blocks gnome services. it blocks a lot of things it should not. I cannot use it.

I hate to be a smartass, but i just told you these variables wont work;
IP_TCP_IN, IP_UDP_IN, IP_TCP_OUT, IP_UDP_OUT, IP_TCP_FORWARD, IP_UDP_FORWARD

If you "purge" moblock, and then install it, you will get a new "moblock.conf" (among other things), with the variables that do work. :)

Also, this isn't the first timew the bogon blocklists have local ip:s in it, and i usually comment it in "blocklists.list".

I hate to be a smartass, but i just told you these variables wont work;


If you "purge" moblock, and then install it, you will get a new "moblock.conf" (among other things), with the variables that do work. :)

Also, this isn't the first timew the bogon blocklists have local ip:s in it, and i usually comment it in "blocklists.list".

0.8-33 is not in the repository yet.

Oh :oops:
My bad. What i'd like to now is what output you get from moblock-control status. That'll show us if iptables got it right.

Oh :oops:
My bad. What i'd like to now is what output you get from moblock-control status. That'll show us if iptables got it right.

I've attached the blocklist and conf file.
I can confirm that the LAN is in the blocklist in Bogon and EMC.
I can confirm that the IP address whitelists are ignored.

Now i really released 0.8-33 (see http://ubuntuforums.org/showpost.php?p=3920594&postcount=935 or just the changelog. BTW you can see this also online (before updating), just have a look at the news section on moblock-deb.sf.net). For all people with whitelisting problems: I think this solves them.
For everybody: Renew all your conf files on update

Further I've added Ubuntu hardy heron support.

jre

Now i really released 0.8-33 (see http://ubuntuforums.org/showpost.php?p=3920594&postcount=935 or just the changelog. BTW you can see this also online (before updating), just have a look at the news section on moblock-deb.sf.net). For all people with whitelisting problems: I think this solves them.
For everybody: Renew all your conf files on update

Further I've added Ubuntu hardy heron support.

jre

I was not confused about the differences between TCP and UDP. It was just not working.

IP whitelisting is [now] working. Before, even though I saw the IP listed with the status command, it was being blocked. PORT WHITELISTING IS NOT WORKING.
As you can see in the moblock-status.txt, they are not being added. Maybe moblock on your dev machine assumes some things.

I've attached the files.

Feature Request:
Show port in log. In the case bellow, mail-notify is accessing GMAIL, and I don't know what port to enable.
Blocked OUT: Google,hits: 1,DST: 66.249.83.19

It would be nice if it was application aware, like a firewall. But, I don't think iptables supports that. I'm not sure how firewalls based on iptables work.

Hello Jre,


Thanks for this new update.
Just after the update from rev32 to rev33 I had the error exit 6 from the post-install script.

The root cause was that moblock-control was not able to find the new ipfilter.dat.gz list.

Thus I had to run a sudo moblock-control update and then start moblock.

Does the .deb post-install script run a moblock-control update before starting moblock daemon ?


I like the description output when moblock-control test. It rocks!


Thank you,
sloter

Hello SpookyET,


I guess "http" or "https" port designations are no more working with WHITE_PORT_OUT :(
But "80" "443" or whatever port number you wish works fine with me :)

I put the following line in the /etc/moblock/moblock.conf
WHITE_PORT_OUT="80 443"
Then I
moblock-control restart
I have access to all the web site I want from my web browser :)


Have fun!
sloter

Hello SpookyET,


I guess "http" or "https" port designations are no more working with WHITE_PORT_OUT :(
But "80" "443" or whatever port number you wish works fine with me :)

I put the following line in the /etc/moblock/moblock.conf
WHITE_PORT_OUT="80 443"
Then I
moblock-control restart
I have access to all the web site I want from my web browser :)


Have fun!
sloter

If you look at my atachments, you'll see that I have more ports and if you look at the status atachment, you'll see that they are not being added to the iptables.

WHITE_PORT_OUT="80 443 587 993 1863 5050 5190 1000:1024"

I was not confused about the differences between TCP and UDP. It was just not working.
IP whitelisting is [now] working. Before, even though I saw the IP listed with the status command, it was being blocked.
I had similar problems ;-)
and I 'guess there are just more protocols than UDP and TCP, therefore the change did not only remove this distinction but also added other protocols. But well, I'm no pro here. Perhaps there's a bug in my script or in iptables?

PORT WHITELISTING IS NOT WORKING.
As you can see in the moblock-status.txt, they are not being added.
Yes.
BTW: Do several 'moblock-control stop' until you have a empty iptables list, because you have duplicate entries in INPUT, OUTPUT, FORWARD

OK, hidden between much text the core of my message; I'm just finding the error although there are still some strange things. With your moblock.conf moblock-control.log gives:
iptables v1.3.8: Unknown arg `--dport'
Some minutes later; argh, I'm just releasing 0.8-34, reverting the port whitelisting changes: From `man iptables`
multiport: Up to 15 ports can be specified. A port range (port:port) counts as two ports. It can only be used in conjunction with -p tcp or -p udp. Honestly, I waited extra days before releasing to be sure to not make an error, I was absolutely sure that I had tested this :-/ Errare humanum est.

Feature Request:
Show port in log. In the case bellow, mail-notify is accessing GMAIL, and I don't know what port to enable.
Blocked OUT: Google,hits: 1,DST: 66.249.83.19
This has to be done upstream (moblock.berlios.de). But AFAIK you're not the first to request this feature.

It would be nice if it was application aware, like a firewall. But, I don't think iptables supports that. I'm not sure how firewalls based on iptables work.
Again, upstream. But I doubt, too, that this is possible with iptables.

Spooky, you asked some time ago what FORWARD is for: when you're machine running MoBlock is acting as a router, it is forwarding traffic e.g. from your workstation to another host. If you've installed MoBlock on your workstation (common case) then you don't need FORWARD.

Just after the update from rev32 to rev33 I had the error exit 6 from the post-install script.
The error 6 will result for all people who have problems downloading the ipfilter.dat the first time. Sorry, I can't do anything about that.
Thanks for your warm words.

I had similar problems ;-)
and I 'guess there are just more protocols than UDP and TCP, therefore the change did not only remove this distinction but also added other protocols. But well, I'm no pro here. Perhaps there's a bug in my script or in iptables?


Yes, I tested your moblock.conf here and had a look at /var/log/moblock-control.log tells us).
BTW: Do several 'moblock-control stop' until you have a empty iptables list, because you have duplicate entries in INPUT, OUTPUT, FORWARD

OK, hidden between much text the core of my message; I'm just finding the error although there are still some strange things. With your moblock.conf moblock-control.log gives:
iptables v1.3.8: Unknown arg `--dport'
Some minutes later; argh, I'm just releasing 0.8-34, reverting the port whitelisting changes: From `man iptables`
multiport: Up to 15 ports can be specified. A port range (port:port) counts as two ports. It can only be used in conjunction with -p tcp or -p udp. Honestly, I waited extra days before releasing to be sure to not make an error, I was absolutely sure that I had tested this :-/ Errare humanum est.


This has to be done upstream (moblock.berlios.de). But AFAIK you're not the first to request this feature.


Again, upstream. But I doubt, too, that this is possible with iptables.

Spooky, you asked some time ago what FORWARD is for: when you're machine running MoBlock is acting as a router, it is forwarding traffic e.g. from your workstation to another host. If you've installed MoBlock on your workstation (common case) then you don't need FORWARD.


The error 6 will result for all people who have problems downloading the ipfilter.dat the first time. Sorry, I can't do anything about that.
Thanks for your warm words.

I'll wait for it. Hopefully, you did not revert the IP whitelisting changes.

I'll wait for it. Hopefully, you did not revert the IP whitelisting changes.

argh (localtime 3 AM), cut&paste error which fixed PORT and broke IP. Just making 0.8-35, lol (with new working IP and old working port whitelisting)

argh (localtime 3 AM), cut&paste error which fixed PORT and broke IP. Just making 0.8-35, lol (with new working IP and old working port whitelisting)

It's more secure to have the ports separated by protocol.
It's not confusing for those that understand the difference, but it is confusing when it isn't working.

You can even go further and allowing full control over the protocol using whatever syntax makes sense.

For example, open 80 for tcp, 93 for FOO, 100 for BAR, etc.
WHITELIST_PORT_OUT = 80,TCP 93,FOO 100,BAR

You can even go further and allowing full control over the protocol using whatever syntax makes sense.

For example, open 80 for tcp, 93 for FOO, 100 for BAR, etc.
WHITELIST_PORT_OUT = 80,TCP 93,FOO 100,BAR
I think that such a new syntax is too complex and error-prone. You still have the possibility to set your custom iptables in /etc/moblock/iptables-custom-insert.sh and ... remove. IMHO people who want to use more from iptables should do this directly with iptables.

And now, good night, the release is done. I hope all went well, please give me some feedback.

SpookyET,

You are right!
Do not know why I had access to some web sites with my previous conf file /etc/moblock/moblock.conf (http://ubuntuforums.org/showpost.php?p=3954059&postcount=951)
but the port whitelisting is not working for me in rev33. :(

Hopefully Jre identified some fixes :)


sloter

SpookyET,

You are right!
Do not know why I had access to some web sites with my previous conf file /etc/moblock/moblock.conf (http://ubuntuforums.org/showpost.php?p=3954059&postcount=951)
but the port whitelisting is not working for me in rev33. :(

Hopefully Jre identified some fixes :)


sloter


apt-get update
apt-get upgrade


0.8-35 works for me. both IP and port whitelisting. I have only tested OUT, not IN.

I didn't notice anyone post the AMD64 deb's for 0.8-35 so here's mine. They've been working fine for me.

Hi All,
I have a problem with the new update of moblock:

1) when i updated moblock i got this information:

Starting MoBlockinvoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error processing moblock-nfq (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)

2) when i ran sudo moblock-control test i got this thing

Testing MoBlock:
* Error 6: /etc/moblock/ipfilter.dat not installed, without a blocklist MoBlock doesn't work!

I am running Ubuntu Gutsy, tried removing and reinstalling, purging and still no luck.
Could you help me with this? Any ideas?

This didn't help me, but Krusader3z:

Update: removing works.. But not updating. The package is detected as broken, as reported before.

http://ubuntuforums.org/showpost.php?p=3955791&postcount=2

I used the command line to install MoBlock, then when I wanted to uninstall it, I had no luck.

So what i did is go into Synaptic Package Manager (System- Administration)
and I ran a search for "moblock"

It found two results, one was marked as already installed, so i marked it to "remove completely" and it was gone.

yours,
moopoo

Thanks, but thats not the issue here:
I updated moblock through automatic updates via synaptic
THEN i those issues started.
I did remove completely through synaptic, I did apt-get purge through command line, I had reinstalled moblock and it didn't helped

Any ideas why?

Same here.

ok, i think i have a temporary solution:

1) first we need to get guarding.p2p file (file containing ip ranges to be blocked)
i got mine from here: http://www2.openmedia.info:8080/p23.html
download guarding_full.p2p.zip and unzip it

2) next copy this file to moblock directory:
sudo cp ~/Desktop/guarding_full.p2p /etc/moblock/guarding.p2p

3) next we need to edit moblock.conf to set moblock to use right blocklist format. to do this type
sudo gedit /etc/moblock/moblock.conf

find a line with BLOCKLIST_FORMAT
and change it to
BLOCKLIST_FORMAT="p"

save and exit

4) start moblock:
sudo moblock-control start
and check if everything is ok by typing (Update: thanks tenjin1 for pointing out my typo) :
sudo moblock-control test

sometimes moblock need a bit time to load so when in doubt you can check the status by typing
sudo moblock-control status

UPDATE: (thanks to jre for pointing this out)
you also have to update blocklists.list used for updating the ip ranges. if had changed BLOCKLIST_FORMAT to "p" then i'd suggest to change the default line from:
www.bluetack.co.uk/config/nipfilter.dat.gz
to:
#www.bluetack.co.uk/config/nipfilter.dat.gz
http://www.bluetack.co.uk/config/level1.gz




hope this will help someone. it worked for me.
have fun,
hlx

today I turned moblock on (after last recent update) and got an error in moblock-control.log

I wanted to reinstall moblock but I made a mess throuhg Synaptic and now I got moblock-ipq (that I tried to install during the mess) that won't remove

I cancelled moblock folder in /etc and now I am stuck to this error anything I try to do, wether it's removing or installing moblock Setting up moblock-ipq (0.8-35+gutsy) ...
* Error 6: /etc/moblock/moblock.conf not installed.
dpkg: error processing moblock-ipq (--configure):
subprocess post-installation script returned error exit status 170
Errors were encountered while processing:
moblock-ipq
E: Sub-process /usr/bin/dpkg returned an error code (1)

Thanks hlx!
This route seems to be working since I was getting the "Error 6: /etc/moblock/ipfilter.dat not installed, without a blocklist MoBlock doesn't work!"

Also just noting....


and check if everything is ok by typing:
sudo moblock-config test


This is supposed to be ...

sudo moblock-control test

About the error 6: Because of an bug I had to change the default blocklist. I chose one from bluetack (the provider of the old lists) which is in another format. So after the update nobody has a valid blocklist and so everybody has to download a new one. This link sometimes fails (buy bluetack.co.uk an server farm and it will always work). Those unlucky ones where the download fails get the error 6.
(Hey, would anybody prefer an moblock which seems to be completely installed but which lacks a blocklist? - No!)

Solution: Try again to get the blocklist with "moblock-control update".

Of course you can also reconfigure moblock to use another blocklist like hlx advised. Warning, please change this, hlx: You also have to change /etc/moblock/blocklists.list for your list/URL. Otherwise the ipfilter.dat blocklist will be downloaded tomorrow and be written over your guarding.p2p. Since you've changed the format this would be, err, not good. Alternatively you can switch off the daily blocklist update moblock.conf


Thanks, quad341, for the amd64 packages

hi jre,
i've updated my post as you said.
thanks for help mate,
cheers
hlx

moblock-control update did the trick, thanks. but now there's a new problem:

whitelisting doesn't seem to work anymore. i tried

WHITE_TCP_OUT="http https" and WHITE_TCP_OUT="80 443 1000:1024"

in the /etc/moblock/moblock.conf and restarted and/or reloaded moblock several times. after some minutes google and other websites become inaccessible. stopping moblock solves the surfing-problem.

i also experienced that gnome needs more time to load after a restart but that could be another matter.

moblock-control update did the trick, thanks. but now there's a new problem:

whitelisting doesn't seem to work anymore. i tried

WHITE_TCP_OUT="http https" and WHITE_TCP_OUT="80 443 1000:1024"

in the /etc/moblock/moblock.conf and restarted and/or reloaded moblock several times. after some minutes google and other websites become inaccessible. stopping moblock solves the surfing-problem.

i also experienced that gnome needs more time to load after a restart but that could be another matter.

Im also getting the same errors as moopoo. I tried uninstall/reinstall and reconfiguring, reloading, stopping numerous times. This happened when i upgraded from .8-32 to .8-35. About an hour ago, I noticed that the version number is now .8-36. Whitelisting still does not work and I can not surf the net. Am I missing something? I am using Fiesty 7.04 on a HP DV6000z (yea, don't remind me of the horribleness of the dreaded DV series =P ).

PS. I just installed Linux a few days ago and I love it. This is also my first time posting in the forums, I hope in contributing more in the future =).

Originally I was having the same issues with whitelisting http/https as everyone else, but I tried what hlx did and it seems to work okay. The only thing I did in addition to that was to whitelist google and yahoo in the ip remove section, so I don't know if that affected anything or not. I hope this issue gets resolved soon!

The error message I keep getting when trying to test/start/stop/restart/uninstall/reinstall moblock (or, for that matter, install any system updates) is:

/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.

I'm not really sure what to look for here...some help would be appreciated. :)

Edit:: I'm running Gutsy for whatever differences that may make.

Second edit:: After looking at the packages installed and the packages that Ubuntu is trying to update, it appears that I have the feisty version of moblock installed. Definitely possible, since I upgraded from feisty to gutsy instead of re-installing. I would uninstall and then reinstall the latest version, however, I'm unable to uninstall (through command line, synaptic, etc.)

hlx's way works. thank you.

UPDATE: No, everything is still blocked.

hi there,
as I don't have any problems with blocking http requests I thought I'll share a bit of moblock.conf settings. (It seems it is very basic, but maybe someone will find it helpfull)

open moblock.conf:
sudo gedit /etc/moblock/moblock.conf

find WHITE_TCP_OUT and change it to:
WHITE_TCP_OUT="http https"

notice that in the comments above there is a line that says that it works only for IPTABLES_SETTINGS="1" so be sure you have it set the right way (it is in the same file)

additionally find: IP_REMOVE and change it to:
IP_REMOVE="google;gmail;gtalk;Google"

after that do in terminal:
sudo moblock-control reload
and:
moblock-control restart

and now the fun part:
open moblock log in terminal:
tail -f /var/log/moblock.log
and in your browser try to open google.com. if then log file will start to show blocked google entries then it might be something serious.on the other hand if no entries for google are showing up that means moblock isn't blocking google requests.

hope this will help someone.
cheers,
hlx

I am sorry to insist, how could I wipe every thing out and make a fresh install?

I have cancelled moblock in /etc and in /usr/bin.. I always get error 6

...help...

today I turned moblock on (after last recent update) and got an error in moblock-control.log

I wanted to reinstall moblock but I made a mess throuhg Synaptic and now I got moblock-ipq (that I tried to install during the mess) that won't remove

I cancelled moblock folder in /etc and now I am stuck to this error anything I try to do, wether it's removing or installing moblock

UPDATE: (thanks to jre for pointing this out)
you also have to update blocklists.list used for updating the ip ranges. if had changed BLOCKLIST_FORMAT to "p" then i'd suggest to change the default line from:
www.bluetack.co.uk/config/nipfilter.dat.gz
to:
#www.bluetack.co.uk/config/nipfilter.dat.gz
http://www.bluetack.co.uk/config/level1.gz


hope this will help someone. it worked for me.
have fun,
hlx

I don't find this anywhere in my moblock.conf file, am I missing something? This is what I see:

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="p"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"


VERBOSITY="1"

And then the rest.

(I just updated moblock, it was working fine before)

1.
If an upgrade has messed up your Moblock is there some command to revert back to the previous version before making the upgrade?

2.
What is the proper way to un-install Moblock and start installing from scratch again?
Is this enough or do you need to do some purge stuff also which I don't fully understand how to implement in my commands?
root@sama:~# apt-get remove moblock

.....

Sorry found this on the first page, so I will follow it and shutup now.
sudo apt-get purge moblock-nfq; sudo apt-get install moblock-nfq
Well I can't shutup :-) because it didn't work.
root@sama:~# apt-get purge moblock-nfq
E: Invalid operation purge
root@sama:~#


3.
What's the difference between "apt-get remove" and "apt-get purge" anyways which should I use in order to do things correctly?

4.
Waah the condom has fallen off I'm unprotected.
root@sama:~# uname -r
2.6.20-16-generic
root@sama:~# apt-get install moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Recommended packages:
p7zip p7zip-full
The following NEW packages will be installed:
moblock-nfq
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/43.3kB of archives.
After unpacking 225kB of additional disk space will be used.
Selecting previously deselected package moblock-nfq.
(Reading database ... 172259 files and directories currently installed.)
Unpacking moblock-nfq (from .../moblock-nfq_0.8-36+feisty_i386.deb) ...
Setting up moblock-nfq (0.8-36+feisty) ...
Reloading MoBlockdpkg: error processing moblock-nfq (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@sama:~#

Uhm!? Maybe purge isn't a "command" but an "option" in apt-get before gutsy?
sudo apt-get --purge remove

I've done a purge and now it works perfectly. This is what I did:

sudo aptitude purge moblock-nfq

sudo aptitude install moblock-nfq

moblock-control update


Now I get this:

root@simba:/new_downloads# moblock-control test
Testing MoBlock:

CAUTION: This is just a simple test to check if MoBlock blocks outgoing
connections. For this one IP from your blocklist will be pinged. This test does
not check if you have sane iptables rules or if your complete blocklist is in
the correct format. Therefore success doesn't imply that everything is working
as you expect it and failure doesn't imply that MoBlock is not working.

Also have a look at "/usr/bin/moblock-control status"

Trying to ping 4.2.145.239 from /etc/moblock/ipfilter.dat ...
* MoBlock blocked the IP. Test succeeded.
root@simba:/new_downloads#

Perfecto :)

I still get this error when I follow the purge and aptitude install method mellowd used.
Setting up moblock-nfq (0.8-36+feisty) ...
Reloading MoBlockdpkg: error processing moblock-nfq (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)
I think there is some Feisty problems on the developer side of this story :confused:

I am stuck too... how the heck can I totally remove everything and reinstall from scratch??

I'm having a different issue. Ever since upgrading to 0.8-36+gutsy I get this nasty error:
frank@ForGreatJustice:~$ *** stack smashing detected ***: /usr/bin/moblock terminated
Sigh. Then:
frank@ForGreatJustice:~$ sudo moblock-control status
Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 11613 packets, 16M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain OUTPUT (policy ACCEPT 7642 packets, 561K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1000:1024
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is dead and /var/run/ pid file exists, pid is .
* Try "moblock-control stop". Otherwise kill all moblock processes,
* delete /var/run/moblock.pid and all iptables rules related to MoBlock.

/var/run/moblock.pid doesn't exist. Tried complete removal/reinstallation, same results.

The missing pid in this line scare me:
* moblock is dead and /var/run/ pid file exists, pid is .
Any ideas? :( Thanks in advance.

OK, I've just released 0.8-39: I've put sane configuration defaults in the script (they will be overwritten by moblock.conf, so there shouldn't be any more problems with VERBOSITY.
And I've overworked the postinst file, so there shouldn't be any more problems on installation/update (error 6). I were (partly) wrong with my first assumptions of the real origin of the problem, sorry for any inconvenience.

General: If you experience problems, have a look at the logfiles /var/log/moblock.log and moblock-control.log.
If you need assistance here tell your moblock version and try to post relevant parts from the logfiles.

Whitelisting still does not work and I can not surf the net.
If the problems with whitelisting continue with 0.8-39 then please post your moblock.conf, "moblock-control status" and moblock-control.log.
There are no differences between feisty and other packages except how they were compiled.

To downgrade: Look for the old deb in /var/cache/apt/archives/
and install it "dpkg -i /path/to/moblock....deb"

WHITE_TCP_OUT="http https" and WHITE_TCP_OUT="80 443 1000:1024"
I've seen this so often: why do you open ports 1000-1024? This is only an example, there's no need to do that. Except if you want to access something on these ports.

And finally, the IP_REMOVE is case insensitive, so no need for "google;Google".


EDIT: fj4, which distro are you using? I've never seen this problem before.

I was running Feisty, now upgraded with a verified Gutsy CD.
edit: I tried mellowd's fix, using apt-get purge moblock-nfq, and it worked, but as soon as I change the blocklists.list to add the bluetack lists, the problem returns. I changed it back to the same blocklists I was using with the previous release. I will try the 0.8-39.

it looks like the bluetack lists are down right now going by their forums. seems they took the lists down in the hopes of getting some attention and funding for the site.


edit: actually they're up. i was having problems connecting to the nipfilter.dat.gz and they mentioned taking them down on the forums. i tried from work today and could load the file fine. not sure why but i could not get moblock to update and download that file. i went into the conf and white listed 80 and 8080, as well as "nyud.net" and reran the update and everything seemed to work fine

Updated AMD64 packages attached. Enjoy

I tried the aptitude purge and then installing, got the following:

Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Selecting previously deselected package moblock-nfq.
(Reading database ... 212246 files and directories currently installed.)
Preparing to replace moblock-nfq 0.8-32+feisty (using .../moblock-nfq_0.8-36+feisty_i386.deb) ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 6
dpkg - trying script from the new package instead ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock-nfq_0.8-36+feisty_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 6
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
/var/cache/apt/archives/moblock-nfq_0.8-36+feisty_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
dpkg: error processing moblock-nfq (--configure):
Package is in a very bad inconsistent state - you should
reinstall it before attempting configuration.
Errors were encountered while processing:
moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done

Still not sure why it's pulling from Feisty...

Edit:: D'OH! Checked the sources.list file, and it was still set to pull from the moblock feisty repositories (since I'd upgraded through Ubuntu as opposed to a fresh install). Ran apt-get update and tried the purge/install again, still gave me the same error message. See below:

Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://moblock-deb.sourceforge.net gutsy/main moblock-nfq 0.8-39+gutsy [43.6kB]
Fetched 43.6kB in 1s (36.5kB/s)
Selecting previously deselected package moblock-nfq.
(Reading database ... 212246 files and directories currently installed.)
Preparing to replace moblock-nfq 0.8-32+feisty (using .../moblock-nfq_0.8-39+gutsy_i386.deb) ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 6
dpkg - trying script from the new package instead ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 6
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
/var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
dpkg: error processing moblock-nfq (--configure):
Package is in a very bad inconsistent state - you should
reinstall it before attempting configuration.
Errors were encountered while processing:
moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done

It gave the following message during both purges:

dpkg: error processing moblock-nfq (--purge):
Package is in a very bad inconsistent state - you should
reinstall it before attempting a removal.
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:

I'm having trouble.

MoBlock is running, but it doesn't seem to be doing anything. I do a test, and it doesn't block the ping (though the ping doesn't respond at all, anyway). I did tests with other pings I found in the IP Filter file, and they didn't respond. Yet the log didn't show any blocks.

The Test thing mentioned to wait until the log shows this:

NFQUEUE: binding to queue '0'

But I wait several minutes, and that doesn't show up in the log. It only seems to show up in the log when I do "sudo moblock-control update" and even then it shows right before the update happens.

When I do "tail /var/log/moblock.log" I get this output.

Duplicated range ( Bogo )
Ranges loaded: 231231
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'

Got SIGHUP! Dumping and resetting stats, reloading blocklist

Duplicated range ( Bogo )
Ranges loaded: 231231

Then nothing more is added to the log until I go and do something.

I've tried it with the nipfilter.dat.gz and the pipfilter.dat.gz, with the same result both times. I did apt-get purge moblock-nfq and then reinstalled it, and it still does this.

I can't tell if it's doing anything because the Test isn't working and the log isn't showing any activity beyond my various uses of moblock-control. Also, I have no clue how to read the moblock-control status output, but I figure I could toss that in with the hopes that someone can tell me if it's actually doing anything.

Current iptables rules (this may take awhile):

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x02
12305 2949K ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
16 5328 DROP 0 -- eth0 * 0.0.0.0/0 255.255.255.255
160 15360 DROP 0 -- * * 0.0.0.0/0 192.168.0.255
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
41 1808 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI 0 -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
421K 503M INBOUND 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.100 192.168.0.1 tcp dpt:53
12316 774K ACCEPT udp -- * * 192.168.0.100 192.168.0.1 udp dpt:53
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
154 6160 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
341K 35M OUTBOUND 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
421K 503M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 151 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LSI 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination

Chain LSI (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
10 840 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
329K 34M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11672 515K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain moblock_fw (3 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (3 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (3 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 26690.

it looks like the bluetack lists are down right now going by their forums. seems they took the lists down in the hopes of getting some attention and funding for the site.

Milady's XP laptop has the Bluetack lists updated in PeerGuardian, so that's not it. Even so, not downloading a list won't cause complete MoBlock crashes.

jre wrote:
OK, I've just released 0.8-39:
Yay that solved everything.

$ apt-get --purge remove moblock-nfq ; remove alone keeps your configs, option purge will permanently delete every last file associated with moblock-nfq
$ apt-get install moblock-nfq
$ moblock-control update
$ moblock-control test

Yeah so some big shot on google search recommended using aptitude over apt-get since it handled dependencies and deborphans better but I had to go through hell on an offtopic situations when using aptitude so I'm sticking with apt-get. :)

just downloaded the latest update. There are no blocklists in the /etc/moblock/blocklists.list except for one and all existing blocklists have gone after the update.
In order to reload you will have to add them to blocklists.list and update moblock. some of them have no update.

not a complaint just info
thanks for the program

Phil

the list is in /usr/share/doc/moblock-nfq folder

Yes... one.. :)
Since default list type in moblock.conf is changed to eMule version, only one list is there
www.bluetack.co.uk/config/nipfilter.dat.gz
and as sayed in /usr/shared/doc/moblock-nfq/README.blocklists
it includes almost everything we used before

Lists from bluetack.co.uk in eMule ’ipfilter.dat’ format:
http://www.bluetack.co.uk/config/nipfilter.dat.gz
This blocklist is the (normal) IP Filter.dat for loading into Emule.
The nipfilter.dat file includes the following ranges pre-merged into it:
1. Level1
2. Bogon list
3. Hijacked IP blocks
4. IANA Multicast
5. IANA Private
6. IANA Reserved
7. level2 corp
8. Microsoft
9. NonLan list
10. templist
;)

but for some reason nothing was being blocked until I altered blocklists.list adding all the lists. After this moblock updated the lists then started blocking. I'm no expert so I dont know why this happened . Moblock-control.log showed ranges loaded 0
merged ranges 0
skipped ranges 0

until I altered the file and restarted moblock now it shows
ranges loaded 328575
merged ranges 614
skipped 9125

Philj

but for some reason nothing was being blocked until I altered blocklists.list adding all the lists. After this moblock updated the lists then started blocking. I'm no expert so I dont know why this happened . Moblock-control.log showed ranges loaded 0
merged ranges 0
skipped ranges 0

until I altered the file and restarted moblock now it shows
ranges loaded 328575
merged ranges 614
skipped 9125
I guess you kept your old moblock.conf with wrong settings. For the ipfilter.dat you need BLOCKLIST_FORMAT="d" in /etc/moblock/moblock.conf.



Zeikcied (all users not using special iptables rules/firewalls can stop reading here), you have to be careful with your iptables settings (and since you have some advanced settings you should learn what they mean.
I guess you're using an firewall together with MoBlock. Except with "firehol" there exists no known solution for firewalls in combination with MoBlock 0.8.

All traffic that is ACCEPTed in your rules before it is sent to MoBlock won't be checked by MoBlock but will simply be accepted. The same goes for DROP rules: packets matching these will be dropped and not be checked by MoBlock. Last but not least, your general rule DROP is undermined by MoBlock, who ACCEPTs packets which aren't blocked.

Now to MoBlock: You have three times the same rule, I don't know how this happened, but this shouldn't be. Do "moblock-control stop" untill there isn't any moblock rule in your iptables settings. Then "moblock-control start" once.
Since Moblock is the last rule in your chains it's generally well configured, but keep in mind what I wrote in the last paragraph.

Finally, follow the logfile live with tail -f /var/log/moblock.log.

The "status" shows that no (0 in the first two columns) packet ever reached MoBlock. So you have to tweak your iptables rules so that traffic is sent to MoBlock:

Since you're already having a general DROP only the traffic that is allowed by you will be possible. So you have to insert on the ports where you want to allow traffic the iptables target NFQUEUE (queue number 0).
The easiest way is to do this with the "custom iptables settings" (see /etc/moblock/moblock.conf). You can insert your iptables rules for insertion and deletion in /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh.
Just remember that every packet that passes through NFQUEUE to MoBlock (0.8) will either be ACCEPTed or DROPped.
If your new to iptables rules you will have to learn something ;-)

You can also use firehol, see the HOWTO for instructions. Other firewalls are not compatible with MoBlock 0.8

Greets
jre

IBM Co i.e iana is being blocked every second(which is good i guess, coz i have no LAN set up or NAT), wish i could stop this from happening in the first place though...

like make ubuntu disable lan access altogether? ha?

Victory! As mentioned before, I couldn't surf the web anymore after the latest update.

I had a look into the log file (/var/log/moblock.log) and realized that moblock now blocks my router.

Consig,hits: 10,SRC: 192.168.178.1

So I edited the config and uncommented the example to whitelist IPs:

sudo gedit /etc/moblock/moblock.conf


################################ Whitelist IPs ################################
...
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"

I guess you're using an firewall together with MoBlock. Except with "firehol" there exists no known solution for firewalls in combination with MoBlock 0.8.
I thought that maybe I could use an extra layer of protection, so I downloaded Firestarter to configure a firewall. I never thought it'd interfere with MoBlock. I just assumed there would be two separate instances of iptables or something. (I've been using Kubuntu for a year now, and most of the "non-visible" stuff I still don't understand.)

If your new to iptables rules you will have to learn something ;-)
This iptables stuff is confusing enough already.

You can also use firehol, see the HOWTO for instructions. Other firewalls are not compatible with MoBlock 0.8

Greets
jre
I guess that will have to do. Thanks for the advice, and I'm glad it's not too difficult of a solution. I'm hoping removing Firestarter will help things.

Victory! As mentioned before, I couldn't surf the web anymore after the latest update.

I had a look into the log file (/var/log/moblock.log) and realized that moblock now blocks my router.

Consig,hits: 10,SRC: 192.168.178.1

So I edited the config and uncommented the example to whitelist IPs:

sudo gedit /etc/moblock/moblock.conf


################################ Whitelist IPs ################################
...
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"

Thank you I had, the same problem now to figure out why amsn causes my system to lock up when moblock is running....

I'm still having troubles surfing the net with Moblock on. Here are the the logs and conf. I am using Fiesty .8-39 of moblock.

"Moblock.log""
Duplicated range ( Bogo )
Ranges loaded: 210844
Merged ranges: 0
Skipped useless ranges: 0

"Moblock.conf"
# moblock.conf - configuration file for moblock-control

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="d"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"

# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"

################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"
# Up to 15 ports can be specified. A port range (port:port) counts as two
# ports.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_UDP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
WHITE_TCP_OUT="80 443 1000:1024"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This replaces the old (up to 0.8-32) IP_TCP_ and IP_UDP_ entries.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_IP_IN=""
WHITE_IP_OUT=""
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"
WHITE_IP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".

# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0"

"Moblock-control.log"
2007-12-17 20:57:14 PST Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating nipfilter.dat.gz * . No update available.
* Blocklists updated.
Building blocklist ...done.
Installing blocklist to /etc/moblock/ipfilter.dat ...done.
* MoBlock is not running.
2007-12-17 20:57:23 PST End: /usr/bin/moblock-control update
2007-12-17 08:57:29 PM PST Begin: /usr/bin/moblock-control restart
Deleting iptables ...fail!
Stopping MoBlock ...done.
Inserting iptables ...done.
Starting MoBlock ...done.
2007-12-17 08:57:33 PM PST End: /usr/bin/moblock-control restart
* Logging to /var/log/moblock.log
* Ranges loaded: 210844
* Using .dat file format
* Merged ranges: 0
* Skipped useless ranges: 0