WHITE_TCP_OUT=""

should be;

WHITE_TCP_OUT="80 443"

but it does not seem to work, port whitelisting seems to be broken. I wish moblock in the log displayed the port that an IP was blocked on.....

I'm a big time linux newb --- however I thought I'd share my experience with moblock on gutsy. The instant I installed the ipq package, i was blocked from grabbing the npq package --


it seems that the lists used over at bluetack use blanket-blocking.

or perhaps there are moles submitting ip ranges at bluetack to make the use of such blockers more troublesome than they should be

Anyone have a list that isn't so massive - perhaps anti-p2p folks are lurking on every possible server out there

viva la resistance!

Ron Paul for president!

I'm still having troubles surfing the net with Moblock on. Here are the the logs and conf. I am using Fiesty .8-39 of moblock.
First off, please post your settings and logs only in CODE tags, that makes reading your posts much easier!
moblock.conf and moblock-control.log look fine so far. Did everything work before the updates of last weekend?


I'm really confused about the reports that whitelisting does not work. I've already received reports saying that everything works.
So for people with problems: Please post "moblock-control status" and verify in /var/log/moblock.log that the IPs were really blocked by MoBlock. Finally always tell your moblock version.

@deviant420, can't be that you are blocked from installing moblock-nfq. Try again.
Have a look at /usr/share/doc/moblock-nfq/README.blocklists.gz to learn more about available blocklists. The level1 list is the most popular one. If You change blocklists remember to configure the right blocklist format, too.

I don't want to sound narcistic bui this could really solve the "whitelisting doesn't work" problem.

If you're behind a router and that one is blocked by moblock (or the blocklists) then whitelisting http is futile:

Victory! As mentioned before, I couldn't surf the web anymore after the latest update.

I had a look into the log file (/var/log/moblock.log) and realized that moblock now blocks my router.

Consig,hits: 10,SRC: 192.168.178.1

So I edited the config and uncommented the example to whitelist IPs:

sudo gedit /etc/moblock/moblock.conf


################################ Whitelist IPs ################################
...
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"

If you are still having problems with connecting to the internet, try the following in this order:


1. Whitelist your subnet (i.e. ignore blocklist for internal networking)

What is your IP address and corresponding subnet? Check using ifconfig. If your IP address is 192.168.1.118, then you want to whitelist everything on 192.168.1.0/24 in
/etc/moblock/moblock.conf

WHITE_IP_OUT="192.168.1.0/24"

Don't forget sudo moblock-control restart


2. If you still encounter issues, you may whitelist all http and https services (i.e. ignore blocklist for http and https)

WHITE_TCP_OUT="http https"

I found that WHITE_TCP_OUT="80 443 1000:1024" did not work for me.

Don't forget sudo moblock-control restart



Good luck. Let us know if this helps you (or hit the 'thanks' icon on the bottom right). Thx.

jre wrote:

Yay that solved everything.

$ apt-get --purge remove moblock-nfq ; remove alone keeps your configs, option purge will permanently delete every last file associated with moblock-nfq
$ apt-get install moblock-nfq
$ moblock-control update
$ moblock-control test

I had an issue with the upgrade, and fortunately running the above steps was able to resolve it.

However, (assuming some developers for moblock are reading this) since I run moblock on a headless system running this reinstall becomes a pain because it blocks communication with my local network. (Since I have to effectively blow away my configuration file) This forces me to haul out a monitor to plug into my system so I can log on locally and fix this issue.

A bit frustrating that this happens what seems to be every time an upgrade comes out.:confused:

I'm unsure what was so broken about 0.8-36, but 0.8-39 fixed all my problems! :)
Thanks!

I had an issue with the upgrade, and fortunately running the above steps was able to resolve it.

However, (assuming some developers for moblock are reading this) since I run moblock on a headless system running this reinstall becomes a pain because it blocks communication with my local network. (Since I have to effectively blow away my configuration file) This forces me to haul out a monitor to plug into my system so I can log on locally and fix this issue.

A bit frustrating that this happens what seems to be every time an upgrade comes out.:confused:

I'm the developer of the debian packages/moblock-control. So all changes (good and bad) in 0.8-xy are from me.
First, I try to change the conf files as seldom as possible. But if there is an improvement to be done or even an bug to be fixed (as in 0.8-33 - 0.8-39) then I think it's better to change it.

Second, if you install via SSH you already have a connection. Since MoBlock only blocks NEW connections this connection won't be blocked. So if you update and edit the moblock.conf during the same session everything should go well. (This is theory, I'm on an Desktop with Monitor)


I'm unsure what was so broken about 0.8-36, but 0.8-39 fixed all my problems! :)
Thanks!
/usr/share/doc/moblock-nfq/changelog.Debian.gz tells the story ;-)

greets
jre

I don't know if this has been covered before but I did search the forums and skim over some of the recent posts..... :(

I had a few problems getting firestarter to play nice with moblock.... so a little iptables work and.... i think its working now. Its my first post (yes im so n00b) and please be gentle :)

well i ran a
iptables -L INPUT
and saw that moblock was way at the bottom of the table. that didnt seem right so a few little commands to move things

# remove moblock_in jump from INPUT table
iptables -D INPUT -p all -m state --state NEW -j moblock_in

# add moblock_in jump from INPUT table
iptables -I INPUT -p all -m state --state NEW -j moblock_in

# remove moblock_in jump from OUTPUT table
iptables -D OUTPUT -p all -m state --state NEW -j moblock_out

# add moblock_in jump from OUTPUT table
iptables -I OUTPUT -p all -m state --state NEW -j moblock_out

# remove moblock_in jump from FORWARD table
iptables -D FORWARD -p all -m state --state NEW -j moblock_fw

# add moblock_in jump from FORWARD table
iptables -I FORWARD -p all -m state --state NEW -j moblock_fw

of course i have no idea if this has been covered... or if this really leaves firestarter fully functional at the same time. i did check to make sure that moblock was loggin hits by doing "tail -f /var/log/moblock.log"

Well its nap time. I hope this helps someone

I had a few problems getting firestarter to play nice with moblock.... so a little iptables work and.... i think its working now. Its my first post (yes im so n00b) and please be gentle :)

Please don´t be offended, but, lol, you did absolutely the wrong thing ;-)
What you did is good to get MoBlock working but you completely ruined firestarter. There´s no known way to use both of these programs (there´s only a solution for firehol and MoBlock known)
Let me explain: MoBlock 0.8 either ACCEPTs or DROPs packets. This means as soon as any traffic is sent to MoBlock it will leave iptables - it will not be checked by any following rule - and since you put MoBlock on the first place ... ;-)
This problem will be solved in MoBlock 0.9
greets
jre

I'm still unable to start or update moblock...I still get the following message:

E: /var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb: subprocess new pre-removal script returned error exit status 6

Help, please!

E: /var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb: subprocess new pre-removal script returned error exit status 6
Please post (if possible) the complete output of the moblock installation and your /var/log/moblock-control.log, please.
I guess you have the problem I first thought about in the previous cases: sometimes MoBlock simply fails to download the blocklists the first time which results in the exit code 6.
An "moblock-control update" should help then. Further I hope that you installed the new conf files when you were asked.

greets
jre

OK, I just fixed my problem.

What I did was purge Moblock-nfq from the computer, did the white listed the IP ports for internet, THEN finally fixed the white list IP's. It was blocking my router. To whitelist your router, go back to your moblock.conf file look for the WHITE_IP_OUT and copy your router IP address to allow communications with your router. Don't forget to do a moblock-control restart and reload.

Thx for the help guys, couldn't have done it without the forums =).

This is what I got when I tried to do the purge/reinstall suggested earlier:

Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Selecting previously deselected package moblock-nfq.
(Reading database ... 212246 files and directories currently installed.)
Preparing to replace moblock-nfq 0.8-32+feisty (using .../moblock-nfq_0.8-36+feisty_i386.deb) ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 6
dpkg - trying script from the new package instead ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock-nfq_0.8-36+feisty_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 6
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
/var/cache/apt/archives/moblock-nfq_0.8-36+feisty_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
dpkg: error processing moblock-nfq (--configure):
Package is in a very bad inconsistent state - you should
reinstall it before attempting configuration.
Errors were encountered while processing:
moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done

After reading that, I checked the sources.list file, and it was still set to pull from the moblock feisty repositories (since I'd upgraded through Ubuntu as opposed to a fresh install). Changed the sources.list file, ran apt-get update and tried the purge/install again, still gave me the same error message. See below:

Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://moblock-deb.sourceforge.net gutsy/main moblock-nfq 0.8-39+gutsy [43.6kB]
Fetched 43.6kB in 1s (36.5kB/s)
Selecting previously deselected package moblock-nfq.
(Reading database ... 212246 files and directories currently installed.)
Preparing to replace moblock-nfq 0.8-32+feisty (using .../moblock-nfq_0.8-39+gutsy_i386.deb) ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 6
dpkg - trying script from the new package instead ...
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 6
/usr/bin/moblock-control: line 92: [: too many arguments
* Error 6: Check your VERBOSITY settings in /etc/moblock/moblock.conf.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
/var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
dpkg: error processing moblock-nfq (--configure):
Package is in a very bad inconsistent state - you should
reinstall it before attempting configuration.
Errors were encountered while processing:
moblock-nfq
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Building tag database... Done

It gave the following message during both purges:

dpkg: error processing moblock-nfq (--purge):
Package is in a very bad inconsistent state - you should
reinstall it before attempting a removal.
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:

To be honest, I don't remember which option I chose when prompted regarding the conf files, since this has been ongoing for several weeks now. Any help that you could offer would be greatly appreciated. :)

Hi,

I'm having siilar problems as above. If i try and purge i get:

dpkg: error processing moblock-nfq (--purge):
Package is in a very bad inconsistent state - you should
reinstall it before attempting a removal.
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)


If i try to reinstall i get:

* MoBlock: /etc/moblock/moblock.conf not installed.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 6
dpkg - trying script from the new package instead ...
* MoBlock: /etc/moblock/moblock.conf not installed.
invoke-rc.d: initscript moblock-nfq, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock-nfq_0.8-39+feisty_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 6
* MoBlock: /etc/moblock/moblock.conf not installed.
invoke-rc.d: initscript moblock-nfq, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
/var/cache/apt/archives/moblock-nfq_0.8-39+feisty_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)


I'm unable to remove or reinstall through synaptic either. The problem also stops me from installing any other software. Everytime i try it seems that synaptic is trying to upgrade moblock which it has problems doing.

Any help would obviosuly be appreciated.

I just did a fresh Gutsy install and for some reason moblock is blocking everything. I have gotten http and https unblocked as it says in the how-to, but for some reason anything outside of that is being blocked. I can't get updates or use Synaptic at all while moblock is running.

How can I fix this? I never had this issue in Feisty and I never had it in Gutsy when I first started running it. It just seems to be an issue with this install.

Any help is greatly appreciated. I don't like running my box with no IP blocker. :D

OFFTOPIC:

I think that the owners of the Moblock project should talk to some forum admins and get a corner of their own such as one in the 3rd party sub-forums.

Then you should create something like 2 sub-sub-forums. One for dealing with problems that arises from upgrades. And another one for learning how to use the complicated functions inside the program.
It seems like the same kind of questions comes back again and again. The mixing of these 2 issues makes it difficult to read through 100 threads when searching for answers that have already been answered before.

That's my 2 cents.

I just did a fresh Gutsy install and for some reason moblock is blocking everything. I have gotten http and https unblocked as it says in the how-to, but for some reason anything outside of that is being blocked. I can't get updates or use Synaptic at all while moblock is running.

How can I fix this? I never had this issue in Feisty and I never had it in Gutsy when I first started running it. It just seems to be an issue with this install.

Any help is greatly appreciated. I don't like running my box with no IP blocker. :D

I have the same problem, i just installed gutsy - fresh install and moblock is blocking everything. Incidentially i have another gutsy install on my laptop and moblock is working just fine, so... i copied /etc/moblock onto my fresh install of gutsy. But to no avail, it still is blocking everything - (except google searches, can't click on results though). To make matters even more confusing both machines tell me moblock is version 0.8.

OK, fixed my problem. Didnt' whitelist my router, only the http ports. i whitelisted my router in the next section and all is well :)

I have the same problem, i just installed gutsy - fresh install and moblock is blocking everything. Incidentially i have another gutsy install on my laptop and moblock is working just fine, so... i copied /etc/moblock onto my fresh install of gutsy. But to no avail, it still is blocking everything - (except google searches, can't click on results though). To make matters even more confusing both machines tell me moblock is version 0.8.

OK, fixed my problem. Didnt' whitelist my router, only the http ports. i whitelisted my router in the next section and all is well :)

I had a similar situation, but whitelisting the router fixed it. Now I can finally have moblock running, woo!

@the_unexpected and darles: Your moblock.conf is broken (old version) or non existent. So manually install a new one from the current package:
mkdir /home/{YOURLOGIN}/moblock_0.8-39
dpkg -X /var/cache/apt/archives/moblock-nfq_0.8-39+gutsy_i386.deb /home/{YOURLOGIN}/moblock_0.8-39
sudo cp /home/{YOURLOGIN}/moblock_0.8-39/etc/moblock/moblock.conf /etc/moblock/moblock.conf

Darles, replace gutsy with feisty in the second line of the above code. Of course you both have to insert your real {YOURLOGIN}.

I just did a fresh Gutsy install and for some reason moblock is blocking everything. I have gotten http and https unblocked as it says in the how-to, but for some reason anything outside of that is being blocked. I can't get updates or use Synaptic at all while moblock is running.
So whitelisting http and https works? Then you can simply whitelist other protocols or IPs. Check the log (tail -f /var/log/moblock.log) to see what is blocked.
If you have more severe problems: Please post "moblock-control status", I guess you have installed additional firewall software (this will cause problems). Further you need to be more concrete what is not working (which IPs are blocked (see logfile)? On which ports (which application wanted to contact them? or use "whireshark" to analyze the traffic).


I think that the owners of the Moblock project should talk to some forum admins and get a corner of their own such as one in the 3rd party sub-forums.
Maybe a good idea but I guess people would still post here. So next to development I prefer to improve the HOWTO so that it is easier to point people there.

I just wanted to clarify how i whitelisted my LAN because i did it incorectly at first. Here is the way i got it to work.
WHITE_IP_OUT="192.168.1.0/24"
the "0" at the end of the ip being the key to my success. I acts as an all inclusive range for my LAN.

I then for the http ports did
WHITE_TCP_OUT="http https"

This gave me my web browsing capabilities but it leaves me insecure on ports 80 (http) & 443 (https) so when i use a p2p client such as azureus i tell it to ignore peers with those port numbers. moblock will take care of the rest.

:guitar:

How am I supposed to "properly" whitelist the stuff needed to let pidgin connect to MSN?

I know I can either whitelist the port or the IP(range) but cant I do a combination? Whitelisting the port seems kinda dumb because that would leave the port open for all IPs. And I dont necessarily want to whitelist all the microsoft IP-ranges and all ports either.

And I'm having some problems whitelisting IP-ranges, since I dont understand what the mask thing is...

So what exactly should I put to WHITE_IP_OUT= if I want to allow connections to the ip ranges 207.46.*.* and 64.4.*.*? MSN uses those IPs atleast and maybe some more... I cant find a complete list anywhere. I tried putting WHITE_IP_OUT="207.46.0.0/24" etc. but it still seems to block them. WHITE_IP_OUT="207.46.29.0/24" and such seem to work by allowing the range 207.46.29.* but how can I allow a larger range?

I know I can either whitelist the port or the IP(range) but cant I do a combination?
You have to use the custom iptables rules to do that. There's no short way for this, sorry.

And I'm having some problems whitelisting IP-ranges, since I dont understand what the mask thing is...
From `man iptables`:
"The mask can be either a network mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0."
16 is equivalent to 255.255.0.0 and
8 is equivalent to 255.0.0.0
This mask is [err, I can't really explain it] subtracted from the IP.
So you want:
WHITE_IP_OUT="207.46.0.0/16"

I just got web browsing to work by replacing the /24 I had with a /16.

I've started to package MoBlock 0.9 (Release Candidate 1). So here it is moblock (0.9~rc1-1), use it only if you really want to test it. I've renamed the nfq package and skipped the ipq version.
This version now allows to MARK packets instead of DROPping or ACCEPTing them.
I've also added a /etc/moblock/moblock.default configuration file to make future updates easier.
Warning: This version also logs accepted packages, so your logfile will grow faster than usual.

Please have a look at the Debian package changelog (http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/moblock/moblock-0.8/moblock-0.8/debian/changelog?view=markup) to get a complete list of the changes.

jre

forgive me for asking a simple question but, .. could you explain what it means to mark vs drop or accept?

forgive me for asking a simple question but, .. could you explain what it means to mark vs drop or accept?
It's the possibility to make many errors ;-)
With moblock 0.8 matched packets (ip in blocklist) were either ACCEPTED or DROPped. So as soon as they were checked by MoBlock they were no more checked by further iptables rules. This means you could not use MoBlock together with other firewalls (except firehol).
Now, you have the option to let MoBlock simply MARK the packets. They will then continue their voyage through later iptables rules, where you can put rules which only apply to the marked packets next to other firewall rules.
The combination of MoBlock with other firewalls is therefore possible now, but we first need some testers ;-)
Further (already done in the packet) OUTPUT matched packets can be rejected instead of being DROPped. So if YOU want to access an IP that is blocked by MoBlock your applications get notified immediately instead of having to wait until they timeout (I really like that.)

Have fun with testing. But remember not to use this blindly.
jre

from this i gather that the packets marked by moblock are ok unless otherwise determined by further firewall rules. is that correct? i don't use a sofware firewall so this has never been an issue for me (i use my router) except when i go on a trip. I then use firestarter which i think is just a front end to iptables. i'd be happy to do some testing but i'll need a little instruction on how to see if it's working. i would use moblock and firestarter. my router would of course still have a firewall and i need that running for all of my other computers. Let me know if i can be of any help to you. i would need to know what command to run to know if the proper ip's are being blocked though.

I'm having a different issue. Ever since upgrading to 0.8-36+gutsy I get this nasty error:
frank@ForGreatJustice:~$ *** stack smashing detected ***: /usr/bin/moblock terminated

Any ideas? :( Thanks in advance.

I had this same error. The problem for me was that I changed my .dat.gz list to plain .gz lists without changing BLOCKLIST_FORMAT="d" to BLOCKLIST_FORMAT="p" in /etc/moblock/moblock.conf :). Try changing that value and let us know if it resolves your problem. Also remember that you can't use both .dat.gz and .gz at the same time.

Alex Eagar

from this i gather that the packets marked by moblock are ok unless otherwise determined by further firewall rules. is that correct?
Yes
i don't use a sofware firewall so this has never been an issue for me (i use my router) except when i go on a trip. I then use firestarter which i think is just a front end to iptables.For me a software firewall and a frontend for iptables is the same.
i'd be happy to do some testing but i'll need a little instruction on how to see if it's working. i would use moblock and firestarter. my router would of course still have a firewall and i need that running for all of my other computers. Let me know if i can be of any help to you. i would need to know what command to run to know if the proper ip's are being blocked though.

Ok, install moblock 0.9~rc1-4 (just releasing while I type this).

First, make sure that moblock is started AFTER firestarter (/etc/rc2.d/SNNname: the NN of moblock has to be higher than that of firestarter [does Ubuntu still work this way!?])

Then check and post your iptables rules ("moblock-control status").

Do a "moblock-control test" and "tail -f /var/log/moblock.log". Note the "Marked block" entries in the logfile. Now make a "traceroute" for such an IP: the packet must not pass the first hop (otherwise it has left your machine).

So, this way you can make sure that the "Marked block" IP from the test really didn't leave your machine. But I can't tell you if this was MoBlock's achievement or firestarter's.
Anyway, I'd take this as "moblock is working" if the rest of the iptables rules make sense.

Now you have to check firestarter: Since you have a LAN with other machines, you can go to another machine and try to access your moblock machine with some ways you would want not to be able (access it on blocked ports).

Try it with two ways: First add a line to "/etc/moblock/ipfilter.dat" like 192.168.178.0 - 192.168.178.255 , 000 , Lan, with the IP range of your LAN (With I get ifconfig "inet addr:192.168.178.124", therefore this example entry). Do a "moblock-control reload" and test.

Then whitelist your LAN:
WHITE_IP_IN="192.168.178.0/24" Do a "moblock-control restart" and make the same tests again.

In both cases you should not be able to access your MoBlock machine. First time because of MoBlock and firestarter, second time only because of firestarter. A real port scanning would of course be a better test.

greets
jre

Hi, I'm running kubuntu gutsy and I have a problem with autostarting moblock....

even though it's set to 1 (autostart on boot) in the config file, it doesn't start and I have to do it manually.... it works just fine after that...


thanks for the help

Which package and version are you using?

Please post ls -l `sudo find /etc/ -name "*moblock*"`


Please verify that you have the MOBLOCK_INIT="1" entry only once in your moblock.conf (and moblock.default).


Note: I propose to use "moblock-nfq" currently. The "moblock" package contains newer code but is still in a testing stage.

Well... I just intalled the whole system like 3 days ago (and moblock along with it as per the instructions int he ubuntu howto) so I guess it's the latest version.


niksavel@sidious:~$ ls -l `sudo find /etc/ -name "*moblock*"`
[sudo] password for niksavel:
-rwxr-xr-x 1 root root 1777 2007-12-16 23:46 /etc/cron.daily/moblock-nfq
-rwxr-xr-x 1 root root 2661 2007-12-16 23:45 /etc/init.d/moblock-nfq
-rw-r--r-- 1 root root 366 2007-12-16 23:46 /etc/logrotate.d/moblock-nfq
-rw-r--r-- 1 root root 4787 2007-12-30 14:37 /etc/moblock/moblock.conf
-rw-r--r-- 1 root root 4773 2007-12-30 14:33 /etc/moblock/moblock.conf~
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc0.d/K20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc1.d/K20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc2.d/S20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc3.d/S20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc4.d/S20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc5.d/S20moblock-nfq -> ../init.d/moblock-nfq
lrwxrwxrwx 1 root root 21 2007-12-30 19:42 /etc/rc6.d/K20moblock-nfq -> ../init.d/moblock-nfq

/etc/moblock:
total 20299
-rw-r--r-- 1 root root 868 2007-12-16 23:45 blocklists.list
-rw-r--r-- 1 root root 10364174 2008-01-01 02:55 ipfilter.dat
-rw-r--r-- 1 root root 10364174 2007-12-31 07:38 ipfilter.dat.backup
-rwxr-xr-x 1 root root 565 2007-12-16 23:45 iptables-custom-insert.sh
-rwxr-xr-x 1 root root 564 2007-12-16 23:45 iptables-custom-remove.sh
-rw-r--r-- 1 root root 4787 2007-12-30 14:37 moblock.conf
-rw-r--r-- 1 root root 4773 2007-12-30 14:33 moblock.conf~
-rwxr-xr-x 1 root root 2647 2007-12-16 23:46 MoBlock-nfq.sh
niksavel@sidious:~$


this is my moblock.conf:

# moblock.conf - configuration file for moblock-control

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="d"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"

# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"

################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"
# Up to 15 ports can be specified. A port range (port:port) counts as two
# ports.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="80 443"
WHITE_UDP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
# WHITE_TCP_OUT="80 443 1000:1024"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This replaces the old (up to 0.8-32) IP_TCP_ and IP_UDP_ entries.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_IP_IN="192.168.2.0/24"
WHITE_IP_OUT="192.168.2.0/24"
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
# WHITE_IP_OUT="192.168.178.0/24"
WHITE_IP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".

# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0


I don't think I have a moblock.default...

Hmm, everything ok so far. Please post "/var/log/moblock-control.log", perhaps that's enlightening.
Sorry, but I have no idea what is wrong.

Well... I just intalled the whole system like 3 days ago (and moblock along with it as per the instructions int he ubuntu howto) so I guess it's the latest version.
dpkg --list moblock-nfq
But it should be ok.

I don't think I have a moblock.default...
Yes, I just added it for moblock (0.9~rc1).

jre

nothing interesting here I'm afraid :)


2008-01-02 07:36:07 AM CET Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating nipfilter.dat.gz * . No update available.
* Blocklists updated.
Building blocklist ...done.
Installing blocklist to /etc/moblock/ipfilter.dat ...done.
Reloading MoBlock ...done.
2008-01-02 07:36:22 AM CET End: /usr/bin/moblock-control update





iksavel@sidious:~$ dpkg --list moblock-nfq
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii moblock-nfq 0.8-39+gutsy An IP blocker for linux
niksavel@sidious:~$

Hi all,

I apologise if this has already been addressed in previous posts (I'd be surprised if it hasn't, but I can't find it).

Could someone explain the meaning on Blocked Out as opposed to Blocked In in terms of the results of tail - f /var/moblock/moblock.log.
And why perhaps whereas I've noticed other peoples log shows Blocked In but mine never does.

55049

Thanks in advance

Blocked out means it blocked something on your computer communicating with the world
Blocked In means it stopped some other computer communicating with you

At least, that is my understanding ..
Yahooadam

I dunno if anyone has posted on this thread about this before, but the website that serves the blocklists to MoBlock (bluetack.co.uk) are having some problems funding their servers.

Some of you may be interested in sending them a donation to help them out: http://www.bluetack.co.uk

Am I correct then that the reason I get no Blocked In results is that IP tables prevents any computer from connecting to me already.

As things stand with me getting no Blocked In results, am I safe using bittorrent.

Thanks,

Ryan

Am I correct then that the reason I get no Blocked In results is that IP tables prevents any computer from connecting to me already.

As things stand with me getting no Blocked In results, am I safe using bittorrent.
did you try
sudo moblock-control test

Yes, I tried the test and was informed that moblock was functioning accordingly.
However, I think that this only tests any outgoing transmissions that I make to a blocked address, not whether or not such a blocked address can connect to me.

Thanks anyway yahooadam, I appreciate your input.

Ryan

Hey friends! I'm having trouble doing anything with moblock. It worked so well before I tried to update it and now I can't update/remove/re-install or anything. I can't even install anything because moblock is seriously broken (in a bad state). I've searched and tried to find a solution but to no avail. I believe I've tried to force it to remove but nothing works. Does anyone have any suggestions. I've tried changing the repository between both feisty and gutsy. I'm still using Feisty. My installed version is .8-32 and it's trying to install 39. Thank you so much for your help!

When I try:
sudo apt-get purge moblock-nfq; sudo apt-get install moblock-nfq

I am asked to install some of those four files attached. But when I try to install them 3 of the 4 of them say that I already have newer versions. The third one: "libnfnetlink0_0.0.16_i386.deb" says that I have broken dependencies! AHHHH!

Is there a way to force a removal and re-install later the newer version? Does the gutsy one work with feisty?

When I try to install it at cmd line I get:
Package is in a very bad inconsistent state - you should
reinstall it before attempting a removal.

I found some help at:
http://ubuntu-utah.ubuntuforums.org/showthread.php?p=3999751
AND THAT DID IT!
My .conf file was messed up or non-existant. I used a backup and now it's working. Thanks for listening.

ive been trying to get it to work on my torrent server but it always blocks ssh and torrentflux, is there a way i can allow just http and ssh traffic but leave the old settings on the other ports, all i want to block is my torrent traffic thats it.

nothing interesting here I'm afraid :)
Yep, indeed boring ;-)
Have a look at older moblock-control.log files (they are rotated daily) and check if there's an entry for the failed starting.

Is the package "sysvinit" installed on your machine?


However, I think that this only tests any outgoing transmissions that I make to a blocked address, not whether or not such a blocked address can connect to me.
Correct (in fact it only checks "ping", nothing more!). I think there are no blocked IN because nobody wanted to connect to you. This might change when you start any p2p application.
To test it you'd have to try to connect from another machine to your machine after adding that other machines IP (in the correct syntax) to your blocklist.
Just to be sure: I hope you don't use any additional firewalls/iptbles rules, this would most probably cause troubles (except if you configured firehol correctly and/or are already using moblock 0.9rc1).

hawkeye, I answered in your other thread (http://ubuntuforums.org/showthread.php?p=4071458), please don't double post.

wow gui is out!! :)

I have just installed moblock 0.9~rc1-4 together with Firestarter on UBuntu 7.10

Here's the outcome of moblock-control status:




Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 400 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
350 28670 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT tcp -- * * 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x02
83 20540 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0
0 0 LSI udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- eth0 * 0.0.0.0/0 255.255.255.255
890 69746 DROP 0 -- * * 0.0.0.0/0 192.168.0.255
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI 0 -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
1637 1325K INBOUND 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 LSI udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'

Chain OUTPUT (policy DROP 3 packets, 234 bytes)
pkts bytes target prot opt in out source destination
5 400 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
1 84 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
280 21303 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT tcp -- * * 192.168.0.3 192.168.0.1 tcp dpt:53
99 6039 ACCEPT udp -- * * 192.168.0.3 192.168.0.1 udp dpt:53
0 0 DROP 0 -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
2555 242K OUTBOUND 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'

Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
1394 1303K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * * 4.79.142.202 0.0.0.0/0
0 0 ACCEPT 0 -- * * 72.14.207.99 0.0.0.0/0
0 0 ACCEPT 0 -- * * 64.233.187.99 0.0.0.0/0
0 0 ACCEPT 0 -- * * 64.233.167.99 0.0.0.0/0
243 21870 LSI 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination

Chain LSI (6 references)
pkts bytes target prot opt in out source destination
243 21870 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
243 21870 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
243 21870 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain LSO (8 references)
pkts bytes target prot opt in out source destination
16 704 LOG_FILTER 0 -- * * 0.0.0.0/0 0.0.0.0/0
16 704 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
16 704 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1193 140K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 264 LSO 0 -- * * 0.0.0.0/0 207.46.19.190
0 0 LSO 0 -- * * 0.0.0.0/0 207.46.19.254
0 0 LSO 0 -- * * 0.0.0.0/0 207.46.193.254
2 88 LSO 0 -- * * 0.0.0.0/0 207.46.192.254
0 0 LSO 0 -- * * 0.0.0.0/0 207.68.178.61
0 0 LSO 0 -- * * 0.0.0.0/0 76.74.24.143
0 0 LSO 0 -- * * 0.0.0.0/0 17.149.160.10
8 352 LSO 0 -- * * 0.0.0.0/0 17.251.200.32
1346 101K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x14
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x14
350 28670 RETURN 0 -- * * 192.168.0.0/24 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x14
264 20559 RETURN 0 -- * * 0.0.0.0/0 192.168.0.0/24
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
15 660 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
1 84 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 13540.

-----------------------------------------------------------------------------------------------------------------------------

I do not have a clue how to read this status output but I have done the following:

Started firestarter and added microsoft and Apple to the Firestarter blocking rules.

Tried to browse to MS and Apple but both were blocked by FS.

Started Mb and did a moblock-control test with the IP being blocked by Mb

Picked another IP out of the Ipfilter.dat list and Pinged this IP with the ping tool from networking tools. This IP was not blocked!

How do I know that everything is working fine when 1 IP is blocked and not the other?

To continue from my post above:

I have been following the moblock "story" for quite a while now and I know what pages too look at to find info. However, for a beginner this is becoming mission impossible. Going through 105 pages of info?

More questions I cannot find an answer for:

I also installed Mobloquer and under blocklists I can only find "nipfilter".
Is this correct?

What command can I use to ping an ip from terminal?


Note!! Testing Firestarter and Moblock is a real challenge since Fs is suffering from a well documented bug in Ubuntu 7.10. It just exites randomly, especially after opening up the GUI.

Picked another IP out of the Ipfilter.dat list and Pinged this IP with the ping tool from networking tools. This IP was not blocked!
Very short answer: on the first glance your iptable rules look good.
What's in moblock.log when you ping that IP?

I also installed Mobloquer and under blocklists I can only find "nipfilter".
Is this correct?

Hi, I'm the developer of mobloquer. This is probably correct. Right now only nipfilter.dat is used, due to a bug in moblock.

More information:
http://forums.phoenixlabs.org/showthread.php?t=15790
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=24

PS. You can post suggestions and bug reports for mobloquer here too.
PPS. Mobloquer does not work with moblock 0.9 yet.

I just learned a painful lesson, don't install this on a remote server via SSH!!!!

Now I have to squeeze my fat *** into the closet I have my server in to fix it - LOL

JRE; Nothing showed up in the log after pinging this IP.
I will continue experimenting with it.

JIMTB: Mobloquer seems to be working partly with Mb 0.9. I can start stop, reload and update Mb with it.

Keep up the good work !

will there even be an option to not log a certain ip but still block it?

reason is its blocking a dhcp server every 2-5 seconds and my log on conky is very hard to read.

@belgoflac,
the command is simply "ping". "traceroute" is a bit more informative because you see when a packet is lost.
There's no need to read the complete thread, most info in here is outdated given the age of this thead.
Just to make sure you use the correct command: use "tail -f /var/log/moblock.log" to follow the logfile life.
Having said all this, I have to say that it seems as if there is a bug. (It's already known that merging several blocklists has the result that not all IPs from merged ranges are really blocked. But as I understood it you are simply using bluetack's "nipfilter.dat" (see /etc/moblock/blocklists.list)). Therefore, please give me an example IP from the blocklist which isn't blocked. Please also make a backup of the blocklist - so that I can test it with your blocklist if I can't verify this with my current blocklist.

will there even be an option to not log a certain ip but still block it?

reason is its blocking a dhcp server every 2-5 seconds and my log on conky is very hard to read.
No, there's no such option.

Still testing! I have tried to add the level 1 blocklist form bluetack but I get an error saying the blocklist is not available?

jre: I have changed a few settings in the conf file and this resulted that all IP addresses in the nipfilter list now get blocked (good news).:):

I still can't seem to get it working. It blocks updates and everything.

Edit: I fixed it. I had to whitelist my IP out by using "192.168.1.0/24". That fixed it all. :)

Edit2: Ok now I have a new problem. I need to figure out how to not block traffic from/to my home network. I share a printer and files with other computers. Thanks.

Edit3: Fixed that, too. White_IP_In="192.168.1.0/24"

Still testing! I have tried to add the level 1 blocklist form bluetack but I get an error saying the blocklist is not available?
wget bluetack.co.uk/config/level1.gz
works here. Make sure that the update server is not blocked by moblock.
Remember that the level1 is in another format than the ipfilter.dat!
Further remember not to merge multiple blocklists because of the described bug.

Glad to here everything is working now.

Where can I download this? The one at SourceForge is no longer...

Where can I download this? The one at SourceForge is no longer...
moblock-deb.sourceforge.net still exists. If you already installed MoBlock then make sure that sourceforge isn't blocked.

jre: The problem is that nipfilter.dat is in .dat format and the bluetack list isn't.

Since you cannot mix lists of different formats I get an error.

Should I just get rid of the nipfilter.dat and use all the bluetack lists or should I just use the nipfilter list? I only use Moblock because I do not like the idea of anyone sneaking into my pc to see whats on my drives.

jre: The problem is that nipfilter.dat is in .dat format and the bluetack list isn't.

Since you cannot mix lists of different formats I get an error.

Should I just get rid of the nipfilter.dat and use all the bluetack lists or should I just use the nipfilter list? I only use Moblock because I do not like the idea of anyone sneaking into my pc to see whats on my drives.

Currently you should use only one blocklist because of this bug (https://sourceforge.net/tracker/index.php?func=detail&aid=1818886&group_id=162910&atid=825649) (Merging blocklists results in incomplete IP ranges)
Therefore I currently recommend the nipfilter.dat

Hi all,

I hit a little snag. Youtube is getting blocked by Moblock. I have added YouTube to the IP_REMOVE but that doesn.t do it.
I then tried to add the Youtube range to WHITE_IP_IN and OUT but I must be doing something wrong.

The manual is saying: Seperate several entries with whitespace (" "). I have tried many combo's but cannot unblock the Youtube range. I already got 1 IP (Router) in the WHITE_IP_IN and OUT and want to add the range of 64.15.112.0 - 64.15.127.255.

How would that entry look like together with my router IP? = 192.168.0.0/24

Hey,
I just installed moblock, but one question I have (being new to linux in general) is how do I know that the program is working? I know that you have to type:
sudo moblock- control start

in the terminal to the program working, and I did that as well as
sudo moblock -control status

I guess what I'm asking is how do you know when the program has blocked something? What about editing blocklists as well as updating blocklists? Thanks in advance for the help, I am knew to all this and am just trying to work it all out.

Hey,
I just installed moblock, but one question I have (being new to linux in general) is how do I know that the program is working? I know that you have to type:
sudo moblock- control start

in the terminal to the program working, and I did that as well as
sudo moblock -control status

I guess what I'm asking is how do you know when the program has blocked something? What about editing blocklists as well as updating blocklists? Thanks in advance for the help, I am knew to all this and am just trying to work it all out.

I like to have a terminal open and enter:
tail -f /var/log/moblock.log

It will then display anything it's blocked.

I believe you can also run a sudo moblock-control test ?

I like to have a terminal open and enter:
tail -f /var/log/moblock.log

It will then display anything it's blocked.

I believe you can also run a sudo moblock-control test ?

when I typed the second code I got pid file /var/run/moblock.pid exists. Not startingmatt@matt-laptop:~$


Also, to run moblock, do I need to keep the terminal open?

I don't believe you need to keep the terminal open to run moblock... And that other error? I would probably search this thread--that may have been addressed already?

I'll try and look through this thread for that error, but everything else seems to work fine. Thanks for the help. :)

The manual is saying: Seperate several entries with whitespace (" "). I have tried many combo's but cannot unblock the Youtube range. I already got 1 IP (Router) in the WHITE_IP_IN and OUT and want to add the range of 64.15.112.0 - 64.15.127.255.

How would that entry look like together with my router IP? = 192.168.0.0/24
I can't tell you the correct subnet for the range you requested (where from did you get that anyway?), but for the range 64.15.112.0-64.15.112.255 it would be:
WHITE_IP_OUT="192.168.0.0/24 64.15.112.0/24"


when I typed the second code I got pid file /var/run/moblock.pid exists. Not startingmatt@matt-laptop:~$


Also, to run moblock, do I need to keep the terminal open?

Was it really "moblock-control test"?! This can't be, did you edit the files or did you write "moblock-control start".
If it was really "test" then reinstall:
aptitude purge moblock
aptitude install moblock and tell us the results again.
For the rest wilberfan already said everything.

Was it really "moblock-control test"?! This can't be, did you edit the files or did you write "moblock-control start".
If it was really "test" then reinstall:
aptitude purge moblock
aptitude install moblock and tell us the results again.
For the rest wilberfan already said everything.

I tried the test and got this

Trying to ping 4.2.153.63 from /etc/moblock/ipfilter.dat ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* 4.2.153.63 did not answer.
*
* Maybe 4.2.153.63 is down/doesn't answer to pings
* or your firewall filtered the ping.

Not sure what that means exactly, but it doesn't seem good.

At least you get something that makes sense now ;-) But it's not good.
What does "moblock-control status" say?

At least you get something that makes sense now ;-) But it's not good.
What does "moblock-control status" say?

Okay, this is starting to get more frustrating than it should be. jre, I did what you suggested in a previous post, removing and reinstalling moblock. I only did that however, because this morning moblock was not functioning properly, while the day before it was working very well. I think the change is mostly due to the fact that I was adding different IP's to the whitelist, and trying to configure moblock to get the most out of it.

After reinstalling it, I did "sudo moblock control status" and got his loverly bit of info:

Current iptables rules (this may take awhile):

Chain INPUT (policy ACCEPT 93939 packets, 55M bytes)
pkts bytes target prot opt in out source destination
16 2985 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14

Chain OUTPUT (policy ACCEPT 60519 packets, 5506K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
16 2985 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Please check if the above printed iptables rules are correct!

* moblock is dead and /var/run/ pid file exists, pid is .
* Try "moblock-control stop". Otherwise kill all moblock processes,
* delete /var/run/moblock.pid and all iptables rules related to MoBlock.

Indeed, that's not looking good.
I had this problems only when I started/stopped/reinstalled MoBlock very often while testing a new release. So I hope everything is working normally again when you reboot.

Otherwise please tell me
- your distribution (feisty/gutsy/hardy? i386/amd64/... ?)
- the version of the package "moblock" and "lsb-base"
- once again the moblock.log and moblock-control.log
Do you have "mobloquer" installed?

I noticed something strange in your output: the script thinks that the pid (/var/run/moblock.pid) exists but can't find its contents. Please check if this file exists and what's written in it.
I have to check if there's a bug in the lsb init-functions or what went wrong.

Indeed, that's not looking good.
I had this problems only when I started/stopped/reinstalled MoBlock very often while testing a new release. So I hope everything is working normally again when you reboot.

Otherwise please tell me
- your distribution (feisty/gutsy/hardy? i386/amd64/... ?)
- the version of the package "moblock" and "lsb-base"
- once again the moblock.log and moblock-control.log
Do you have "mobloquer" installed?

I noticed something strange in your output: the script thinks that the pid (/var/run/moblock.pid) exists but can't find its contents. Please check if this file exists and what's written in it.
I have to check if there's a bug in the lsb init-functions or what went wrong.

I have gutsy, and I got moblock from the package manager, so it should be the most up to date, no? I do not, as far as I know, have mobloquer installed. Also, I could not find the file /var/run/moblock.pid,

What is lsb-base and how do I know if it's there?

I think that maybe the best thing to do might be a reinstall, and start with a clean slate. I know I can make it work as it did all of yesterday and the day before. I started having problems when I tried to add to the list of blocklists on /etc/moblock/blocklists.list, and perhaps in my editing of that file and the config file I did something that affected moblock.

lsb-base is also a package. It provides some functions moblock depends on.
You can get the versions with
dpkg -l moblock
dpkg -l lsb-base.

If you reinstall do the "purge" command as i wrote above. Otherwise you'll keep your config files and so probably the errors.

Because of a bug (unrelated to your current problems) I propose not to use multiple blocklists currently, see here: (https://sourceforge.net/tracker/?atid=825649&group_id=162910
and /usr/share/doc/moblock/BUGS.

greets
jre

lsb-base is also a package. It provides some functions moblock depends on.
You can get the versions with
dpkg -l moblock
dpkg -l lsb-base.

If you reinstall do the "purge" command as i wrote above. Otherwise you'll keep your config files and so probably the errors.

Because of a bug (unrelated to your current problems) I propose not to use multiple blocklists currently, see here: (https://sourceforge.net/tracker/?atid=825649&group_id=162910
and /usr/share/doc/moblock/BUGS.

greets
jre
You're gonna love this. MoBlock is working again. How? I honestly have no clue. The test showed that moblock is working fine. I'll take a look at lsb-base, and not use multiple blocklists, although I would in the future like to use them and optimize the whole experience. Thanks for the help, I'll be sure to keep you up to date if everything works out, or gets screwed up again.

Check this out an GUI for moblock! at last~~~~!!!:guitar:

http://mobloquer.foutrelis.com/

Check this out an GUI for moblock! at last~~~~!!!:guitar:

http://mobloquer.foutrelis.com/

Yes, and it's already packaged in the same repository like moblock ;-)

i was running some tests on moblock today. in order to get web access i have to whitelist my lan. some sites load but to load them properly i needed to whitelist http & https. the thing that confuses me is that when whitelisting http & https w/o my lan i could not load any web sites. why is it necessary that i whitelist my lan if my lan is not in my blocklist?

ran a test and this came up

Trying to ping 4.2.145.239 from /etc/moblock/ipfilter.dat ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* 4.2.145.239 did not answer.
*
* Maybe 4.2.145.239 is down/doesn't answer to pings
* or your firewall filtered the ping.

Not sure what to do in order to fix it...

try this and then run the test again.
sudo moblock-control restart

Hi.

I'm new. Here goes.

I used peerguardian on Windows, and recently made the switch to 7.10 when I put together a new 64 bit machine, which I'd been planning for ages. I was excited to see there was a PG alternative available on Linux, and I attempted to install it.

At first I tried to install from the repositories and couldn't find it. Eventually I figured out that the repositories don't have a prebuilt version of moblock available for 64 bit processors (huh?). I tried to install from the .deb package provided on the website and had no luck--it didn't appear to be running when I executed top, but it broke half the internet and I had to delete it manually, there was no way to uninstall it because it claimed it wasn't installed, but when I gutted the directories it was using my internet access fixed itself. Whatever. I've had dodgier things happen under Windows.

So I gave it up and figured I'd run without it (I'm not doing much file transfer right now). However, today I decided to try again. I tried to compile from source just now, based on the guide here:
https://help.ubuntu.com/community/MoBlock

I added the source gutsy repository and followed the steps in the script under "compile from source"
when I got to
/etc/moblock# sudo apt-get build-dep -y moblock

I get this error:

Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up moblock-nfq (0.8-39+gutsy) ...
Can't load configuration from /etc/moblock/moblock.conf, exiting.
dpkg: error processing moblock-nfq (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock-nfq
E: Sub-process /usr/bin/dpkg returned an error code (1)
E: Failed to process build dependencies

What am I doing wrong?

You're having the same problem as this guy: http://ubuntuforums.org/showthread.php?t=674929&highlight=moblock.conf+error
Follow my advice there to reinstall the manually deleted files.
Then do a "aptitude purge moblock-nfq" (or "aptitude purge moblock" if you installed version 0.9RC1)

Then try again.

BTW: Yesterday I added a amd64 version of moblock 0.8 to the moblock-deb repository. But I've no feedback of my tester yet. So without any guarantee: you might try your first step again (after cleanly uninstalling your old moblock mess ;-)

wonderful news about the 64 bit repo!
will u be keeping it as up to date as the 32 bit one or is it a bit more now and then ?

Cross-compiling seems to work!
wonderful news about the 64 bit repo!
will u be keeping it as up to date as the 32 bit one or is it a bit more now and then ?
I don't promise anything but I want to handle both the same way. Of course, if there are amd64 specific problems it might take longer or in the worst case I can't do anything. For example I can't build packages for hardy, yet.
I'll add moblock 0.9rc1 and mobloquer this evening/tomorrow. So the testing phase is officially open now! Please tell me if it's working with you (positives and negatives).

So the testing phase is officially open now! Please tell me if it's working with you (positives and negatives).
Done, now I'm waiting for your (all amd64 guys) feedback.

I just installed the 0.9rc1 and mobloquer from repository on my 64bit gutsy, copied the whitelists, updated and started
it worked for 2 seconds.. but then it just stopped
when I hit restart, mobloquer says everything is ok, up and running but after 2~3 seconds stops again every time
it looks like its blocking the IPs in the background tho (I have no idea how that works) what did I do wrong? :)

What stops? MoBlock the daemon or mobloquer the GUI? What exactly happens?

You can check the daemon status directly with "moblock-control status" in a terminal. With "tail -f /varlog/moblock.log" you can see live if anything is blocked (that's the same as in the mobloquer log window).

If you have problems with mobloquer you might start it from a terminal so that you eventually get error messages.

I installed Moblock but now it just starts then stops also ( I think it is running in the back ground) I cannot access the internet so I open up moblock GUI and is says it isn't running but if I push on the stop button I am able to access the internet again

is that famous bug still there or can either the rc or the other one merge multiple blocklists properly now ? if not, is it being worked on ?

hi,

i'd like to whitelist every port but port xyz. in other words, i'd just like to block (blacklist) one or two ports and leave the others unfiltered. is there an elegant way to do that?

situation: i just want moblock to filter traffic of a certain app (port)

problems:

- sometimes http is filtered, whitelisting like mentioned before doesn't always do the trick (http://ubuntuforums.org/showthread.php?p=3975393&highlight=moopoo#post3975393).

- i couldn't get samba shares to work with moblock

- games/apps use ip's that are blocked by moblock. worst case: the game/app locks up. getting the info, which ports are used and whitelisting 1-10 of them every time i install something like that can be a pain in the a**.

- there are ip filters plugins for some apps, but they are often not so good as moblock (ressources, stability)

less elegant solutions:

- whitelist selective ports - can be very strenuous

- turn off moblock every time i need to access samba

- turn off moblock i'd like to run a certain game/app

- whitelist every single port there is, except port 12345 WHITE_TCP_IN/OUT="0000:12344 12346:99999" <- not a good idea, is it?

desired solution:

- possibility to activate "blacklist-mode". whitelisting of ports is not nessecairy anymore

- instead, only desired ports are beeing blacklisted (filtered by moblock)

BLACK_WHATEVER_IN/OUT="12345 66666 11111"

----

what do you think?

yours,
moopoo

I installed Moblock but now it just starts then stops also ( I think it is running in the back ground) I cannot access the internet so I open up moblock GUI and is says it isn't running but if I push on the stop button I am able to access the internet again

Please check /var/log/moblock-control.log, /var/log/moblock.log and "moblock-control status" when you have the problems.
Which system are you running (ubuntu version, amd64 or i386)?
Which versions have you installed? ("dpkg -l mobloquer", ...)

is that famous bug still there or can either the rc or the other one merge multiple blocklists properly now ? if not, is it being worked on ?
The developer was looking into it in january, but I think he hasn't found a solution, yet.

i'd like to whitelist every port but port xyz. in other words, i'd just like to block (blacklist) one or two ports and leave the others unfiltered. is there an elegant way to do that?
You can do this with custom iptables rules. There's an option for that. Have a look at /etc/moblock/moblock.conf. Basically you only have to send traffic from that port on INPUT and/or OUTPUT to the iptables target NFQUEUE. Have a look at "man iptables" and /usr/bin/moblock-control to get an idea how to do that.
I think I don't like the idea of making this an direct option (see the discussions why per default EVERY traffic is filtered).

thank you. i'll give a try, when i find the time.

does anyone know if its possible to use a different url for moblock-nfq to fetch its blacklists from ? i just installed moblock-nfq and i get a error 171 no connection to bluetrack.co.uk

i'm also having issues allowing me to *try* connecting to websites. all websites are blocked including google and ubuntuforums.org by default. i do want some level of "Moblock-functionality" to my web browsing, however i cannot access any websites whatsoever no matter how trivial they are.

also oddly irc does work so there is some level of functionality when its enabled.

under "WHITELIST IPS" in moblock.conf i added my router to try and achieve some level of functionality. i am not sure if it helped or not. please advise. moblock.conf:

WHITE_IP_IN="192.168.1.1 "

i realize that these questions are most likely redundant. i tried reading this thread but it was so big that there was no way i could make it to page 110. google didn't help either.

would really love to get this working. also, i dont want to have to edit anything if possible like moblock.conf entries for forwarded ports on my static ip address. eg adding a line for every port/port range.

thank you very much.

Is it possible for Moblock to act like PeerGuardian for windows did?

PG didn't attempt to block specific ports (that I know of I guess) and only blocked bad IPs from a list.

nevermind Got it I guess . :P

hello moblockers-

I was directed to this thread from this one:

http://ubuntuforums.org/showthread.php?t=699280

anyway, long story short, the new moblock RC is causing all kinds of calamity. I'll help any way I can, however I fear my skills are limited to posting logs and scratching my head. (still learning!) :)

Same problem here I hope they get it resolved soon. I cannot even remove moblock via synaptic. I am thinking once I get it uninstalled I may quit using it all together. Moblock has been a huge pain to me. Seems like deluge with blocklist plugin is the way to go.

About the bug in 0.9~rc2-1 (I'm the developer): Sorry for any inconvenience.
I'm just releasing a fixed version.
You can also fix it maually:
Change the first line of /usr/bin/moblock-control to:
#!/bin/bash

This error only occured in Gutsy, where /bin/sh is not directing to bash. So it did not happen here (Debian lenny)
dynafish, I can't promise that this won't happen again. But since much of the development is done there's a big chance that this will not happen again. I'm thinking about making a seperate infrastructure for beta testers, but I doubt that I find the time for this. So, sorry, if you decide against moblock. The problems were all produced by me, not by the upstream author.

excellent that works perfectly now i have to go back to the Pheonix labs site and try to find my post lol

The fixed version is out (0.9~rc2-2)

BTW, the range merge bug is also fixed now! So this version uses multiple blocklists from bluetack.co.uk in peerguardian .p2p text format again. This means be careful with updating: accept all my changes to the conf files blocklists.list AND moblock.conf

thanks for the quick update, jre!

something I noticed-

when running "moblock-control test" I'm getting an error. here's the whole result:

Testing MoBlock:

CAUTION: This is just a simple test to check if MoBlock blocks outgoing
connections. For this, one IP from your blocklist will be pinged. This test does
not check if you have sane iptables rules or if your complete blocklist is in
the correct format. Therefore success doesn't imply that everything is working
as you expect it.

You are marking blocked packets. This means you have to make sure that the
marked packets are also blocked later. If you are using the default
configuration and no other firewalls this will be the case.

Also have a look at "moblock-control status" and test manually with traceroute.

Trying to ping 12.21.127..6 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* Some error occured with ping, no test result.

Could the problem be that extra point in the IP address? there's two dots before the six: "Trying to ping 12.21.127..6"

i decided to install 0.9-rc2-2 (amd64) and it was all a rather big mess and i was left without any connection, i guess eiter i did something wrong or its because its a beta. i got completely lost in the end. didnt really document what i did and id rather not try again until a final version is out and went back to my trusted old version. but nevermind that

in any case i have a question regarding the conf file, it confused me especially these parts:
# Configure what happens to matched packets (IP in list)
# 0 - DROP them (like in MoBlock 0.8)
# 1 - MARK and RETURN them (default)
REJECT="1"

# Set the corresponding MARK
REJECT_MARK="10"

# Configure what happens to the marked packets
# This section works only for IPTABLES_ACTIVATION="1"
# Valid values are all iptables targets. There's no check for sane values.
# INPUT packets are always drop'ped
REJECT_OUT="REJECT"
REJECT_FW="DROP"

i dont really understand how this works, can u shed some light on it? does moblock not reject the packages anymore but instead mark them and pass them on to iptables which then will block the connection? if so will it silently reject the package or send a message ?

would be very happy if u could explain this and give some examples perhaps

Trying to ping 12.21.127..6 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* Some error occured with ping, no test result.

Could the problem be that extra point in the IP address? there's two dots before the six: "Trying to ping 12.21.127..6"

I have the same problem. I didn't understand if moblock doens't work completely or it works but the error is only fot that ip.

Please someone could explain it?

Trying to ping 12.21.127..6 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* Some error occured with ping, no test result.

Could the problem be that extra point in the IP address? there's two dots before the six: "Trying to ping 12.21.127..6"

Yes, the ".." causes the problem. Generally nothing to worry, I think. AFAIK moblock loads only correct ranges.
Which blocklists are you using? I can't find that ".." here, also the test works fine here. I only have as 9th line:
Comment spammer:12.21.127.106-12.21.127.106
Could you please post the 10th line of /etc/moblock/guarding.p2p. I need to know if it's a problem of the blocklist or if my test function causes the ".."
Which Ubuntu version are you using?


i decided to install 0.9-rc2-2 (amd64) and it was all a rather big mess and i was left without any connection, i guess eiter i did something wrong or its because its a beta. i got completely lost in the end. didnt really document what i did and id rather not try again until a final version is out and went back to my trusted old version. but nevermind that
Hmm, I can only suggest to "purge" and install again.
If the problems persist I assume it's something with amd64.
There are no known problems (except those where something strange happens and nobody knows why :-/ ) with this version. I think MoBlock 0.9 will also be released quite soon officially. So if there stays something wrong we have to investigate it. For a start I'm interested in the output of "moblock-control status" and the logfiles.


in any case i have a question regarding the conf file, it confused me especially these parts:
# Configure what happens to matched packets (IP in list)
# 0 - DROP them (like in MoBlock 0.8)
# 1 - MARK and RETURN them (default)
REJECT="1"

# Set the corresponding MARK
REJECT_MARK="10"

# Configure what happens to the marked packets
# This section works only for IPTABLES_ACTIVATION="1"
# Valid values are all iptables targets. There's no check for sane values.
# INPUT packets are always drop'ped
REJECT_OUT="REJECT"
REJECT_FW="DROP"

i dont really understand how this works, can u shed some light on it? does moblock not reject the packages anymore but instead mark them and pass them on to iptables which then will block the connection? if so will it silently reject the package or send a message ?
In MoBlock 0.8 all packets which were sent to Moblock (via the iptables NFQUEUE target) were checked and then either accepted (without returning to the iptables chains) or dropped (of course also without returning).

With MoBlock 0.9 and my default configuration (note that I broke the configuration to have the same behaviour as in 0.8, but will soon fix that) the packets will be marked (this marking will be logged in /var/log/moblock.log). As an exception, incoming packets which match the blocklist will be dropped directly like in MoBlock 0.8.
The marked packets then repeat (return to the head of) the iptables chains (INPUT/OUTPUT/FORWARD):
"Marked accept" packets will not be sent to the moblock chains again - so other iptables rules/the iptables policy decide what happens to them.
Outgoing "Marked blocked" packets will be REJECTed by an seperate iptables rule.
Forwarded "Marked blocked" packets will be DROPped by an seperate iptables rules.

So yes, everything correct what you said. And it's only logged that the packets were marked, but not when they are really dropped (except matching incoming packets, which are always dropped directly and so are logged, see above).

It's quite easy to see that the REJECTED packets are really blocked, because the sending program gets an "Destination Port Unreachable" and so stops directly the connection attempts.

thanks for the explanation, i might give it another try soon.

does the moblock >mark >iptables >reject work whatever iptables config u got? or do u have to do something with iptables ?

I am using Ubuntu 7.10 gutsy gibbon; and I'm using the default "green checked" blocklists that show up in mobloquer after install. Here's the full list:

microsoft, ads-trackers-and-bad-pr0n, bogon, dshield, hijacked, iana-multicast, iana-private, iana-reserved, level 1, level 2, rangetest, spider, spyware, templist, and trojan.

here's the 10th line of my guarding.p2p:

Comment spammer:12.21.127.106-12.21.127.106

just so you know, jre: in mobloquer's log display it is showing blocked connections (incoming and outgoing), so moblock is apparently working just fine. it seems like the test function is all that's having a hiccup.

hope this helps! :)

Comment spammer:12.21.127.106-12.21.127.106

I have the same line!!! :(

Then if i try to "ping google.com" through the terminal the test fails, but if i stop moblock and then re-try the test is ok....

so moblock blocks also google?

i just tried again, several times actually. it just isnt working. firstly moblock wont run, i get no error msg when starting it but its not listed in any process list
secondly wile moblock is installed i have no network connection, i have to uninstall it then network works again

the only error message ive been able to see is when simply typing 'moblock' in a terminal i get:
error while loading shared libraries: libnetfilter_queue.so.1: cannot open shared object file: No such file or directory

tried uninstalling and reinstalling that file as well but to no avail.

i get no error messages during the install procedure...

this is for moblock_0.9~rc2-2+gutsy+amd64_amd64.deb

About the bug in 0.9~rc2-1 (I'm the developer): Sorry for any inconvenience.
I'm just releasing a fixed version.
You can also fix it maually:
Change the first line of /usr/bin/moblock-control to:
#!/bin/bash

This error only occured in Gutsy, where /bin/sh is not directing to bash. So it did not happen here (Debian lenny)
dynafish, I can't promise that this won't happen again.

Don't sweat it JRE and thanks for the quick reply and for developing moblock. I was just frustrated that day and maybe a bit over caffeinated. Will try the fix later today and likely keep using it if it works.

I too have had the same problems after reinstalling. Test fails and moblock blocks all http traffic. I just reinstalled mobloquer and checked the boxes off for http,https,pop,smtp,and imap so all functions should have returned as far as networking. I still wonder if moblock is actually working.

moblock status:


Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1386 486K moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
11 880 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- eth1 * 98.213.124.140 255.255.255.255
8 320 logaborted tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x04/0x04
6098 7452K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
16102 5632K nicfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0
16102 5632K srcfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
0 0 srcfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP 1 packets, 146 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
18 974 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
11 880 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
4986 325K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
298 16595 s1 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain f0to1 (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:6970:7170
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:6881:6889 state NEW
16093 5630K logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain f1to0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:6969 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:109 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:1723 state NEW
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:110 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:995 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:21 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:119 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:143 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6660:6669 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
26 1650 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
206 10712 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:80 state NEW
4 208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8080 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8008 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8000 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8888 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:587
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:123 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1755 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1755
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:554 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070 state NEW
11 572 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:443 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6881:6889 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:5999 dpt:37
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:37 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:993 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:25 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state NEW
9 1737 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
41 1640 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logaborted (1 references)
pkts bytes target prot opt in out source destination
8 320 logaborted2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '

Chain logaborted2 (1 references)
pkts bytes target prot opt in out source destination
8 320 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `ABORTED '
8 320 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain logdrop (4 references)
pkts bytes target prot opt in out source destination
9146 3205K logdrop2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
263 92782 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '
6997 2429K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop2 (1 references)
pkts bytes target prot opt in out source destination
9146 3205K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED '
9146 3205K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 logreject2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain logreject2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `REJECTED '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
1386 486K NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
15 780 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 194 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0

Chain nicfilt (1 references)
pkts bytes target prot opt in out source destination
16102 5632K RETURN 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain s0 (1 references)
pkts bytes target prot opt in out source destination
9 1092 f0to1 0 -- * * 0.0.0.0/0 98.213.124.140
16084 5629K f0to1 0 -- * * 0.0.0.0/0 255.255.255.255
0 0 f0to1 0 -- * * 0.0.0.0/0 127.0.0.1
9 1737 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain s1 (1 references)
pkts bytes target prot opt in out source destination
298 16595 f1to0 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain srcfilt (2 references)
pkts bytes target prot opt in out source destination
16102 5632K s0 0 -- * * 0.0.0.0/0 0.0.0.0/0

Please check if the above printed iptables rules are correct!

* moblock is running, pid is 9162.

just wanted to post that besides the "test", my moblock is working fine. here's what I did, maybe it has something to do with it:

edited moblock-control as per jre's instructions

completely removed moblock and mobloquer

updated my package list and installed moblock RC2-2

then I went into the config file, and changed the WHITE_TCP_OUT values from the text "http https" to the numbers "80 443" (i also added some other ports for IM networks so pidgin could connect)

after that, moblock seems to work as it always has, besides the "moblock-control test" function being broken.

thanks for the explanation, i might give it another try soon.

does the moblock >mark >iptables >reject work whatever iptables config u got? or do u have to do something with iptables ?
With Marking on MoBlock is working fine with other iptables rules/firewalls if the first lines in the chains INPUT/FORWARD/OUTPUT are like these.

Chain INPUT (policy ACCEPT 64214 packets, 85M bytes)
pkts bytes target prot opt in out source destination
1734 118K moblock_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
[Every following line is ok]

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
[Every following line is ok]

Chain OUTPUT (policy ACCEPT 42390 packets, 3454K bytes)
pkts bytes target prot opt in out source destination
34 2040 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
1221 86849 moblock_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
[Every following line is ok]

This will be the case when moblock is started after other iptables changes/firewalls. Of course the MOBLOCK... chains have to exist, too.

Now, what is needed is the running "moblock" process and a valid blocklist.

@jamesford:
Sorry, I've no answer (yet) for the
error while loading shared libraries: libnetfilter_queue.so.1: cannot open shared object file: No such file or directory
problem on amd64. It might be a problem with my cross-compiling - you might test building your own packages,


@garret: yes, per default moblock blocks also google.

jre
i compiled my own packages and now it works :) no more errors when typing 'moblock'
ive attached it in case u wanna compare it with ur own packages.

i dont know why theres a i386 in the name, it was autogenerated but i left it there. its a amd64 package

while ive got u here, what are the iana ranges ? are they needed ?

edit: i noteced the ranges loaded are identical to with 8.29...i thought there would be a few more with the bug supposedly fixed?

how do you stop/restart moblock? how do you make exceptions for port 80?

To start and stop and restart moblock enter these commands


sudo moblock-control start
sudo moblock-control stop
sudo moblock-control restart


respectively

while ive got u here, what are the iana ranges ? are they needed ?
Have a look at /usr/share/doc/moblock/README.blocklists.gz.
Basically they contain ranges which should not be assigned to publicly available computers - so you should not have contact with them. Most problems occurs with LAN ranges (LAN = not publicly available, so your router/LAN is in the IANA lists)

edit: i noteced the ranges loaded are identical to with 8.29...i thought there would be a few more with the bug supposedly fixed?
The number of ranges should be the same (as long as the lists are exactly the same). But the number of IPs contained in these ranges should be bigger.

I'll have to rework the amd64 setup - next week ... For then use your own packages, sorry!

ah ic, thanks

btw, any chance u could add an rss feed for the moblock-deb news?

Currently having this problem and not sure how to fix it:

CAUTION: This is just a simple test to check if MoBlock blocks outgoing
connections. For this, one IP from your blocklist will be pinged. This test doesnot check if you have sane iptables rules or if your complete blocklist is in
the correct format. Therefore success doesn't imply that everything is working
as you expect it.

You are marking blocked packets. This means you have to make sure that the
marked packets are also blocked later. If you are using the default
configuration and no other firewalls this will be the case.

Also have a look at "moblock-control status" and test manually with traceroute.

Trying to ping 12.21.127..6 from /etc/moblock/guarding.p2p ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* Some error occured with ping, no test result.

jamesford, there is one (i think) on the *project* page. Note that the NEWS on the project site and on the web sites are the same.

jackiethreehorn, this was discussed just some posts ago. Don't woryr, MoBlock is working. It's just a bug (!?) in the test function.

I removed the amd64 packages from the repository moblock-deb.sourceforge.net because they seem not to work. Now I'm trying to setup qemubuilder. No ETA, sorry. Just compile your own packages for the time being.

EDIT:WOOHOO! I got a blocked incoming, I guess all's well

Thanks for mobloquer, this is really wonderful.

I notice I'm not getting any incoming blocks, is this normal?

Thanks,

Ryan

Hi,
Can someone help me interpret these results? I run a test and get the following output

Trying to ping 4.2.145.239 from /etc/moblock/ipfilter.dat ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* 4.2.145.239 did not answer.
*
* Maybe 4.2.145.239 is down/doesn't answer to pings
* or your firewall filtered the ping.

Unfortunately the test is very vague and doesn't tell you if it is conclusive.
I am using gutsy. Until today I was using an old version from gutsy unstable repository which seemed to work fine. I am running Ipkungfu firewall if that makes any difference, but the results I get are identical with or without it. Also, it doesn't load at boot, even though the config says it should. Appreciate any help.

I decided to go with Ipblock, which seems to just work. It gets much less coverage than moblock for some reason. This might be useful to some of you having problems.

Hi,
Can someone help me interpret these results? I run a test and get the following output

Trying to ping 4.2.145.239 from /etc/moblock/ipfilter.dat ...
* MoBlock did not block the IP.
*
* If you just started/reloaded MoBlock wait until it loaded completely.
* This will be when /var/log/moblock.log shows the following line:
* NFQUEUE: binding to queue '0'
*
* 4.2.145.239 did not answer.
*
* Maybe 4.2.145.239 is down/doesn't answer to pings
* or your firewall filtered the ping.

Unfortunately the test is very vague and doesn't tell you if it is conclusive.
I am using gutsy. Until today I was using an old version from gutsy unstable repository which seemed to work fine. I am running Ipkungfu firewall if that makes any difference, but the results I get are identical with or without it. Also, it doesn't load at boot, even though the config says it should. Appreciate any help.

I assume you run moblock 0.9~rc2-2 (check "dpkg --list moblock")

The test is based on a "ping" and then checks if this IP appears in the logfile.
Nothing more!
Your result indicates that this IP did not appear in the logfile but also didn't answer to the ping.
Check your iptables rules (e.g. with "moblock-control status"). Your INPUT/OUTPUT chains should begin with something like this:
Chain INPUT (policy ACCEPT 14503 packets, 14M bytes)
pkts bytes target prot opt in out source destination
1589 107K moblock_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14

Chain OUTPUT (policy ACCEPT 13039 packets, 1137K bytes)
pkts bytes target prot opt in out source destination
61 3924 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
1110 79279 moblock_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14

A "ping 4.2.145.239" must not succeed. If it is MoBlock (and not some other firewall rule) that blocks the IP you will get a PING 4.2.145.239 (4.2.145.239) 56(84) bytes of data.
From 192.168.178.124 icmp_seq=1 Destination Port Unreachable

A "traceroute 4.2.145.239" must show that the packet is blocked at the first hop:
traceroute to 4.2.145.239 (4.2.145.239), 30 hops max, 40 byte packets
1 dream.local (192.168.178.124) 0.255 ms 0.066 ms 0.056 ms(no more output following!)

Thanks a lot for your response. It makes much more sense now. Yes, that was the version, but for some reason it just doesn't block the IP. I will have another play some other time, but in the short term I will use Ipblock as it is giving me exactly the result you describe when pinging. :)

Hi all,

Quick question about blocking http/https. I understand that some clients (such as bittorrent) use http/https for exchanges and that if http/https is unblocked in these cases that it nullifies the moblock protection (as I will then be seeding blindly).

I use the Deluge client and am wondering if I am safe to unblock outgoing http/https. I know that I can just add an ip through the logs (I have the mobloquer gui) when a site I want is blocked but this becomes a pain as most big sites have multiple ip's. I think that I have allowed about 15 from amazon so far and keep getting new ones!

Thanks in advance!

"Nullifies" is a bit too much, but yes, if another peer listens e.g. on port 80 (http) than whitelisting port 80 out will allow connections to this peer even if he's in the blocklist.

But you can whitelist complete ranges in /etc/default/moblock
This is an example to whitelist the range 192.168.178.1-192.168.178.255 next to other IPS:
WHITE_IP_OUT="some IPs that you've already whitelisted 192.168.178.0/24"

Thanks for getting back to me jre.

Is there a way to allow all IP's from a specific site? Amazon's ip's seem to be pretty broad, I am not sure if they could be included in a range and then defining that range for each site would be a pain.

You can use "IP_REMOVE" (for info have a look at /etc/moblock/moblock.conf. Then insert it to /etc/default/moblock) which allows to "grep" the blocklist for search terms and remove the corresponding lines.

E.g. IP_REMOVE="amazon"
Have a look at /var/log/moblock-control.log (after every reload/update) to see which lines were removed from the blocklist.

IP_REMOVE is case-insensitive.

i use azureus and have an option
Ignore peers with these data ports
i set it to ignore 80 & 443, does ingoring those peers then protect me from unwanted listeners?

I am running the latest Moblock and while the log says its blocking IPs, nmap is still able to reach these hosts. Any suggestions?

Just curious, is this still an actively supported program? Modblock that is...and are the instructions updated or do I need to go through all 113 pages?

Thanks!

MoBlock is still under active development.
As far as I know that the instructions on the first post are updated regularly by pelle.k.

:-)

They are indeed, even though the actual *howto* has been moved to the community wiki, so that everyone can contribute :)
I may not be very active in this thread any more, but i try to edit the first post when it is needed.

i use azureus and have an option
Ignore peers with these data ports
i set it to ignore 80 & 443, does ingoring those peers then protect me from unwanted listeners?
I think so, yes.

Just curious, is this still an actively supported program? Modblock that is...and are the instructions updated or do I need to go through all 113 pages?
Do NOT read all these pages. The last 10 might contain usefull information. Older things might be outdated and completely wrong with the current versions.

But still, the wiki (link on the first page) should also be updated more frequently, everybody feel free!

I am running the latest Moblock and while the log says its blocking IPs, nmap is still able to reach these hosts. Any suggestions?

What's your "latest" version? There's a 0.8 series and a 0.9 series! Please, always tell the version you get with "dpkg --list PACKAGENAME"
What are your iptables rules (e.g. with "moblock-control status").

Anyway what I get is:
$moblock-control test
[...]
Trying to ping 12.25.215.191 from /etc/moblock/guarding.p2p ...
MoBlock marked the IP to be blocked and the IP did not answer. Test succeeded.
good

$ traceroute 12.25.215.191
traceroute to 12.25.215.191 (12.25.215.191), 30 hops max, 40 byte packets
1 dream.local (192.168.178.124) 0.740 ms 3.090 ms 3.156 ms

good, packet stopped at first hop

$ ping -c1 12.25.215.191
PING 12.25.215.191 (12.25.215.191) 56(84) bytes of data.
From 192.168.178.124 icmp_seq=1 Destination Port Unreachable

--- 12.25.215.191 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

good, packet was immediately rejected (feature of moblock.0.9)

$nmap 12.25.215.191
Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-10 18:52 CET
All 1714 scanned ports on 12.25.215.191 are closed

Nmap done: 1 IP address (1 host up) scanned in 2.898 seconds


Is this what you get, too? Indeed this seems to indicate that nmap can connect to this IP. But:
- I'm not savvy enough to really interpret this result, but the "1 host up" even comes when i nmap 1.0.0.0
- Perhaps nmap is such a lowlevel tool that it circumvents iptables - while MoBlock depends on iptables rules. I object to this being a security flaw since AFAIK all Linux firewalls depend on iptables and AFAIK there is no way to get IN a system circumventing iptables.

Greets
jre

I think it would be a bad idea to whitelist all HTTP(S) traffic, but I would like my web browsers to be able to access the web without being filtered by Moblock. Does anyone have a recommendation of how to do this using FireHOL?
I'm investigating the PID and CMD commands but don't really know the proper syntax.
Thanks for any help you can give!

oh no, broken packages again if you kept your config files on update to moblock 0.9~rc2-4.
If you have problems sdd this to /etc/init.d/moblock after the line
CONTROL_CONF="/etc/moblock/moblock.conf"

# Set sane configuration defaults. They will be overwritten by
# the values in CONTROL_CONF and CONTROL_DEFAULT
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
DESC="MoBlock"
NAME="moblock"
LSB="/lib/lsb/init-functions"
MOBLOCK_INIT="1"
VERBOSITY="1"
CONTROL_DEFAULT="/etc/default/$NAME"
CONTROL_SCRIPT="/usr/bin/moblock-control"

Or reinstall and take all new (package maintainer's) config files.
sudo aptitude reinstall moblock

Hope (and think so) that helps.
Please give me feedback. I'll release a new version then tomorrow.

Greets
jre

EDIT: Done. Now the "Error 6, can't uninstall MoBlock" problems are also solved. This occured when people had deleted their moblock.conf. Now all necessary variables always have a sane fallback.

I think it would be a bad idea to whitelist all HTTP(S) traffic, but I would like my web browsers to be able to access the web without being filtered by Moblock. Does anyone have a recommendation of how to do this using FireHOL?
I'm investigating the PID and CMD commands but don't really know the proper syntax.
Thanks for any help you can give!

@peepingtom: I don't think that's possible. AFAIK there's no possibility to filter depending on the software with iptables - you can only choose by port. Have a look at "man iptables" or the netfilter homepage if you want to learn more.
But what you can do is to whitelist http(s) (port 80 and 443) and at the same time tell your other applications not to use/listen on these ports. Of course this is only possible if your other applications have this feature.

Unfortunately the filesharing programs in question don't allow blacklisting of certain ports (if anyone knows a script for this i'd appreciate the effort!). I would run this a a different user but there programs aren't daemons and I don't know how to run a GUI program as a different user and be able to use the interface in my X session.
Firehol seems to have functionality to make rules for specific programs, I'm asking for help on the FireHol support forum and progress can be followed here http://sourceforge.net/forum/forum.php?thread_id=1970089&forum_id=196547

With the following lines in my firehol.conf (in the appropriate order):

#Freeweb
server_freeweb_ports="tcp/80
client_freeweb_ports="any"

interface any world
client "freeweb" accept command firefox

I get:

ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_freeweb_c3 -p tcp --dport 80 -m owner --cmd-owner firefox -m state --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT : iptables: Invalid argument
^^An example, i've tried with other cmd names such as nautilus.

I fear that the "--cmd-owner" command is broken/deprecated somewhere, whether at a kernel level, in iptables/netfilter or even FireHol.

according to man iptables:
"--cmd-owner name
Matches if the packet was created by a process with the given
command name. (Please note: This option requires kernel support
that might not be available in official Linux kernel sources or
Debian’s packaged Linux kernel sources. And if support for this
option is available for the specific Linux kernel source ver‐
sion, that support might not be enabled in the current Linux
kernel binary.)
NOTE: pid, sid and command matching are broken on SMP"

I use a single, old Pentium 4, I hope this SMP warning doesn't apply to me! The warning about Debian is ominous, and I don't know how practical it is to use ubuntu with a custom kernel.

have you tried this? Thank, i edited to address this.
Sorry for hijacking this thread, this seems pertinent to Moblock users| I'll post again when i've investigated this further, I struggle with grep and sed but I read every new post in this thread.

With the following lines in my firehol.conf (in the appropriate order):

#Freeweb
server_freeweb_ports="tcp/80
client_freeweb_ports="any"

interface any world
client "freeweb" accept command firefox


Firefox-bin is the running process of firefox, so have you tried this?

#Freeweb
server_freeweb_ports="tcp/80
client_freeweb_ports="any"

interface any world
client "freeweb" accept command firefox-bin

please delete this ;)

im wondering if u can implenent some extra feature to make sure level1 is downloaded, it seems to fail 2 out of 3 times these days. ive noticed that if i delete the level1.gz from /var/spool/moblock and from /var/spool/moblock/used and rerun the update procedure it usually works, but usually not if i dont delete those files

maybe if level1 fails the updater could delete those files (maybe keep an emergency backup in a third dir just in case) and retry downloading those files that failed or something. and if that still doesent work then use the emergency backup?

also, on the same topic, if my level1 fails, what do i do if i only want to download level1.gz? i mean i could create a small bash script that wgets the file and puts it in /var/spool/moblock/ but what would the command be then to make moblock extract/merge the new level1 with all the existing blocklists already downloaded and restart moblock with the ip ranges in my newly downloaded level1 included?
maybe a command like "sudo moblock-control update level1" could work if this command did exactly the same as "sudo moblock-control update" except getting just level1 and ignoring the rest ?

@peepingtom: I didn't know this iptables option "cmd-owner" that firehol. Here, with Debian lenny (testing) the man page reads:
--cmd-owner name
Matches if the packet was created by a process with the given
command name. (this option is present only if iptables was com‐
piled under a kernel supporting this feature)

NOTE: pid, sid and command matching are broken on SMP
I can't tell you yet if it does work here.

im wondering if u can implenent some extra feature to make sure level1 is downloaded, it seems to fail 2 out of 3 times these days. ive noticed that if i delete the level1.gz from /var/spool/moblock and from /var/spool/moblock/used and rerun the update procedure it usually works, but usually not if i dont delete those files
If it really works if the level1 is not present then I assume it has something to do with the timestamping. So try to add a "notimestamp" in blocklists.list before the "level1" line.


maybe if level1 fails the updater could delete those files (maybe keep an emergency backup in a third dir just in case) and retry downloading those files that failed or something. and if that still doesent work then use the emergency backup?
The "emergency backup" is already in the "used" directory so I just implemented what you suggested (version moblock 0.9~rc2-9)

also, on the same topic, if my level1 fails, what do i do if i only want to download level1.gz? i mean i could create a small bash script that wgets the file and puts it in /var/spool/moblock/ but what would the command be then to make moblock extract/merge the new level1 with all the existing blocklists already downloaded and restart moblock with the ip ranges in my newly downloaded level1 included?
maybe a command like "sudo moblock-control update level1" could work if this command did exactly the same as "sudo moblock-control update" except getting just level1 and ignoring the rest ?
Save it to /var/spool/moblock/used, then issue "moblock-control reload". "rebuild" rebuilds the blocklist and reloads moblock if it is running.
Note that it is essential that the blocklist is contained in /etc/moblock/blocklists.list (as it is the case with the "level1.gz"). The lists in that file get extracted and cat'ted together to the master blocklist /etc/moblock/guarding.p2p. Just copying any blocklist to "used" will not work.

How to disable logging of moblock?

My log file is getting to big!

Thanks!

I create a deb file of MoBlock GUI, you can find it in my thread http://ubuntuforums.org/showthread.php?t=742538

How to disable logging of moblock?

My log file is getting to big!
Set in /etc/default/moblock:
DAEMON_LOG=""
I have never really used that but it should work.
"moblock-control test" will not work anymore with this setting.

But is the logfile really a problem for you? Currently the logfiles are rotated daily. This means that every day a new logfile is started, and the old one gets archived for a while. So you have:
moblock.log
moblock.log.1 (the log from yesterday)
moblock.log.2.gz (the log from 2 days ago, already gzip'ed)
...
moblockl.log.11.gz
After 12 days the logfiles are deleted.

I'm a bit of an Ubuntu newbie so please bear with me.

I've installed the 64 bt version of moblock 8.39 and it's blocking things fine. The only problem is it's blocking things that aren't actually in my blocklist(s).

This is my moblock.conf file:
# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="d"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="0"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="0"

# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"

################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"
# Up to 15 ports can be specified. A port range (port:port) counts as two
# ports.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_UDP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
# WHITE_TCP_OUT="80 443 1000:1024"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This replaces the old (up to 0.8-32) IP_TCP_ and IP_UDP_ entries.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_IP_IN="192.168.1.0/24"
WHITE_IP_OUT="192.168.1.0/242"
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
# WHITE_IP_OUT="192.168.178.0/24"
WHITE_IP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".

# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0

and this is my blocklists.list file:
# blocklists.list - lists the blocklists used by moblock-control

# Place one URL per line for every blocklist. Any line which starts with a #
# (hash) is a comment and is ignored. You have to do a "moblock-control update"
# after editing this file.

# All lists have to be in the same blocklist-format. This format has to be
# specified in moblock.conf.
# The name of the blocklist has to be the same as the basename of the URL, i.e.
# php redirects are not possible.

# If the remote server doesn´t support timestamping start the line with
# "notimestamp". Don´t abuse this. This is only necessary if the remote
# server doesn´t provide timestamping (Error 400).

# For local blocklists start the line with "locallist".
locallist /etc/moblock/list.txt

where /etc/moblock/list.txt is
ip:9.9.9.9-9.9.9.9

As you can see, I'm only bocking a single dummy ip address (for testing purposes). Unfortunately, when I try to access google I get the following errors in my log file:

Ranges loaded: 1
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Blocked OUT: @,hits: 1,DST: 66.102.9.147
Blocked OUT: @,hits: 2,DST: 66.102.9.147
Blocked OUT: @,hits: 3,DST: 66.102.9.147
Got SIGTERM! Dumping stats and exiting.

Could anyone please help to explain why '66.102.9.147' is getting blocked when the only ip address in my blocklist is '9.9.9.9'? (By the way, I've done all the requisite reloads and restarts. My ipfilter.dat file also only contain this single range).

I don't have any firewall installed atm and since I'm new to linux I have no idea what the following output means:
~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
moblock_in 0 -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
moblock_fw 0 -- anywhere anywhere state NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
moblock_out 0 -- anywhere anywhere state NEW

Chain moblock_fw (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_in (1 references)
target prot opt source destination
RETURN 0 -- 192.168.1.0/24 anywhere
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0

Chain moblock_out (1 references)
target prot opt source destination
RETURN 0 -- anywhere 192.168.1.0/24
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0


If any of that helps, I'd really appreciate someone telling me what's going wrong because I'm at my wit's end right now.

Thanks.

ip:9.9.9.9-9.9.9.9 is in the peerguardian .p2p text format. Therefore set
BLOCKLIST_FORMAT="p" in moblock.conf.

Just out of interest: where from did you get the amd64 package?

I'm installed MoBlock from source as per the instructions on its home page (http://moblock-deb.sourceforge.net/). Everything went fine (as far as I could tell), but when trying to update itself on first start, it said it could not download trojan.gz.

The moblock-control log showed the following:

2008-04-06 01:35:02 PM EDT Begin: moblock-control update
Updating blocklists ...
Updating ads-trackers-and-bad-pr0n.gz * . No update available.
Updating bogon.gz * . No update available.
Updating dshield.gz * . No update available.
Updating hijacked.gz * . No update available.
Updating iana-multicast.gz * . No update available.
Updating iana-private.gz * . No update available.
Updating iana-reserved.gz * . No update available.
Updating level1.gz * . No update available.
Updating level2.gz * . No update available.
Updating Microsoft.gz * . No update available.
Updating rangetest.gz * . No update available.
Updating spider.gz * . No update available.
Updating spyware.gz * . No update available.
Updating templist.gz * . No update available.
Updating trojan.gz * Error 6: www.bluetack.co.uk/config/trojan.gz not available. Aborting!

Any ideas. Can I get this file elsewhere?

Everything went fine (as far as I could tell), but when trying to update itself on first start, it said it could not download trojan.gz.


Bluetack does not maintain that blocklist any more and have removed it from their server.

I tried to get the lists from http://iblocklist.com/lists.php, but moblock can't parse the lists. How would I go about including these lists?

For now remove the trojan.gz entry from /etc/moblock/blocklists.list.

A new version which fixes that is soon coming.

I tried to install the new moblock, but it fails with a size mismatch in the update manager.

I tried to install the new moblock, but it fails with a size mismatch in the update manager.
Was it 0.9~rc2-8 or 0.9~rc2-10?
I had the problem myself with the -8 and therefore made a new upload.
So if you still have problems with -10 please tell me.

0.9~rc2-10
ive found a little problem
i added some ips to the local blocklist (locallist /etc/moblock/custom-blocklist.p2p) and changed the name of each entry to 'MOTEST999' so that it would be easy to recognize them in the log
what i get is a over 100 entries of
Skipping useless range: MOTEST999
i guess it could be duplicates..

several were also removed by my 'Remove lines from the blocklist' in moblock.conf

why are these skipped and why dont these manually added ips override the remove feature ?

imho either such a local list should be excepted from any removal rule or there should be a locallist_override_rules list of some sort so that im guaranteed that all entries in my local list are blocked

0.9~rc2-10
ive found a little problem
i added some ips to the local blocklist (locallist /etc/moblock/custom-blocklist.p2p) and changed the name of each entry to 'MOTEST999' so that it would be easy to recognize them in the log
what i get is a over 100 entries of
Skipping useless range: MOTEST999
i guess it could be duplicates..

several were also removed by my 'Remove lines from the blocklist' in moblock.conf

why are these skipped and why dont these manually added ips override the remove feature ?

imho either such a local list should be excepted from any removal rule or there should be a locallist_override_rules list of some sort so that im guaranteed that all entries in my local list are blocked
This is how in the packages the lsits are loaded:

1. First all lists from blocklists.list are downloaded, extracted and cat'ted together (including the locallists),

2. then the IP_REMOVE is done.

3. the resulting list is /etc/moblock/guarding.p2p (if you have peerguardian text format blocklists). This list is loaded by the MoBlock daemon which does the range merging and skipping.

ad 2.:
Do you really have entries there which also match your locallists? Can't you just choose some names in your locallist which are not matched by the IP_REMOVE?

ad 3.:
AFAIK skipping is done when a range with one single IP should be loaded which is already covered by a previous range.
I think that, if some of your ranges are skipped, then these ranges were already present in your downloaded blocklists.
Please test this:
- Try to ping IPs from the "Skipping useless range: MOTEST999" range.
- Then remove your locallist and reload MoBlock. Then try to ping these IPs again.
In both cases you should not be able to ping these IPs. Everything is working as I'd expect it and I see no need to fix anything.
If you can ping the IPs then you've found a bug in MoBlock - which I doubt to be so.

Hey jre. Long time no see.
I was thinking; i am finding myself further and further away from this thread, and i think that is sort of bad since this is where people go to fetch the newest reports etc. on what going on with moblock.
What about you creating a new thread, where you have the "first post", and i can link to that one from this thread, until this thread is transitioned away? Just an idea...

Oh, I'd like you to stay ;-)
Of course we might change locations. Is there a possibility to CLOSE threads here?
Thanks anyway for all your work.

Greetings!
jre

When you have the time, create a new thread/howto and let us know about it in this thread, and i'll update the first post accordingly, and contact a forum admin and have this thread locked.
I will of course help out when i can. I wouldn't want to miss out on the fun! :)

Hi,

I've added the MSN port to WHITE_TCP_OUT:
WHITE_TCP_OUT="80 443 1863"
But I still can't connect:
Fri Apr 18 08:34:39| Marked block OUT: Microsoft Corp,hits: 2,DST: 65.54.239.20
Fri Apr 18 08:35:37| Marked block OUT: Microsoft Corp,hits: 3,DST: 65.54.239.20
Fri Apr 18 08:37:31| Marked block OUT: Microsoft Corp,hits: 4,DST: 65.54.239.20
Fri Apr 18 08:41:20| Marked block OUT: Microsoft Corp,hits: 5,DST: 65.54.239.20
Any ideas? I'm using Hardy Heiron and Moblock 0.9~rc2-10+hardy+i386.

Greetings,
Pascal

Eh, are you sure you only need to whitelist *outgoing* connections?
Use
netstat --tcp --udp
to spy on your connections

You never said you have reloaded moblock, nor what configuration file you modified.
Be verbose about these things !

@lucien: You can also find the option to use the http method to connect in the IM client you're using. This way the only port you will have to have whitelisted is port 80.

:-)

On Hardy I have the moblock rep. in my apt sourcelist.

There is a moblock package that shows ups in the packages to be updated.

When I try to update it I get this error:
E: /var/cache/apt/archives/moblock_0.9~rc2-10+hardy+i386_i386.deb: subprocess new pre-removal script returned error exit status 3


When I try to update the package through synaptic I get this error (same one but with a longer debug output):

(Reading database ... 129517 files and directories currently installed.)
Preparing to replace moblock 0.9~rc2-7+hardy+i386 (using .../moblock_0.9~rc2-10+hardy+i386_i386.deb) ...
* Stopping MoBlock moblock
...fail!
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 3
dpkg - trying script from the new package instead ...
* Stopping MoBlock moblock
...fail!
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock_0.9~rc2-10+hardy+i386_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 3
* MoBlock is configured not to start automatically at boot time.
* To change this edit the MOBLOCK_INIT entry in /etc/moblock/moblock.conf.
* Also check /etc/default/moblock.
Errors were encountered while processing:
/var/cache/apt/archives/moblock_0.9~rc2-10+hardy+i386_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:




Is there a way to fix this problem.

Note I also have Mobloquer installed.

When i am running moblock i cannot view and files on my ftp server.
I have port 21 white listed in and out. I can log into the server which is more than i could do before port 21 was white listed. When i try to connect with gftp i recieve this error.

Cannot create a data connection: Connection refused

This was previously not a problem, i am using hardy. Does anyone have any ideas on how i can use ftp without completely stopping moblock?
Thanks in advance.

EDIT:
i took a look at my blocklist and it turns out godaddy's ip is in the list. godaddy is listed multiple times, once as godaddy inc (this is where my ip range is) and a few others as godaddy anti p2p. is it safe for me to remove godaddy inc from my blocklist or am i better off stopping moblock while i do my webmin-istration. Thanks for your input.

I have a server setup to be a router, using iptables rules for the firewall and NAT forwarding. Since moblock adds rules to iptables, what would be the best way to integrate my rules and moblock's rules? It didn't seem to be working for the NAT machines when I first tried it.

More troubleshooting on my part is still needed, but I'd like to know opinions on the best way of merging the rules.

im having a lot of troubles installing moblock in hardy (amd64) -0.9~rc2-10 compiled myself

during install i get messages like
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
* Some iptables rules could not be deleted. The most common reason for this is
* that they did not exist. If MoBlock was not running this is the correct
* behaviour. But if MoBlock was running there is some problem. Make sure that
* MoBlock inserts its iptables rules correctly and that other software, e.g.
* firewall applications, don't delete them. Make sure that MoBlock is started
* after other firewall applications.

but it eventually finishes but it only seems to block outbound connections
ive tried both with ufw enabled and disabled

any help on this ?

i tried updating moblock today and got this message:

Updating level1.gzrm: cannot remove `level1.gz': No such file or directory
* failed! Using old blocklist.

is this my problem, or is the update server just down?

EDIT: I fixed this by copying the level1.gz from /var/spool/moblock/used to /var/spool/moblock

Hi
I am having problems installing moblock, when i do sudo aptitude install moblock i get the following error.

Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Building tag database... Done
The following partially installed packages will be configured:
moblock
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information... Done
Setting up moblock (0.9~rc2-10+hardy+i386) ...
* Reloading MoBlock moblock failed. Trying an update instead, this may take several minutes.
You may do in another terminal a "tail -f /var/log/moblock-control.log"
to follow the update process. Pressing "control" + "c" stops this.
The lists are saved to /var/spool/moblock/.
* Updating blocklists and reloading MoBlock moblock failed.
No blocklist in /etc/moblock/guarding.p2p.
Try a "moblock-control update" to complete the installation.
dpkg: error processing moblock (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
Setting up moblock (0.9~rc2-10+hardy+i386) ...
* Reloading MoBlock moblock failed. Trying an update instead, this may take several minutes.
You may do in another terminal a "tail -f /var/log/moblock-control.log"
to follow the update process. Pressing "control" + "c" stops this.
The lists are saved to /var/spool/moblock/.
* Updating blocklists and reloading MoBlock moblock failed.
No blocklist in /etc/moblock/guarding.p2p.
Try a "moblock-control update" to complete the installation.
dpkg: error processing moblock (--configure):
subprocess post-installation script returned error exit status 6
Errors were encountered while processing:
moblock
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Building tag database... Done


any help would be greatly appreciated. Thanks

Hi. Really simple question but I couldn't find it in the FAQs...

How can I verify that updates are succeeding?

-MB

Hi. Really simple question but I couldn't find it in the FAQs...

How can I verify that updates are succeeding?

-MB

(*sigh) nevermind... it was right in front of me the whole time: /var/log/moblock-control.log ](*,)

I took a look at my blocklist and it turns out godaddy's ip is in the list. godaddy is listed multiple times, once as godaddy inc (this is where my ip range is) and a few others as godaddy anti p2p. is it safe for me to remove godaddy inc from my blocklist or am i better off stopping moblock while i do my webmin-istration. Thanks for your input.

You are probably better off stopping moblock + p2p apps when using your ftp app - there is no guarantee which IPs godaddy will use for anti-p2p stuff.

If godaddy inc is in the level2 blocklist it is safer to remove than if it is in the level1 blocklist (which you should never remove items from).

The blocklists come from bluetack.co.uk so they may be able to provide additional help.

Hi
I am having problems installing moblock, when i do sudo aptitude install moblock i get [an] error.

I got this problem but fixed it with some minor experimentation. I cant remember how I fixed it... >.<

Some suggestions:

1) Run aptitude, look at the moblock package and check that the packages that moblock depends-on/suggests are installed.

2) Purge moblock (sudo aptitude purge moblock) and then reinstall it.

3) Try running "sudo moblock-control update".

4) Try experimenting with mobloquer.

im having a lot of troubles installing moblock in hardy (amd64) -0.9~rc2-10 compiled myself. any help on this ?

Presumably you compiled it yourself because you require unusual settings. If not then I would definitely try the .deb package.

The firewall will definitely cause problems with moblock since they will fight for control over iptables.

You could try temporarily removing ufw (purge/delete it if possible - I don't know if it is 'fully' disabled when disabled - it may still interfere with iptables), starting/stopping moblock a couple of times (to make sure it really has overwritten your iptables file), and then look at the iptables file to see if it looks right - i.e. if it is set to deal with the inbound connections properly.

I have a server setup to be a router, using iptables rules for the firewall and NAT forwarding. Since moblock adds rules to iptables, what would be the best way to integrate my rules and moblock's rules?

Afaik, the best way to do it is by hand, i.e.: run moblock and copy the iptables file it creates to a temporary file somewhere. Then get your iptables file that you usually use and manually integrate the rules from the temp file into your usual iptables file.

When I try to update it I get this error:
E: /var/cache/apt/archives/moblock_0.9~rc2-10+hardy+i386_i386.deb: subprocess new pre-removal script returned error exit status 3


Is there a way to fix this problem.

Try:
sudo moblock-control stop
sudo aptitude update
sudo aptitude safe-upgrade (or sudo aptitude and find the package yourself)
sudo moblock-control start

quixotic-cynic, i compliled myself due to there not being any amd64 deb available. or is there?

Is there a webmin module available for moblock? If not, could someone point me to some basic documentation on creating webmin modules?

Ideally, I'd like the module to offer the following functionality:

1) Stop/start services
2) Allow user to add/remove whitelisted ports/IPs
3) Choose which lists to enable.
4) Pull up recent log entries.

Thanks,

MB

quixotic-cynic, i compliled myself due to there not being any amd64 deb available

Makes sense; to my knowledge only i386 is built due to who has what pc available.

Try:
sudo moblock-control stop


* Stopping MoBlock moblock [fail]

I got the above, I don't run moblock on start up ( and don't wish to).

When I tried
sudo /etc/init.d/moblock stop
I got
* Stopping MoBlock moblock [fail]

When I tried
sudo /etc/init.d/moblock start
I got
* MoBlock is configured not to start automatically at boot time.
* To change this edit the MOBLOCK_INIT entry in /etc/moblock/moblock.conf.
* Also check /etc/default/moblock.

Not sure if this meant it succeeded in starting.
It didn't because Mobloquer is reporting it couldn't start.

Interestingly I was able to start it through Mobloquer.

I will try uninstalling moblock and then reinstalling it.

When I tried to remove it I got this message:

Removing moblock ...
* Stopping MoBlock moblock [fail]
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: error processing moblock (--remove):
subprocess pre-removal script returned error exit status 3
* MoBlock is configured not to start automatically at boot time.
* To change this edit the MOBLOCK_INIT entry in /etc/moblock/moblock.conf.
* Also check /etc/default/moblock.
Errors were encountered while processing:
moblock
E: Sub-process /usr/bin/dpkg returned an error code (1)

Maybe I should booting into recovery mode and sudo apt-get remove moblock

* Stopping MoBlock moblock [fail]

I got the above, I don't run moblock on start up ( and don't wish to).

Ok, that was not clear to me. I thought the reason it might not be working is that it was unsuccessfully stopping moblock... but, if it's not running in the first place then I guess it's something else.

@pt123: your problem was fixed in moblock (0.9~rc2-4). Probably you kept your old /etc/init.d/moblock.
Anyway, set MOBLOCK_INIT="1", then updating will work. Make sure to install all new config files when you are asked by apt/synaptic/whatever. I recommend to make all configuration changes in /etc/default/moblock. After the update you can safely go back to MOBLOCK_INIT="0".

@emphtollow: I suggest to whitelist the specific IP of your FTP server with the WHITE_IP_OUT="" option. Have a look at /var/log/moblock.log to see which IP is blocked. You can also do this with a simple click in mobloquer.

@lucien:
Using the WHITE_IP_OUT="" option might also help you. So I fixed jabber here.

Is there a webmin module available for moblock?
No, I don't think so.

@jhezza: if you did not already quixotic-cynic's advice: do a "sudo moblock-control update" that should fix the package installation. Installation failed because somehow the blocklists could not be downloaded/installed. Have a look at /var/log/moblock-control.log to learn more about what went wrong.

@draggy: Sorry, no idea. All I can say is that with the MARKing feature (since moblock 0.9~rc2) it is easy to integrate MoBlock with firewalls. Simply start MoBlock after all other iptables insertions. but I don't know if there are specific things when using nat

im having a lot of troubles installing moblock in hardy (amd64) -0.9~rc2-10 compiled myself

during install i get messages like
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
* Some iptables rules could not be deleted. The most common reason for this is
* that they did not exist. If MoBlock was not running this is the correct
* behaviour. But if MoBlock was running there is some problem. Make sure that
* MoBlock inserts its iptables rules correctly and that other software, e.g.
* firewall applications, don't delete them. Make sure that MoBlock is started
* after other firewall applications.
Well, this is not a problem. This e.g. always comes if you stop an already stopped Moblock. Post your iptables rules and I might see if INCOMING traffic is checked. Note that other firewalls (I don't know ufw) might purge your moblock iptables rules, so make sure to (re-)start moblock after starting/stopping them.

quixotic-cynic, i compliled myself due to there not being any amd64 deb available. or is there?
Finally good news for you: I've got a new amd64 laptop ;-) So just wait some time ;-)

I want a deeper understanding of how Moblock works... is there any documentation (ERDs, flowcharts, etc) that show how the process works?

Btw, is moblock multi-threaded? I would assume so but thought I'd check anyway...

-MB

@pt123: your problem was fixed in moblock (0.9~rc2-4). Probably you kept your old /etc/init.d/moblock.
Anyway, set MOBLOCK_INIT="1", then updating will work. Make sure to install all new config files when you are asked by apt/synaptic/whatever. I recommend to make all configuration changes in /etc/default/moblock. After the update you can safely go back to MOBLOCK_INIT="0".

The files have it set to 1 in the /etc/init.d/moblock file and in /etc/moblock/moblock.conf. I have not touched either of them.

Which one takes priority. :confused:

I want a deeper understanding of how Moblock works... is there any documentation (ERDs, flowcharts, etc) that show how the process works?
Documentation is in /usr/share/doc/moblock/
Also have a look at the homepages moblock.berlios.de and moblock-deb.sf.net.
There are no graphics etc., yet. But I might do one once to explain the iptables rules.
Ask when you have questions.

Btw, is moblock multi-threaded? I would assume so but thought I'd check anyway...

No idea, I'm not a programmer. Mobloquer 0.5 is.


The files have it set to 1 in the /etc/init.d/moblock file and in /etc/moblock/moblock.conf. I have not touched either of them.

Which one takes priority. :confused:

They are loaded in the following order, so the last overwrites previous ones:
/etc/init.d/moblock
/etc/moblock/moblock.conf
/etc/default/moblock

Hello

I tried to install MoBlock 0.9 (Latest version of the Ubuntu Gutsy repository). From what I read in this thread it should work with Firestarter.

I have a LAN and the computers access the internet through the gateway that is running MoBlock. I White-listed the ports and the ip range of the LAN as suggested in these posts and configuration documentation. Masquerading and DHCP is activated by Firestarter running in the same gateway cmputer.

Now, when I activte Firestarter first (MoBlock off) the LAN computers are able to browse the internet. As soon as I activate MoBlock all internet access stops for the LAN computers, but not for the gateway that still can see the internet.

Help please. How can I restore internet access to the LAN computers with MoBlock on ????!!!! This should not be the nightmare it looks like, since this setup should be fairly common.

Cheers

AP

Hello,

I'm trying to build moblock myself on Hardy 64-bit and I get the following error message, I hope someone can help me out,


bboxone@bboxone:~$ mkdir moblock
bboxone@bboxone:~$ cd moblock/
bboxone@bboxone:~/moblock$ sudo apt-get build-dep moblock
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
bboxone@bboxone:~/moblock$ sudo apt-get source moblock
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'moblock' packaging is maintained in the 'Svn' version control system at:
https://moblock-deb.svn.sourceforge.net/svnroot/moblock-deb/moblock/
Need to get 63.1kB of source archives.
Get:1 http://moblock-deb.sourceforge.net hardy/main moblock 0.9~rc2-10+hardy+i386 (dsc) [889B]
Get:2 http://moblock-deb.sourceforge.net hardy/main moblock 0.9~rc2-10+hardy+i386 (tar) [21.8kB]
Get:3 http://moblock-deb.sourceforge.net hardy/main moblock 0.9~rc2-10+hardy+i386 (diff) [40.4kB]
Fetched 63.1kB in 2s (27.8kB/s)
dpkg-source: extracting moblock in moblock-0.9~rc2
dpkg-source: unpacking moblock_0.9~rc2.orig.tar.gz
dpkg-source: applying ./moblock_0.9~rc2-10+hardy+i386.diff.gz
bboxone@bboxone:~/moblock$ cd moblock-0.9~rc2/
bboxone@bboxone:~/moblock/moblock-0.9~rc2$ sudo dpkg-buildpackage -rfakeroot
dpkg-buildpackage: warning: using a gain-root-command while being root
dpkg-buildpackage: set CPPFLAGS to default value:
dpkg-buildpackage: set CFLAGS to default value: -g -O2
dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: set FFLAGS to default value: -g -O2
dpkg-buildpackage: set LDFLAGS to default value: -Wl,-Bsymbolic-functions
dpkg-buildpackage: source package moblock
dpkg-buildpackage: source version 0.9~rc2-10+hardy+i386
dpkg-buildpackage: source changed by jre <jre-phoenix@users.sourceforge.net>
dpkg-buildpackage: host architecture amd64
fakeroot debian/rules clean
Can't exec "fakeroot": No such file or directory at /usr/bin/dpkg-buildpackage line 477.
dpkg-buildpackage: failure: fakeroot debian/rules clean failed with unknown exit code -1
bboxone@bboxone:~/moblock/moblock-0.9~rc2$


R.

Some more questions:

- What's the size threshold for logs (moblock.log moblock-control.log) to roll over? Is that definable? If so, where can I modify this?

Could I get clarification on how blocklist data is handled? Its my understanding that after the various blocklists are downloaded, moblock sifts through the data for duplicates and then stores the ranges... where? In a flat file? In memory?

Thanks,

MB

They are loaded in the following order, so the last overwrites previous ones:
/etc/init.d/moblock
/etc/moblock/moblock.conf
/etc/default/moblock

Thanks that solved the issue. What's the deal with 3 conf files?

Thanks that solved the issue. What's the deal with 3 conf files?

I second this. :)

Why are there three configuration files and which one should we be modifying?

-MB

i give up trying to instal moblock, i use this one instead

https://sourceforge.net/project/showfiles.php?group_id=198679

im using 8.04 so i just d/l the deb file and let it install restarted pc, it did the updates and im off and running.piece of cake

Hello,

I'm trying to build moblock myself on Hardy 64-bit and I get the following error message, I hope someone can help me out,

fakeroot debian/rules clean
Can't exec "fakeroot": No such file or directory at /usr/bin/dpkg-buildpackage line 477.
dpkg-buildpackage: failure: fakeroot debian/rules clean failed with unknown exit code -1
bboxone@bboxone:~/moblock/moblock-0.9~rc2$


R.
Install the package "fakeroot"



- What's the size threshold for logs (moblock.log moblock-control.log) to roll over? Is that definable? If so, where can I modify this?
It's done by "logrotate". But not after size just in daily interrvals. Configuration is done in /etc/logrotate.d/. Have a look at the logrotate documentation to learn if it is possible to consider file size.

Could I get clarification on how blocklist data is handled? Its my understanding that after the various blocklists are downloaded, moblock sifts through the data for duplicates and then stores the ranges... where? In a flat file? In memory?
The lists are downloaded to /var/spool/moblock/.
If the download succeeded they are copied to /var/spool/moblock/used
Then these lists are unpacked and cat'ted together to one list.
Optional: If you use the configuration "IP_REMOVE" now some lines are grep'ped out.
The resulting list is copied to /etc/moblock/guarding.p2p (in case you are using the peerguardian v2 text format blocklists (current default)).
Until now that was all done by the bash script moblock-control. Note that this master blocklist contains duplicates.
If you now start the moblock daemon this file gets loaded. During this loading ranges get merged and duplicates get sorted out. For more details you have to take a look on the source code or ask the upstream author Morpheus (moblock.berlios.de).
Short answer: file on harddisk does contain duplicates, ranges in memory are already merged.

Thanks that solved the issue. What's the deal with 3 conf files?

/etc/init.d/moblock: This is more a script then a conf file. Normally users should not edit it. It's only a conf file from the technical side (Debian packaging). I added every conf variable there, too, because some users deleted their real conf files which resulted in broken packages.

documentation file

/etc/default/moblock: Here you can insert all your configuration. Yes, short answer: Use this file! I added this file because the big moblock.conf does change frequently. Now if you did edit moblock.conf and make a package update your packaging software (aptitude/synaptic/...) will ask you whether you want to keep your changes or install the new version. The best to do would be to take the new version (e.g. bringing in new features) and to integrate your own changes to this new file. Unfortunately this is time consuming.
Therefore many users just kept their old moblock.conf.
This is the second reason why I had to make default entries in every script (init.d and moblock-control, see above).
Further to make automatic package updates easier I added the /etc/default/moblock file which does allow to keep user changes seperate from the main configuration bulk. Since the /etc/default/moblock file never gets changed in the packages (it only contains a short explanation) you will never be asked if you want to keep your changes or install my new version.

Greets
jre - who is astonished why he did write so much. Everybody feel free to add this stuff to the wiki (see post #1 in this thread).

Now, when I activte Firestarter first (MoBlock off) the LAN computers are able to browse the internet. As soon as I activate MoBlock all internet access stops for the LAN computers, but not for the gateway that still can see the internet.

Help please. How can I restore internet access to the LAN computers with MoBlock on ????!!!! This should not be the nightmare it looks like, since this setup should be fairly common.

Cheers

AP

When you do the whitelisting also edit the _FORWARD entries (not only _IN and _OUT)

You are probably better off stopping moblock + p2p apps when using your ftp app - there is no guarantee which IPs godaddy will use for anti-p2p stuff.

If godaddy inc is in the level2 blocklist it is safer to remove than if it is in the level1 blocklist (which you should never remove items from).

The blocklists come from bluetack.co.uk so they may be able to provide additional help.

Thanks for the input, since i don't like removing ip's from blocklists i'll do just that and stop all p2p apps when utilizing ftp.

When you do the whitelisting also edit the _FORWARD entries (not only _IN and _OUT)
Thanks. It solved the problem

AP

When you do the whitelisting also edit the _FORWARD entries (not only _IN and _OUT)


Thanks. It solved the problem

AP

i have recenly started using gmail's imap server. moblock is blocking the signal to retrieve my message to view because moblock is blocking it. according to this page http://mail.google.com/support/bin/answer.py?answer=78799&topic=&useful=1&expand_useful=1&#helpful, the ports that is uses are 993 465 587 ... i have whitelisted these in udp, tcp, in, out and _forward. moblock is still blocking the ip. i don't want to remove the ip from being blocked, i would just like moblock to allow requests from and to these ports. How do i do that?? One other thing, it's worth mentioning that evolution does not hang when i send and recieve. I just cannot view my messages when i click on them. Thanks

I've solved my own problem. the /etc/default/moblock file was overwriting the /etc/moblock/moblock.conf file thus making my changes invalid. I believe this was caused by using the mobloquer gui tool. I believe the file was created by that program. Perhaps i'll just use the moblock-control utility, i've grown acustom to it anyway because there was no gui for so long.

What about you creating a new thread, where you have the "first post", and i can link to that one from this thread, until this thread is transitioned away? Just an idea...
Finally done. You can find the new "General MoBlock thread" in the Networking & Wireless section, or just click here: http://ubuntuforums.org/showthread.php?p=5016102
I placed the thread there because it is not really an HOWTO any more as your thread originally was.

Thanks for all your work, feel free to step by any time.

Greetings!
jre

Thread closed and moved to Outdated Tutorials and Tips at the request of the OPer. :)