Re: General MoBlock thread
Also, this just doesn't seem right, but I could be wrong:
Code:
<stop moblock>
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
<start moblock>
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
blockcontrol_in all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain FORWARD (policy ACCEPT)
target prot opt source destination
blockcontrol_fw all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
blockcontrol_out all -- 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain blockcontrol_fw (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa
RETURN all -- 0.0.0.0/0 10.11.12.254
RETURN all -- 10.11.12.0/24 10.11.12.0/24
NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain blockcontrol_in (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 10.11.12.0/24 0.0.0.0/0
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain blockcontrol_out (1 references)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 10.11.12.254
RETURN all -- 0.0.0.0/0 10.11.12.0/24
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
NFQUEUE all -- 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
why is the 'reject' line in there with a 0/0 destination? doesn't iptables get populated with every subnet from all of the block lists, or am I not comprehending what moblock does?
****
EDIT
****
I disabled the following lists and everything appears to be working ok now:
atma/atma
bluetack/bogon
tbg/bogon
i'm not sure what these lists are supposed to do, but they seem to be messing everything up.
Re: General MoBlock thread
Indeed your "search" results don't explain the problem. But it may be a bigger range not matching your search pattern, in the worst case indeed even a 0.0.0.0-255.255.255.255. We'll try to add a real search function to pgld.
But it seems you found the solution on your own.
atma description:
Quote:
Originally Posted by http://www.iblocklist.com/list.php?list=ewqglwibdgjttwttrinl
Attackers who try to spy or remotely control others' computers by means such Microsoft remote terminal, SSH, Telnet or shared desktops.
Threats for email servers or users: spiders/bots, account hijacking, etc.
Sites spreading virus, trojans, spyware, etc. or just being used by them to let their authors know that a new computer has been infected.
Threats for servers: exploits, fake identities/agents, DDoS attackers, etc.
Port scans, which are the first step towards more dangerous actions.
Malicious P2P sharers or bad peers who spread malware, inject bad traffic or share fake archives.
TBGs bogon explanation (bluetack is very similar):
Quote:
Originally Posted by http://www.iblocklist.com/list.php?list=tzmtqbbsgbtfxainogvm
This list contains ranges from which no traffic should be appearing on the internet. These ranges are either for internal use of some sort or are address space not currently in use.
For the REJECT line: this is correct, because it also contains the "mark match 0xa". This means that it is applied to all packets that where marked by moblock to be blocked. This is essential!
Re: General MoBlock thread
Hey Jre I got in trouble.
I was in Ubuntu and I did a bit of a cleanup using the standardly avalilable "Computer Janitor" ubuntu application and lo and be hold it turned out that moblock was in there. Not sure how it ended up there all of a sudden (I've been using both for the last few years without a hitch) but anyway now I'm without Moblock on my pc.
I went to your website (http://moblock-deb.sourceforge.net/) to reinstall it but it failed. I put this in
Code:
deb http://archive.ubuntu.com lucid main universe
It gets rejected :-(
Re: General MoBlock thread
Code:
Failed to fetch http://archive.ubuntu.com/dists/lucid/main/binary-i386/Packages.gz 404 Not Found [IP: 91.189.88.45 80]
Failed to fetch http://archive.ubuntu.com/dists/lucid/universe/binary-i386/Packages.gz 404 Not Found [IP: 91.189.88.45 80]
Some index files failed to download, they have been ignored, or old ones used instead.
Re: General MoBlock thread
In most cases you are already fine with
Code:
sudo add-apt-repository ppa:jre-phoenix/ppa
This will get you this sources.list entry:
Code:
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu lucid main
The line that you entered is only needed if your package manager complains about missing dependencies (libnetfilter-queue and libnfnetlink). But here you are right, I forgot /ubuntu in the instructions, so you'd need
Code:
deb http://archive.ubuntu.com/ubuntu YOURDIST main universe
But I guess this is already part of your system.
Re: General MoBlock thread
Thanks jr!
Installed.
But I've one more question: when I reinstalled moblock a blue background colored setup-menu appeared within the terminal and I took the steps and installed the thing.
Now my question is: is it possible to reactivate that menu now (after install and while moblock is activated)?
Re: General MoBlock thread
Yes, just run
Code:
sudo dpkg-reconfigure blockcontrol
Re: General MoBlock thread
PeerGuardian Linux 2.1.0 - The GUI release!
Today we proudly present to you: pgl 2.1.0, including the long-anticipated pgl-gui. Try it, test it, report back. If you don't tell us otherwise the days of moblock, blockcontrol and mobloquer will soon be over.
Packages for lucid, maverick and natty are available as usual in my ppa. (oneiric currently fails to build, I'm on it.)
Re: General MoBlock thread
Thanks a lot for the gui, I can finally stop using tail now :)
Re: General MoBlock thread
Previous version of PGL automatically whitelisted ports 80 & 443 but upgrading didn't keep that setting. No big deal but someone might wonder why web pages don't work anymore :)