Re: General MoBlock thread
Quote:
Originally Posted by
Gavin77
Thanks a lot for the gui, I can finally stop using tail now :)
hehe, you're welcome. But you can now also do a quick whitelisting (permanent or temporarily) by just right-clicking on the blocked IP or port (without "restart" as it was necessary in mobloquer). - so this really is an improvement over "tail".
Quote:
Originally Posted by
Gavin77
Previous version of PGL automatically whitelisted ports 80 & 443 but upgrading didn't keep that setting. No big deal but someone might wonder why web pages don't work anymore :)
Thanks, you are absolutely right!
The just mentioned easy whitelisting is also the reason why there is no default port whitelisting any more. Having ports 80 and 443 whitelisted is a certain security risk, because a malicious host may listen on just these ports. I can't tell you though, whether this is paranoid. So either whitelist them again, or add (quite many) IPs to the whitelist, it is up to you.
Re: General MoBlock thread
Thanks, I'd already whitelisted them using the right-click menu, very handy it is too :)
Re: General MoBlock thread
Found a possible bug. If I right-click and select temporarily allow a port, it does nothing and continues to be blocked.
Re: General MoBlock thread
Please start "pgl-gui" from the console and watch its output, when you do this.
Which port did you want to whitelist? Does it happen for all ports? For all directions?
Which other ports were already whitelisted? Please post "sudo iptables -L -nv".
Background: on whitelisting pgl-gui first checks if the item is already whitelisted, probably there is a false positive.
Re: General MoBlock thread
Quote:
Originally Posted by
jre
Please start "pgl-gui" from the console and watch its output, when you do this.
Which port did you want to whitelist? Does it happen for all ports? For all directions?
Which other ports were already whitelisted? Please post "sudo iptables -L -nv".
Background: on whitelisting pgl-gui first checks if the item is already whitelisted, probably there is a false positive.
Code:
pgl-gui
** Debug: gSudo: ""
** Debug: ""
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which kdesudo" () ...
** Debug: "/usr/bin/kdesudo"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: ""
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which kdesudo" () ...
** Debug: "/usr/bin/kdesudo"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: list size: 0
** Debug: list size: 0
** Debug: true
** Debug: ******************EXECUTE COMMAND***************
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which gksudo" () ...
** Debug: "/usr/bin/gksudo"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: virtual void ProcessT::run() Executing command "which gksudo" () ...
** Debug: "/usr/bin/gksudo"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which kdesu" () ...
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which kdesu" () ...
** Debug: ""
** Debug: ""
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: ******************EXECUTE COMMAND***************
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "which gksu" () ...
** Debug: virtual void ProcessT::run() Executing command "which gksu" () ...
** Debug: "/usr/bin/gksu"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: "/usr/bin/gksu"
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: "OUT: 192.168.2.2:45186 94.125.182.255:6667 TCP || ATW Internet Kft. | 2011-07 Malware ....................."
** Debug: "OUT: 192.168.2.2:48529 95.141.29.22:6667 TCP || EuroTransit GmbH | 2011-07 Unspecified Threat .......... | Tor"
** Debug: "OUT: 192.168.2.2:41787 130.237.188.216:6667 TCP || 2011-07 Unspecified Threat .........."
** Debug: "OUT: 192.168.2.2:45756 194.109.20.90:6667 TCP || GTS NOVERA a.s. | servicing Tripos | State Research Library | I"
** Debug: "OUT: 192.168.2.2:45724 195.18.164.194:6667 TCP || Ventelo Norge AS | DATAMETRIX AS | Pineapple Publishing AS"
** Debug: "OUT: 192.168.2.2:49977 195.47.220.2:6667 TCP || Ten BERG IP Network"
** Debug: "OUT: 192.168.2.2:43779 208.83.20.130:6667 TCP || Desync Networksfake bittorrent trackers | LogicalSolutions.net"
** Debug: "OUT: 192.168.2.2:56768 64.18.128.86:6667 TCP || RackVibe LLC | proxy.xzibition.com | security.team.from.armed.us"
** Debug: "OUT: 192.168.2.2:44766 66.186.59.50:6667 TCP || Alchemy Communications, Inc | LIONSGATE FILMS | JuriSearch, LLC"
** Debug: "OUT: 192.168.2.2:39688 69.16.172.34:6667 TCP || Highwinds Network Group | Robbins Green, P.A. | Jarin Industri"
** Debug: "OUT: 192.168.2.2:33998 69.16.172.40:6667 TCP || Highwinds Network Group | Robbins Green, P.A. | Jarin Industri"
** Debug: "OUT: 192.168.2.2:34991 70.33.251.254:6667 TCP || InfoRelay Online Systems, Inc. | AODINC | Legal Discovery LLC"
** Debug: "OUT: 192.168.2.2:45198 94.125.182.255:6667 TCP || ATW Internet Kft. | 2011-07 Malware ....................."
** Debug: "OUT: 192.168.2.2:48541 95.141.29.22:6667 TCP || EuroTransit GmbH | 2011-07 Unspecified Threat .......... | Tor"
** Debug: "OUT: 192.168.2.2:38684 173.234.32.42:6667 TCP || Nobis Technology Group, LLC | Eisenberg, Christine | Wu, David"
** Debug: "OUT: 192.168.2.2:49987 195.47.220.2:6667 TCP || Ten BERG IP Network"
** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file"
** Debug: ("/usr/bin/kdesudo "iptables -L pgl_out -n | grep -x 'RETURN *tcp *-- *0.0.0.0/0 *0.0.0.0/0 *tcp dpt:6667 *' || iptables -I pgl_out -p tcp --dport 6667 -j RETURN"")
** Debug: start thread
** Debug: ******************EXECUTE COMMAND***************
** Debug: virtual void ProcessT::run() Executing command "/usr/bin/kdesudo "iptables -L pgl_out -n | grep -x 'RETURN *tcp *-- *0.0.0.0/0 *0.0.0.0/0 *tcp dpt:6667 *' || iptables -I pgl_out -p tcp --dport 6667 -j RETURN"" () ...
** Debug: "Bad argument `|'
Try `iptables -h' or 'iptables --help' for more information."
** Debug: virtual void ProcessT::run() Command execution finished.
** Debug: "OUT: 192.168.2.2:45206 94.125.182.255:6667 TCP || ATW Internet Kft. | 2011-07 Malware ....................."
** Debug: "OUT: 192.168.2.2:48549 95.141.29.22:6667 TCP || EuroTransit GmbH | 2011-07 Unspecified Threat .......... | Tor"
** Debug: "OUT: 192.168.2.2:41807 130.237.188.216:6667 TCP || 2011-07 Unspecified Threat .........."
** Debug: "OUT: 192.168.2.2:45776 194.109.20.90:6667 TCP || GTS NOVERA a.s. | servicing Tripos | State Research Library | I"
** Debug: "OUT: 192.168.2.2:45744 195.18.164.194:6667 TCP || Ventelo Norge AS | DATAMETRIX AS | Pineapple Publishing AS"
** Debug: "OUT: 192.168.2.2:49997 195.47.220.2:6667 TCP || Ten BERG IP Network"
Code:
sudo iptables -L -nv
Chain INPUT (policy ACCEPT 66 packets, 16567 bytes)
pkts bytes target prot opt in out source destination
0 0 pgl_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 pgl_fwd all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain OUTPUT (policy ACCEPT 74 packets, 13589 bytes)
pkts bytes target prot opt in out source destination
59 3573 pgl_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14
Chain pgl_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 192.168.2.0/24 192.168.2.0/24
0 0 RETURN all -- * * 0.0.0.0/0 192.168.2.1
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain pgl_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 192.168.2.0/24 0.0.0.0/0
0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 224.0.0.251-224.0.0.251
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 239.255.255.250-239.255.255.250
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 224.0.0.22-224.0.0.22
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain pgl_out (1 references)
pkts bytes target prot opt in out source destination
9 573 RETURN all -- * * 0.0.0.0/0 192.168.2.0/24
0 0 RETURN all -- * * 0.0.0.0/0 192.168.2.1
0 0 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0
22 1320 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 224.0.0.251-224.0.0.251
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 239.255.255.250-239.255.255.250
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 224.0.0.22-224.0.0.22
3 180 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
25 1500 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
The only ports I have whitelisted are 80 & 443. I was trying to temp allow 6667 so I can connect to IRC.
Re: General MoBlock thread
Same issues here on Oneiric i386 (natty repo)
- before latest upgraded packages, all was working smoothly, now allowing the latest blocked url dont work (everything is shown as malware !!!)
- whitelisting dont work: both right-click and adding url
For example: i've tried to whitelist https://launchpadlibrarian.net
it fails both as url or port: says "invalid"
Re: General MoBlock thread
Quote:
Originally Posted by
Gavin77
Code:
** Debug: virtual void ProcessT::run() Executing command "/usr/bin/kdesudo "iptables -L pgl_out -n | grep -x 'RETURN *tcp *-- *0.0.0.0/0 *0.0.0.0/0 *tcp dpt:6667 *' || iptables -I pgl_out -p tcp --dport 6667 -j RETURN"" () ...
** Debug: "Bad argument `|'
Try `iptables -h' or 'iptables --help' for more information."
That's the rpoblem. Here exactly the same thing works. Pleasse check on your terminal:
Code:
sudo iptables -L pgl_out -n | grep -x 'RETURN *tcp *-- *0.0.0.0/0 *0.0.0.0/0 *tcp dpt:6667 *' || sudo iptables -I pgl_out -p tcp --dport 6667 -j RETURN
echo $?
I guess this works.
What's your
Does it work if you change /usr/bin/pglcmd first line to EDIT: That is probably useless, Try to change the /bin/sh link to bash (and revert it later to your current setting, so remember that. If unsure ask some Ubuntu guru.):
Code:
sudo rm /bin/sh
sudo ln -s /bin/bash /bin/sh
Which system are you on?
Quote:
Originally Posted by
dino99
Same issues here on Oneiric i386 (natty repo)
- before latest upgraded packages, all was working smoothly, now allowing the latest blocked url dont work (everything is shown as malware !!!)
- whitelisting dont work: both right-click and adding url
For example: i've tried to whitelist
https://launchpadlibrarian.net
it fails both as url or port: says "invalid"
Whitelisting URLs never worked! Did it? You have to use IPs instead. You may only use "service names" instead of port numbers.
I don't understand the "malware" - where is it shown?
Re: General MoBlock thread
Code:
sudo iptables -L pgl_out -n | grep -x 'RETURN *tcp *-- *0.0.0.0/0 *0.0.0.0/0 *tcp dpt:6667 *' || sudo iptables -I pgl_out -p tcp --dport 6667 -j RETURN
gavin@kubuntu:~$ echo $?
0
Code:
ls -l /bin/sh
lrwxrwxrwx 1 root root 4 2011-08-06 00:55 /bin/sh -> dash
I'm on Kubuntu Natty.
Re: General MoBlock thread
I have several questions about the update.
1. I have been using peerguardian as a kiddie control service. It starts at system boot, blocks all internet activity except what I white list and the kids cannot change any settings with their login. I can deactivate from their account with a quick "su me" and "sudo pglcmd stop" and then turn it back on when I'm done. It worked a champ. Can I still have a similar set-up with the new version?
2. After the default install, will I need to change my settings to get it back how it was (ie., as a kiddie control system)?
I have forgotten a lot of what I did to get it setup the way I want. I want to update to the new suppa-fly gui, but don't want a week of 24-7 fiddling to get it to work the way I want. Any advice you can give would be great.
3. I noticed that in options -> settings, it lists kdesudo for the Sudo front-end. If I'm running gnome desktop, should I change this to gksudo? or keep it the same?
Thanks for the excellent program! It has worked a champ exactly as I want it to.:KS
Re: General MoBlock thread
@DOS286:
ad 1.) The way it works is generally unchanged, so yes.The GUI requires administrative rights to change settings, like pglcmd before.
ad 2.) Basically you just need to repeat your configuration steps. Relevant changes for you might be:
- removed default whitelisting of ports 80 (http) and 443 (https)
- place local blocklists in LOCAL_BLOCKLIST_DIR (/etc/pgl/blocklists.local) instead of MASTER_BLOCKLIST_DIR
- removed debconf configuration (pgl-gui is better for this)
We got some issues reported for pgl-gui. Not major drawbacks, but generally you may wait a few days/weeks before updating. We have no official beta testers, only those which update the first day, and those who wait.
Just reuse the content of /etc/pglcmd to have a working identical pgl installation.
ad 3.) Both work, but with both ...sudo I have to retype my password everytime I need it (it doesn't remember it for e.g. 20 minutes). Therefore I use under Gnome gksu, which asks for root's password and allows to save it.