I'm a bit of an Ubuntu newbie so please bear with me.
I've installed the 64 bt version of moblock 8.39 and it's blocking things fine. The only problem is it's blocking things that aren't actually in my blocklist(s).
This is my moblock.conf file:
Code:
# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="d"
# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"
# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="0"
# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="0"
# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"
################## Settings for the iptables firewall rules ###################
# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).
# Do a "moblock-control stop" before you change these iptables settings.
# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"
# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"
############################### Whitelist ports ###############################
# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "port:port"
# Up to 15 ports can be specified. A port range (port:port) counts as two
# ports.
# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_UDP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
# WHITE_TCP_OUT="80 443 1000:1024"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""
################################ Whitelist IPs ################################
# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")
# This replaces the old (up to 0.8-32) IP_TCP_ and IP_UDP_ entries.
# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.
WHITE_IP_IN="192.168.1.0/24"
WHITE_IP_OUT="192.168.1.0/242"
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
# WHITE_IP_OUT="192.168.178.0/24"
WHITE_IP_FORWARD=""
###################### Remove lines from the blocklist ########################
# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".
# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"
########################### Full LSB compatibility ############################
# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0
and this is my blocklists.list file:
Code:
# blocklists.list - lists the blocklists used by moblock-control
# Place one URL per line for every blocklist. Any line which starts with a #
# (hash) is a comment and is ignored. You have to do a "moblock-control update"
# after editing this file.
# All lists have to be in the same blocklist-format. This format has to be
# specified in moblock.conf.
# The name of the blocklist has to be the same as the basename of the URL, i.e.
# php redirects are not possible.
# If the remote server doesn´t support timestamping start the line with
# "notimestamp". Don´t abuse this. This is only necessary if the remote
# server doesn´t provide timestamping (Error 400).
# For local blocklists start the line with "locallist".
locallist /etc/moblock/list.txt
where /etc/moblock/list.txt is
As you can see, I'm only bocking a single dummy ip address (for testing purposes). Unfortunately, when I try to access google I get the following errors in my log file:
Code:
Ranges loaded: 1
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Blocked OUT: @,hits: 1,DST: 66.102.9.147
Blocked OUT: @,hits: 2,DST: 66.102.9.147
Blocked OUT: @,hits: 3,DST: 66.102.9.147
Got SIGTERM! Dumping stats and exiting.
Could anyone please help to explain why '66.102.9.147' is getting blocked when the only ip address in my blocklist is '9.9.9.9'? (By the way, I've done all the requisite reloads and restarts. My ipfilter.dat file also only contain this single range).
I don't have any firewall installed atm and since I'm new to linux I have no idea what the following output means:
Code:
~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
moblock_in 0 -- anywhere anywhere state NEW
Chain FORWARD (policy ACCEPT)
target prot opt source destination
moblock_fw 0 -- anywhere anywhere state NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
moblock_out 0 -- anywhere anywhere state NEW
Chain moblock_fw (1 references)
target prot opt source destination
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0
Chain moblock_in (1 references)
target prot opt source destination
RETURN 0 -- 192.168.1.0/24 anywhere
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0
Chain moblock_out (1 references)
target prot opt source destination
RETURN 0 -- anywhere 192.168.1.0/24
NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0
If any of that helps, I'd really appreciate someone telling me what's going wrong because I'm at my wit's end right now.
Thanks.
Bookmarks