Page 61 of 120 FirstFirst ... 1151596061626371111 ... LastLast
Results 601 to 610 of 1196

Thread: Moblock (peerguardian linux alternative)

  1. #601

    Re: Moblock (peerguardian linux alternative)

    Quote Originally Posted by pelle.k View Post
    I'm _not_ quite sure i understand how you mean, ...
    Ok, that is not reassuring for me considering you wrote such a useful thread - I really did think I understood this somewhat... now I am worried my question may not even make sense??!?

    Quote Originally Posted by pelle.k View Post
    ...but in either case moblock is not a firewall.
    Understood.

    Quote Originally Posted by pelle.k View Post
    Of course you're gonna have a hole in your protection, just as any really functional wall acctually has a door (port)...
    I understand that you need ports open for any net-facing program to work. What concerns me it that by allowing connections from the local computer to port 80 or 443 on another computer then you actually have an issue with your moblock protection (not in a firewall sense). AFAIK you dont *need* a hole in you moblock protection, unlike with a firewall - you just have to put up with a few blocked sites (which is a bit of a pain).

    Quote Originally Posted by pelle.k View Post
    If you then set your p2p client to port 80 that is still for incoming connections, so in essence your examaple has no effect in reality.
    In one of my previous posts I wrote when you have WHITE_TCP_OUT="http https" then if I understand correctly outbound connections on port 80 are possible. I have not been talking about incomming connections at all. I am sorry if I am unable to write with a sufficient degree of clarity, I am doing my best.

    Quote Originally Posted by pelle.k View Post
    Maybe you should read up on iptables, and in particular the different "states" a connection can have.
    You are probably correct - it is a good suggestion. As far as I know, with TCP in general, you can have 'open connection' packets with RST header bits to open a connection and ACK header bits in all other TCP packets. Packets can be sent outbound or inbound. So, WHITE_TCP_OUT="80" would allow open connection packets out, and normal packets out and in on the same connection, but would not allow open connection requests from outside. My questions above are directed from this particular understanding so if it is wrong my question could be mis-directed, and if right then vice versa.

    I will do some more iptables reading since I am used to routers, kerio and kaspersy...

    --QC

  2. #602
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    Oh, don't worry if I don't get what you mean. After all, english isn't my first language...
    So, can i take a guess at what you mean is that;
    You are worried that traffic from, say a BT download, could sneak through by answering another peer at port 80?

    I guess that is unlikely, but not impossible. The rules moblock create are just a default set, and you are encouraged to adjust them to your liking. In fact, moblock states it is a utility for advanced users in the first place.

    I guess you could adjust the rules inserted by moblock to whitelist_out port 80, but _not_ if "sport" is in a range used internally by your BT client (or whatever software we speak about...)
    See? It's all in the rules inserted by moblock, primarily.
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  3. #603

    Re: Moblock (peerguardian linux alternative)

    Yes, that was what I was going on about ^_^

    It sound like it's possible to do more stuff than I thought with the config file so I will mess around with it a bit and see what I can do.

    Thanks for the useful reply.

    --QC

  4. #604
    Join Date
    Jul 2005
    Beans
    740
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Moblock (peerguardian linux alternative)

    Quote Originally Posted by quixotic-cynic View Post
    [removed redundant section]

    cat merged.p2b.p2p yourblockfile.txt > merged.p2b.p2p.tmp
    mv merged.p2b.p2p.tmp merged.p2b.p2p

    Credit to pelle.k for his "What about filtering out some stuff i wan't to connect to?" that gave me the idea.
    Thanks I will try this.

  5. #605
    Join Date
    Jan 2007
    Beans
    770

    Re: Moblock (peerguardian linux alternative)

    Quote Originally Posted by pelle.k View Post
    I guess you could adjust the rules inserted by moblock to whitelist_out port 80, but _not_ if "sport" is in a range used internally by your BT client (or whatever software we speak about...)
    See? It's all in the rules inserted by moblock, primarily.
    sport? did you mean dport!?

    Anyway, if anybody has an practical way of doing this, then please post it! Personally I don't know a way how to use iptables rules on an application basis. The cleanest solution would be to only whitelist TCP out on port 80 for e.g. the webbrowser.
    But anyway, I will change the default to no whitelisting. Sorry for all the users who will come here and ask why they can't surf or who will even not use moblock at all.

    greets
    jre

  6. #606
    Join Date
    Feb 2007
    Beans
    26

    Re: Moblock (peerguardian linux alternative)

    Hello,

    Yes it could be excellent. I am currently reading some interesting netfilter documentation that may help
    http://www.netfilter.org/documentati...entation-howto

    sloter

  7. #607

    Re: Moblock (peerguardian linux alternative)

    Reply CCd from here.

    Thanks for taking the point seriously jre.

    Changing the default may be excessive (perhaps?) since, as you say, some people may just give up etc. It is up to you as to what you choose to do about it.

    An alternative could be to make people aware of the issue - and then they could choose whether it is an acceptable 'risk' or not.

    If you do choose to change the default (or even if you dont) I will try to lurk around the PG and Ubuntu forum pages to help newbies. I am fairly new to linux (a few weeks) so am looking for somewhere I can contribute. Since I am quite paranoid this may be a good place to start...
    ___
    @sloter: thanks for the link, i'm sure it will be good reading.

  8. #608
    Join Date
    Jan 2007
    Beans
    770

    Re: Moblock (peerguardian linux alternative)

    I put a preview repository at moblock-deb.sourceforge.net/preview/debian

    So just get my gpg key (see this post) and add the following lines to your /etc/apt/sources.list:
    Debian etch (stable):
    Debian lenny (testing):
    Debian sid (unstable):
    Then you can easily install "moblock-nfq" (or "moblock-ipq")

    Most important changes to the old debian packages from moblock-deb.sf.net:
    moblock-control (see thread at forums.phoenixlabs.org, this implies many changes)
    sloter's new man page
    sloter's test function
    NO port whitelisting (have a look at /etc/moblock/moblock.conf for this)

    major TODOs:
    Ubuntu packages (at least feisty and gutsy)
    documentation updates

    With these things done the repository will move to the old position (without the "preview" in the URL).

    Feedback (including on which distribution you are) is very welcome!
    You can have a look at the actual files at http://moblock-deb.svn.sourceforge.net/. Patches are always appreciated

    Greets
    jre
    Last edited by jre; September 4th, 2007 at 08:59 PM.

  9. #609
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    Anyway, if anybody has an practical way of doing this, then please post it! Personally I don't know a way how to use iptables rules on an application basis. The cleanest solution would be to only whitelist TCP out on port 80 for e.g. the webbrowser.
    But anyway, I will change the default to no whitelisting. Sorry for all the users who will come here and ask why they can't surf or who will even not use moblock at all.
    I hope you know how much we appreciate you work jre. My exmaple was just an idea, and i have not evaluated if this could be done at all _in reality_, because i have never felt the need to do this.
    Either way, the point was only to show that moblock does the filtering; iptables does the traffic redirection

    Let me point out that i am by no means an iptables guru.

    Oh, and please do tell me when, and if, i need to update the howto to reflect any recent changes that will be more or less permanent from now on.
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  10. #610
    Join Date
    Jan 2007
    Beans
    770

    Re: Moblock (peerguardian linux alternative)

    Quote Originally Posted by pelle.k View Post
    Oh, and please do tell me when, and if, i need to update the howto to reflect any recent changes that will be more or less permanent from now on.
    Most things that will be permanent are already in the preview repository.
    With the updated documentation I think you can easily change the howto.
    Also, with special ubuntu packages the howto whould get much shorter
    If you want I can announce the change of the official repository let's say 2 days in advance here and at forums.phoenixlabs.org.

    Greets!!
    jre
    Last edited by jre; September 4th, 2007 at 09:00 PM.

Page 61 of 120 FirstFirst ... 1151596061626371111 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •