Moblock (peerguardian linux alternative)

[nuskool]

Just wanted to say thanks to the writer of the tutorial (and the developer(s) of the application itself).

Set it up last night first time. Got a little impatient on install when it said it was updating the list and cancelled it because i thought it had crashed. Ran the moblock-control update to get it to download the lists again.

Thanks all.

[quixotic-cynic]

I just upgraded from 0.8.15 to 0.8.21 and I noticed that I lost internet access: I couldn't visit any websites, pidgin died, torrents died, couldn't ping anything. Is anyone else experiencing this problems?

If I run moblock off my openbox start menu with the command

Code:

rxvt -e sudo /etc/init.d/moblock-nfq start

it completely nerfs my internet connection.

Starting with

Code:

sudo /etc/init.d/moblock-nfq start

run within a terminal usually does not give me problems.

Sometime it also messes up after updating moblock.

If you are experiencing this problem I would suggest:
1) manually stopping moblock
2) starting it
3) waiting a few seconds,
4) trying a program that should not be blocked/has not been previously

I am unsure of a 'permanent' fix - I start/stop and update moblock manually.

Please let me know how you get on... also - it may be worth comparing set-ups: I have a command line install running xorg/openbox on top.

[pelle.k]

I just upgraded from 0.8.15 to 0.8.21 and I noticed that I lost internet access: I couldn't visit any websites, pidgin died, torrents died, couldn't ping anything. Is anyone else experiencing this problems?

What ubuntu you run, what repo do you get moblock from, and what does "sudo moblock-control status" tell you?
See, it's all in how you supply the clues. Without those we can't help you.

[Githlar]

After following your updated tutorial on how to install MoBlock on Gutsy, I receive this message after running `sudo apt-get install moblock-nfq`

Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
moblock-nfq: Depends: libc6 (>= 2.6-1) but 2.5-0ubuntu14 is to be installed
Depends: libnetfilter-queue1 (>= 0.0.13) but 0.0.12-1 is to be installed
Depends: libnfnetlink0 (>= 0.0.25) but it is not installable
E: Broken packages

[jre]

@LordKelvan:
try "tail -f /var/log/moblock.log" to see live if/which IPs are blocked.
Maybe your own and some/many IPs that you want to ping/connect via pidgin/... is in the blocklist. Major changes since 0.8-15:

- no more whitelisting of port 80 and 443: This only explains why you have problems with web surfing.
- new blocklists (additional to the old ones):
www.bluetack.co.uk/config/hijacked.gz
www.bluetack.co.uk/config/iana-multicast.gz
www.bluetack.co.uk/config/rangetest.gz
www.bluetack.co.uk/config/trojan.gz
www.bluetack.co.uk/config/iana-private.gz
www.bluetack.co.uk/config/iana-reserved.gz
Perhaps your own and/or the IPs you wanted to connect to/ping/... is in one of these lists.

If your problems continue and you see that the IPs are blocked in the logfile, then you have to whitelist IPs / ports and/or remove some IP ranges from the blocklist (both via moblock.conf) and/or don't use some blocklists (edit blocklists.list).

If no IPs are blocked then try restarting manually. If your problems continue then I'm quite clueless :-/

@Githlar:
current Gutsy:
libc6 is 2.6.1-1ubuntu7
libnetfilter-queue1 (0.0.12-1) in universe
libnfnetlink0 (0.0.25-1) in universe

So I think: you need to add "universe" to your sources.list and update your whole gutsy installation (this solves the libc6 and the libnfnetlink0) problem.
But then there's still a problem with libnetfilter-queue1. I'll try to sort this out, now. But I can't promise anything.

Note to pelle: add to the Howto that "universe" has to be in the sources.list.

greets
jre

[pelle.k]

I just installed the newly released gutsy beta today, and moblock *does* install flawlessly. Me thinks someone hasn't dist-upgraded in a while
Both libnfnetlink, and libnetfilter-queue is in universe, which is activated by default after installation.

btw, updating the blocklists upon installation never did succeed.
However, the blocklists were downloaded to /var/spool/moblock, but the guarding.p2p was empty.

Code:

Updating blocklists and reloading MoBlock if any blocklist was updated   ...done.
Empty blocklist!
Starting MoBlock   ...done.

A manual update took care of that though.
I think it would be helpful with some kind of "progress indicator" of some sort, or better yet, what lists got updated. The update took a good 2-3 minutes with no indication on what was happening.

Other than that, great work!

[quixotic-cynic]

I think the problem LordKelvan may be getting is more serious than what he wants being inside one of the block ranges. I get the problem too sometimes so I know what he means - your *whole* net connection goes... (I will work on this a bit more over the next few days I think).

[sefs]

I need a confirmation before installing if anyone can

MoBlock works well with IPTables and does not cancel each other out?

The problem arises where you try to use Moblock with a front end for iptables such as FireStarter?

And if i stop FireStarter from loading at startup (PS: the iptables firewall in ubuntu will still be running in FULL effect ... just not with the gui front end firestarter .. so all firewall rules will still be running) and use MoBlock that MoBlock will run perfectly with the iptables firewall.

Is all that correct?

Thanks.

[pelle.k]

Moblock does its own iptable rules (that is what iptables is, a set of rules). It *has* to redirect traffic in a certain way, for it to inspect and stop some of it.
That's why it doesn't work with other iptable constructions very well.
It could work with other iptables frontends (like firestarter), if support for redirecting traffic the way moblock does would be supported.
That way, moblock wouldn't have to create it's own (conflicting) rulesets, but leave that to firestarter (or whatever frontend).

So in effect; No, you can't run firestarter. Even if you don't run the GUI, the iptable rules (run by the daemon, not the GUI) will still apply, and thus conflict with moblock in some way.

I hear "ipblock" can work in harmony with another iptables firewall though (if i'm not mistaken). There's even a HOWTO right here in the ubuntuforums for it.

[Neovos]

To JRE regarding updated Moblock on Feisty.

Great job btw. I just installed it and the updated .conf file is laid out really well. Was really simple to configure. I ran moblock successfully and all updates and configurations worked well for me. I did also try the setup with firehol and got lots of non success. So it's confirmed that it doesn't work with firehol out of the box. Heres what I got after configuring moblock (as per older firehol setup instructions above), updating, starting moblock. and then immediately starting firehol.

Code:

user@computer:~$ sudo firehol stop
FireHOL: Clearing Firewall: OK

user@compuer:~$ sudo moblock-control restart
(Re-)Starting MoBlock   ...done.
user@computer:~$ sudo firehol start


--------------------------------------------------------------------------------
ERROR   : # 1.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 34 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_torrent_s1 -p tcp --dport 6881:6981 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 2.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 34 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_torrent_s1 -p tcp --sport 6881:6981 -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 3.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 40 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_http_c2 -p tcp --sport 32768:61000 --dport 80 -m state '' --state NEW\,ESTABLISHED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 4.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 40 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_http_c2 -p tcp --sport 80 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 5.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 41 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_https_c3 -p tcp --sport 32768:61000 --dport 443 -m state '' --state NEW\,ESTABLISHED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 6.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 41 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_https_c3 -p tcp --sport 443 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 7.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_all_c4 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 8.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_all_c4 -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 9.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_irc_c5 -p tcp --sport 32768:61000 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 10.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_irc_c5 -p tcp --sport 6667 --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 11.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 12.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 13.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 14.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 15.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c6 -p tcp --sport 32768:61000 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 16.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 44 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c6 -p tcp --sport 1000:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j MOBLOCK 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 17.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 18.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 19.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 20.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 21.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT 
OUTPUT  : 

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'

Stopped: Couldn't activate new firewall.

FireHOL: Restoring old firewall: OK

user@computer:~$

I think almost every single line that was added in firehol.conf referencing moblock led to an error. So heres out of the box errors. Don't know if they're useful to you at all. But my next thought is that why do you even need an additional firewall anyway? Your already blocking the ip lists, then can't you just manually enter blocks or allows as you need them in moblock?