Moblock (peerguardian linux alternative)

[jingo811]

jre wrote:

OK, I've just released 0.8-39:

Yay that solved everything.

Code:

$ apt-get --purge remove moblock-nfq     ; remove alone keeps your configs, option purge will permanently delete every last file associated with moblock-nfq
$ apt-get install moblock-nfq
$ moblock-control update
$ moblock-control test

Yeah so some big shot on google search recommended using aptitude over apt-get since it handled dependencies and deborphans better but I had to go through hell on an offtopic situations when using aptitude so I'm sticking with apt-get.

[PhilJ]

just downloaded the latest update. There are no blocklists in the /etc/moblock/blocklists.list except for one and all existing blocklists have gone after the update.
In order to reload you will have to add them to blocklists.list and update moblock. some of them have no update.

not a complaint just info
thanks for the program

Phil

the list is in /usr/share/doc/moblock-nfq folder

[freedom]

Yes... one..
Since default list type in moblock.conf is changed to eMule version, only one list is there
www.bluetack.co.uk/config/nipfilter.dat.gz
and as sayed in /usr/shared/doc/moblock-nfq/README.blocklists
it includes almost everything we used before

Lists from bluetack.co.uk in eMule ’ipfilter.dat’ format:
http://www.bluetack.co.uk/config/nipfilter.dat.gz
This blocklist is the (normal) IP Filter.dat for loading into Emule.
The nipfilter.dat file includes the following ranges pre-merged into it:
1. Level1
2. Bogon list
3. Hijacked IP blocks
4. IANA Multicast
5. IANA Private
6. IANA Reserved
7. level2 corp
8. Microsoft
9. NonLan list
10. templist

[PhilJ]

but for some reason nothing was being blocked until I altered blocklists.list adding all the lists. After this moblock updated the lists then started blocking. I'm no expert so I dont know why this happened . Moblock-control.log showed ranges loaded 0
merged ranges 0
skipped ranges 0

until I altered the file and restarted moblock now it shows
ranges loaded 328575
merged ranges 614
skipped 9125

Philj

[jre]

but for some reason nothing was being blocked until I altered blocklists.list adding all the lists. After this moblock updated the lists then started blocking. I'm no expert so I dont know why this happened . Moblock-control.log showed ranges loaded 0
merged ranges 0
skipped ranges 0

until I altered the file and restarted moblock now it shows
ranges loaded 328575
merged ranges 614
skipped 9125

I guess you kept your old moblock.conf with wrong settings. For the ipfilter.dat you need

Code:

BLOCKLIST_FORMAT="d"

in /etc/moblock/moblock.conf.



Zeikcied (all users not using special iptables rules/firewalls can stop reading here), you have to be careful with your iptables settings (and since you have some advanced settings you should learn what they mean.
I guess you're using an firewall together with MoBlock. Except with "firehol" there exists no known solution for firewalls in combination with MoBlock 0.8.

All traffic that is ACCEPTed in your rules before it is sent to MoBlock won't be checked by MoBlock but will simply be accepted. The same goes for DROP rules: packets matching these will be dropped and not be checked by MoBlock. Last but not least, your general rule DROP is undermined by MoBlock, who ACCEPTs packets which aren't blocked.

Now to MoBlock: You have three times the same rule, I don't know how this happened, but this shouldn't be. Do "moblock-control stop" untill there isn't any moblock rule in your iptables settings. Then "moblock-control start" once.
Since Moblock is the last rule in your chains it's generally well configured, but keep in mind what I wrote in the last paragraph.

Finally, follow the logfile live with

Code:

tail -f /var/log/moblock.log

.

The "status" shows that no (0 in the first two columns) packet ever reached MoBlock. So you have to tweak your iptables rules so that traffic is sent to MoBlock:

Since you're already having a general DROP only the traffic that is allowed by you will be possible. So you have to insert on the ports where you want to allow traffic the iptables target NFQUEUE (queue number 0).
The easiest way is to do this with the "custom iptables settings" (see /etc/moblock/moblock.conf). You can insert your iptables rules for insertion and deletion in /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh.
Just remember that every packet that passes through NFQUEUE to MoBlock (0.8) will either be ACCEPTed or DROPped.
If your new to iptables rules you will have to learn something

You can also use firehol, see the HOWTO for instructions. Other firewalls are not compatible with MoBlock 0.8

Greets
jre

[gav616]

IBM Co i.e iana is being blocked every second(which is good i guess, coz i have no LAN set up or NAT), wish i could stop this from happening in the first place though...

like make ubuntu disable lan access altogether? ha?

[moopoo]

Victory! As mentioned before, I couldn't surf the web anymore after the latest update.

I had a look into the log file (/var/log/moblock.log) and realized that moblock now blocks my router.

Code:

Consig,hits: 10,SRC: 192.168.178.1

So I edited the config and uncommented the example to whitelist IPs:

Code:

sudo gedit /etc/moblock/moblock.conf

Code:

################################ Whitelist IPs ################################
...
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"

[Zeikcied]

I guess you're using an firewall together with MoBlock. Except with "firehol" there exists no known solution for firewalls in combination with MoBlock 0.8.

I thought that maybe I could use an extra layer of protection, so I downloaded Firestarter to configure a firewall. I never thought it'd interfere with MoBlock. I just assumed there would be two separate instances of iptables or something. (I've been using Kubuntu for a year now, and most of the "non-visible" stuff I still don't understand.)

If your new to iptables rules you will have to learn something

This iptables stuff is confusing enough already.

You can also use firehol, see the HOWTO for instructions. Other firewalls are not compatible with MoBlock 0.8

Greets
jre

I guess that will have to do. Thanks for the advice, and I'm glad it's not too difficult of a solution. I'm hoping removing Firestarter will help things.

[spockrock]

Victory! As mentioned before, I couldn't surf the web anymore after the latest update.

I had a look into the log file (/var/log/moblock.log) and realized that moblock now blocks my router.

Code:

Consig,hits: 10,SRC: 192.168.178.1

So I edited the config and uncommented the example to whitelist IPs:

Code:

sudo gedit /etc/moblock/moblock.conf

Code:

################################ Whitelist IPs ################################
...
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"

Thank you I had, the same problem now to figure out why amsn causes my system to lock up when moblock is running....

[ivanpantaleon]

I'm still having troubles surfing the net with Moblock on. Here are the the logs and conf. I am using Fiesty .8-39 of moblock.

"Moblock.log""
Duplicated range ( Bogo )
Ranges loaded: 210844
Merged ranges: 0
Skipped useless ranges: 0

"Moblock.conf"
# moblock.conf - configuration file for moblock-control

# This file is sourced by a bash script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

############################ General configuration ############################

# Specify the format of the blocklists that you use. You can´t mix different
# formats.
# d - eMule ipfilter.dat format
# n - peerguardian .p2b v2 binary format
# p - peerguardian .p2p text format
BLOCKLIST_FORMAT="d"

# Specify a NFQUEUE queue number (default 0)
# Works only with -nfq version
NFQUEUE_NUMBER="0"

# Turn on/off automatic start
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically
MOBLOCK_CRON="1"

# Set the verbosity of moblock-control
# 0 - No normal output to STDOUT, only to logfile
# 1 - Output to STDOUT and to logfile
VERBOSITY="1"

################## Settings for the iptables firewall rules ###################

# MoBlock requires the iptables rule NFQUEUE (nfq version)
# or the deprecated QUEUE (ipq version).

# Do a "moblock-control stop" before you change these iptables settings.

# Define how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
# You or another script/firewall has to do this!
# 1 - NFQUEUE is in the chains moblock_in, moblock_out and moblock_fw.
# 2 - Set custom iptables rules (defined in
# /etc/moblock/iptables-custom-insert.sh and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Define when traffic is sent to the chain that contains NFQUEUE
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Insert the rules at the head of the chains.
# 2 - Append the rules to the end of the chains.
IPTABLES_ACTIVATION="2"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name
# (using iptables with the target RETURN)
# Seperate several entries with whitespace (" ")
# Port ranges are specified in the format "portort"
# Up to 15 ports can be specified. A port range (portort) counts as two
# ports.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT=""
WHITE_UDP_OUT=""
# This is an example to whitelist outgoing web traffic (port 80 is the service
# http, 443 is https) and the port range 1000-1024:
WHITE_TCP_OUT="80 443 1000:1024"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

################################ Whitelist IPs ################################

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target RETURN)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")

# This replaces the old (up to 0.8-32) IP_TCP_ and IP_UDP_ entries.

# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_IP_IN=""
WHITE_IP_OUT=""
# This is an example to whitelist the range 192.168.178.1-192.168.178.255:
WHITE_IP_OUT="192.168.178.0/24"
WHITE_IP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist (using "grep -v -i")
# Warning for beginners: If you want to whitelist a special IP then check the
# above section. In most cases you won't succeed if you insert an IP here.
# Seperate values with a semicolon ";".

# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE=""
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourcefor ge"

########################### Full LSB compatibility ############################

# The control script uses /lib/lsb/init-functions. In Debian this file also
# provides functions which are not defined by the LSB standard. Change this
# entry if the script complains of not knowing a function.
# 0 - Debian compatible system (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE=0"

"Moblock-control.log"
2007-12-17 20:57:14 PST Begin: /usr/bin/moblock-control update
Updating blocklists ...
Updating nipfilter.dat.gz * . No update available.
* Blocklists updated.
Building blocklist ...done.
Installing blocklist to /etc/moblock/ipfilter.dat ...done.
* MoBlock is not running.
2007-12-17 20:57:23 PST End: /usr/bin/moblock-control update
2007-12-17 08:57:29 PM PST Begin: /usr/bin/moblock-control restart
Deleting iptables ...fail!
Stopping MoBlock ...done.
Inserting iptables ...done.
Starting MoBlock ...done.
2007-12-17 08:57:33 PM PST End: /usr/bin/moblock-control restart
* Logging to /var/log/moblock.log
* Ranges loaded: 210844
* Using .dat file format
* Merged ranges: 0
* Skipped useless ranges: 0