General MoBlock thread

**berky** · May 28th, 2011

Also, this just doesn't seem right, but I could be wrong:

Code:

<stop moblock>
# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


<start moblock>
# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
blockcontrol_in  all  --  0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
blockcontrol_fw  all  --  0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
blockcontrol_out  all  --  0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14 

Chain blockcontrol_fw (1 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           mark match 0xa 
RETURN     all  --  0.0.0.0/0            10.11.12.254        
RETURN     all  --  10.11.12.0/24        10.11.12.0/24       
NFQUEUE    all  --  0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

Chain blockcontrol_in (1 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           mark match 0xa 
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  10.11.12.0/24        0.0.0.0/0           
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
NFQUEUE    all  --  0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

Chain blockcontrol_out (1 references)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           mark match 0xa reject-with icmp-port-unreachable 
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            10.11.12.254        
RETURN     all  --  0.0.0.0/0            10.11.12.0/24       
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
NFQUEUE    all  --  0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

why is the 'reject' line in there with a 0/0 destination? doesn't iptables get populated with every subnet from all of the block lists, or am I not comprehending what moblock does?

****
EDIT
****

I disabled the following lists and everything appears to be working ok now:

atma/atma
bluetack/bogon
tbg/bogon

i'm not sure what these lists are supposed to do, but they seem to be messing everything up.

Thread: General MoBlock thread

Thread Tools

Display

Threaded View

Re: General MoBlock thread

Bookmarks

Bookmarks

Posting Permissions