Good evening,
I'm sorry if this question was answered before, but I didn't find a clear answer on the first few pages...
Anyway, moblock seems to block all http for me, while still allowing some other connections (I'm not entirely sure which, but I can talk over MSN, for example). Here is the output of 'sudo moblock-control status':
Code:
sevis@saruman-desktop:~$ sudo moblock-control status
Current iptables rules (this may take awhile):
Chain INPUT (policy ACCEPT 499K packets, 112M bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain OUTPUT (policy ACCEPT 789K packets, 813M bytes)
pkts bytes target prot opt in out source destination
2 142 moblock_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 RETURN all -- * * 192.168.1.0/24 192.168.1.0/24
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 RETURN all -- * * 192.168.1.0/24 0.0.0.0/0
0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 192.168.0.0/24 0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.0/24
0 0 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.0.0/24
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 142 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92
Please check if the above printed iptables rules are correct!
* moblock is not running.
Also, please note that moblock was running at that time - at least, I had used 'sudo moblock-control start', and it was blocking http quite successfully.
In /etc/default/moblock, I have, after the autogenerated comments:
Code:
WHITE_IP_IN="192.168.0.0/24"
WHITE_IP_OUT="192.168.0.0/24"
WHITE_TCP_OUT="80 8080 443"
Thank you!
Sevis
Bookmarks