Results 1 to 10 of 650

Thread: General MoBlock thread

Threaded View

  1. #11
    Join Date
    Aug 2008
    Location
    Brazil
    Beans
    12,497
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: General MoBlock thread

    Quote Originally Posted by noblem View Post
    The allow.p2p file may not have the desired effect as it creates iptables rules to allow traffic out to the allowed range, in from the allowed range and forwarded traffic from either a source or destination of the allowed range.

    This is fine if you want to allow an host/range that's external to the local lan (which I'm guessing was the idea). If your trying to use it to allow traffic from your local lan the in and out will be backwards and all forwarded traffic will bypass moblock totally which probably isn't what you want, especially if the moblock host is doing nat for your internal network.

    The WHITE_LOCAL option may work, but forwarding is still going to be a problem so removing the lan range from the blocklist is probably the safest option
    That's why you can configure /etc/default/moblock with the following rules:

    Code:
    ALLOW_IN="$CONF_DIR/allow-in.p2p"
    ALLOW_OUT="$CONF_DIR/allow-out.p2p"
    ALLOW_FW="$CONF_DIR/allow-fw.p2p"
    This way you can create different allow lists for INBOUND, OUTBOUND and FORWARD traffic.

    BTW, the local network whitelisting feature is still experimental, so again, using the alow lists is the best way.


    EDIT: I forgot to mention that the iptables rules created by the allow lists are related only to traffic marked by moblock, which means that if you want to confine traffic on local ranges to the local network, all you have to do is create iptables that allow local traffic but block external access to those ranges. This can be done manually inserting iptables rules, using a firewall manager like Firestarter or using moblock's custom scripts. This gives a lot of flexibility to control your traffic, as along as you understand how iptables works.
    Last edited by lovinglinux; November 25th, 2008 at 10:23 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •