Yes, the ".." causes the problem. Generally nothing to worry, I think. AFAIK moblock loads only correct ranges.
Which blocklists are you using? I can't find that ".." here, also the test works fine here. I only have as 9th line:
Could you please post the 10th line of /etc/moblock/guarding.p2p. I need to know if it's a problem of the blocklist or if my test function causes the ".."Code:Comment spammer:12.21.127.106-12.21.127.106
Which Ubuntu version are you using?
Hmm, I can only suggest to "purge" and install again.
If the problems persist I assume it's something with amd64.
There are no known problems (except those where something strange happens and nobody knows why :-/ ) with this version. I think MoBlock 0.9 will also be released quite soon officially. So if there stays something wrong we have to investigate it. For a start I'm interested in the output of "moblock-control status" and the logfiles.
In MoBlock 0.8 all packets which were sent to Moblock (via the iptables NFQUEUE target) were checked and then either accepted (without returning to the iptables chains) or dropped (of course also without returning).
With MoBlock 0.9 and my default configuration (note that I broke the configuration to have the same behaviour as in 0.8, but will soon fix that) the packets will be marked (this marking will be logged in /var/log/moblock.log). As an exception, incoming packets which match the blocklist will be dropped directly like in MoBlock 0.8.
The marked packets then repeat (return to the head of) the iptables chains (INPUT/OUTPUT/FORWARD):
"Marked accept" packets will not be sent to the moblock chains again - so other iptables rules/the iptables policy decide what happens to them.
Outgoing "Marked blocked" packets will be REJECTed by an seperate iptables rule.
Forwarded "Marked blocked" packets will be DROPped by an seperate iptables rules.
So yes, everything correct what you said. And it's only logged that the packets were marked, but not when they are really dropped (except matching incoming packets, which are always dropped directly and so are logged, see above).
It's quite easy to see that the REJECTED packets are really blocked, because the sending program gets an "Destination Port Unreachable" and so stops directly the connection attempts.
Please post your logfiles and output of commands wrapped in code tags:Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.Code:[code]output[/code]
thanks for the explanation, i might give it another try soon.
does the moblock >mark >iptables >reject work whatever iptables config u got? or do u have to do something with iptables ?
hardy 64 bit
I am using Ubuntu 7.10 gutsy gibbon; and I'm using the default "green checked" blocklists that show up in mobloquer after install. Here's the full list:
microsoft, ads-trackers-and-bad-pr0n, bogon, dshield, hijacked, iana-multicast, iana-private, iana-reserved, level 1, level 2, rangetest, spider, spyware, templist, and trojan.
here's the 10th line of my guarding.p2p:
just so you know, jre: in mobloquer's log display it is showing blocked connections (incoming and outgoing), so moblock is apparently working just fine. it seems like the test function is all that's having a hiccup.Code:Comment spammer:12.21.127.106-12.21.127.106
hope this helps!
i just tried again, several times actually. it just isnt working. firstly moblock wont run, i get no error msg when starting it but its not listed in any process list
secondly wile moblock is installed i have no network connection, i have to uninstall it then network works again
the only error message ive been able to see is when simply typing 'moblock' in a terminal i get:
error while loading shared libraries: libnetfilter_queue.so.1: cannot open shared object file: No such file or directory
tried uninstalling and reinstalling that file as well but to no avail.
i get no error messages during the install procedure...
this is for moblock_0.9~rc2-2+gutsy+amd64_amd64.deb
hardy 64 bit
I too have had the same problems after reinstalling. Test fails and moblock blocks all http traffic. I just reinstalled mobloquer and checked the boxes off for http,https,pop,smtp,and imap so all functions should have returned as far as networking. I still wonder if moblock is actually working.
moblock status:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1386 486K moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
11 880 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- eth1 * 98.213.124.140 255.255.255.255
8 320 logaborted tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x04/0x04
6098 7452K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
16102 5632K nicfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0
16102 5632K srcfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
0 0 srcfilt 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 1 packets, 146 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
18 974 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
11 880 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
4986 325K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
298 16595 s1 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain f0to1 (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:6970:7170
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:6881:6889 state NEW
16093 5630K logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain f1to0 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:6969 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:109 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:1723 state NEW
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:110 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:995 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:21 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:119 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:143 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6660:6669 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
26 1650 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
206 10712 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:80 state NEW
4 208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8080 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8008 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8000 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8888 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:587
1 76 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:123 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1755 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1755
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:554 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070 state NEW
11 572 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:443 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6881:6889 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:5999 dpt:37
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:37 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:993 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:25 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state NEW
9 1737 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
41 1640 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logaborted (1 references)
pkts bytes target prot opt in out source destination
8 320 logaborted2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '
Chain logaborted2 (1 references)
pkts bytes target prot opt in out source destination
8 320 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `ABORTED '
8 320 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain logdrop (4 references)
pkts bytes target prot opt in out source destination
9146 3205K logdrop2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
263 92782 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '
6997 2429K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop2 (1 references)
pkts bytes target prot opt in out source destination
9146 3205K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED '
9146 3205K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 logreject2 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject2 (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `REJECTED '
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
1386 486K NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
15 780 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 194 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain nicfilt (1 references)
pkts bytes target prot opt in out source destination
16102 5632K RETURN 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain s0 (1 references)
pkts bytes target prot opt in out source destination
9 1092 f0to1 0 -- * * 0.0.0.0/0 98.213.124.140
16084 5629K f0to1 0 -- * * 0.0.0.0/0 255.255.255.255
0 0 f0to1 0 -- * * 0.0.0.0/0 127.0.0.1
9 1737 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain s1 (1 references)
pkts bytes target prot opt in out source destination
298 16595 f1to0 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain srcfilt (2 references)
pkts bytes target prot opt in out source destination
16102 5632K s0 0 -- * * 0.0.0.0/0 0.0.0.0/0
Please check if the above printed iptables rules are correct!
* moblock is running, pid is 9162.
just wanted to post that besides the "test", my moblock is working fine. here's what I did, maybe it has something to do with it:
edited moblock-control as per jre's instructions
completely removed moblock and mobloquer
updated my package list and installed moblock RC2-2
then I went into the config file, and changed the WHITE_TCP_OUT values from the text "http https" to the numbers "80 443" (i also added some other ports for IM networks so pidgin could connect)
after that, moblock seems to work as it always has, besides the "moblock-control test" function being broken.
With Marking on MoBlock is working fine with other iptables rules/firewalls if the first lines in the chains INPUT/FORWARD/OUTPUT are like these.
This will be the case when moblock is started after other iptables changes/firewalls. Of course the MOBLOCK... chains have to exist, too.Code:Chain INPUT (policy ACCEPT 64214 packets, 85M bytes) pkts bytes target prot opt in out source destination 1734 118K moblock_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14 [Every following line is ok] Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa 0 0 moblock_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14 [Every following line is ok] Chain OUTPUT (policy ACCEPT 42390 packets, 3454K bytes) pkts bytes target prot opt in out source destination 34 2040 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable 1221 86849 moblock_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14 [Every following line is ok]
Now, what is needed is the running "moblock" process and a valid blocklist.
@jamesford:
Sorry, I've no answer (yet) for the
error while loading shared libraries: libnetfilter_queue.so.1: cannot open shared object file: No such file or directory
problem on amd64. It might be a problem with my cross-compiling - you might test building your own packages,
@garret: yes, per default moblock blocks also google.
Please post your logfiles and output of commands wrapped in code tags:Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.Code:[code]output[/code]
Bookmarks