|
Size: 13093
Comment:
|
Size: 12804
Comment: Added information how to edit sources.list
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| Note: Firestarter and most iptables firewalls do not work with MoBlock. If you want a firewall that works with MoBlock, you can try FireHOL. See the '''[http://ubuntuforums.org/showpost.php?p=1114891&postcount=1 instructions for FireHOL users]''' (scroll down). You may also try '''[http://iplist.sourceforge.net/ iplist]''' by '''[http://forums.phoenixlabs.org/member.php?u=8022 uljanow]'''. Also consider that routers can make software firewalls on your computer redundant. | Note: Since version 0.9 MoBlock does no more conflict with other firewalls. But you have to make sure that MoBlock is started after them and the iptables rules don't get changed later. You may also try '''[http://iplist.sourceforge.net/ iplist]''' by '''[http://forums.phoenixlabs.org/member.php?u=8022 uljanow]'''. Also consider that routers can make software firewalls on your computer redundant. |
| Line 21: | Line 21: |
| You must use a repository for your specific release (i.e. Ubuntu 7.10) === Ubuntu 8.04 ("Hardy Heron") 32-bit === Add to /etc/apt/sources.list |
You have to add the repository sources to your /etc/apt/sources.list: {{{ gksu gedit /etc/default/moblock }}} In Kubuntu, replace gksu with kdesu. Add these two lines for your specific release (i.e. Ubuntu 7.10) === Ubuntu 8.04 ("Hardy Heron") 32-bit and 64-bit === |
| Line 32: | Line 37: |
| === Ubuntu 7.10 ("Gutsy Gibbon") 32-bit === Add to /etc/apt/sources.list |
=== Ubuntu 7.10 ("Gutsy Gibbon") 32-bit 64-bit === |
| Line 41: | Line 44: |
| === Ubuntu 7.04 ("Feisty Fawn") 32-bit === Add to /etc/apt/sources.list |
=== Ubuntu 7.04 ("Feisty Fawn") 32-bit 64-bit === |
| Line 50: | Line 51: |
| === 64-bit packages === These repositories do not contain 64-bit packages. You can either create your own from source or use a user-built packages. ==== Ubuntu 7.10 ("Gutsy Gibbon") ==== Ubuntu 7.10 64-bit '''[http://ubuntuforums.org/attachment.php?attachmentid=53445&d=1197850896 moblock-nfq package]''' 0.8-39 (hosted by ubuntuforums.org). |
|
| Line 62: | Line 55: |
| MoBlock checks traffic that is sent to the iptables QUEUE (deprecated) or NFQUEUE (new) target. So there are two packages, moblock-ipq and moblock-nfq. Depending on your package of choice you need either the ip_queue or xt_NFQUEUE kernel module loaded. Unless you have a Linux kernel older than 2.6.14, you should use the moblock-nfq package with the new target. | Install the moblock package. If you want a graphical interface you can also install mobloquer (only hardy and Gutsy). There are also two other packages (moblock-ipq and moblock-nfq) - they are deprecated and will soon be removed. |
| Line 69: | Line 62: |
| * Via apt-get {{{ sudo apt-get update sudo apt-get install moblock-nfq |
* Via aptitude {{{ sudo aptitude update sudo aptitude install moblock |
| Line 77: | Line 70: |
| These instructions are currently broken, most likely due to a bug in lsb init-functions (lsb-base). Note: there's a working "init-functions" on '''[http://moblock-deb.svn.sourceforge.net/viewvc/moblock-deb/stuff/init-functions?view=log moblock-deb.sf.net]''' | These instructions are currently broken, most likely due to a bug in lsb init-functions (lsb-base). Note: there's a working "init-functions" on '''[http://moblock-deb.svn.sourceforge.net/viewvc/*checkout*/moblock-deb/stuff/init-functions]''' |
| Line 87: | Line 80: |
| Finally, install the moblock-nfq package from the repository. | Finally, install the moblock package from the repository. |
| Line 90: | Line 83: |
| * Via apt-get {{{ sudo apt-get install moblock-nfq |
* Via aptitude {{{ sudo aptitude install moblock |
| Line 97: | Line 90: |
| These instructions have not been confirmed to work. Please report in '''[http://ubuntuforums.org/showthread.php?t=192559 this thread]''' if they are valid. | These instructions have not been confirmed to work. Please report in '''[http://ubuntuforums.org/showthread.php?t=803183]''' if they are valid. |
| Line 107: | Line 100: |
| Finally, install the moblock-nfq package from the repository. | Finally, install the moblock package from the repository. |
| Line 110: | Line 103: |
| * Via apt-get {{{ sudo apt-get install moblock-nfq |
* Via aptitude {{{ sudo aptitude install moblock |
| Line 117: | Line 110: |
| If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for 64-bit packages (although user-built packages are provided above), or for an older release (you will also have to compile netfilter lib packages). | If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you will also have to compile netfilter lib packages). |
| Line 121: | Line 114: |
| sudo apt-get update sudo apt-get install fakeroot |
sudo aptitude update sudo aptitude install fakeroot |
| Line 130: | Line 123: |
| sudo dpkg -i moblock-nfq*.deb sudo apt-get purge -y build-essential debhelper dpatch dpkg-dev g++ g++-4.1 gettext html2text intltool-debian iptables-dev libc6-dev libnetfilter-queue-dev libnfnetlink-dev libstdc++6-4.1-dev linux-libc-dev patch po-debconf |
sudo dpkg -i moblock*.deb |
| Line 137: | Line 129: |
| Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The MoBlock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock-nfq*.deb is installed and its dependencies are installed. Finally, the development dependencies (including configuration files) are removed. You can also use this '''[http://ubuntuforums.org/attachment.php?attachmentid=50325&d=1195170638 shell script]''' (hosted by Ubuntu Forums). Make sure it is executable. In Ubuntu, you can right click it and click on properties. In the tab Permissions make sure Allow executing this file as program is checked. Then close and double click on the file. Click the button Run in Terminal. |
Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The MoBlock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock*.deb is installed and its dependencies are installed. |
| Line 147: | Line 137: |
| The packages contain a moblock-control script with the following features: | The packages contain the moblock-control script with the following features: |
| Line 209: | Line 199: |
| To change that, locate line 68 in /etc/moblock/moblock.conf {{{ gksu gedit /etc/moblock/moblock.conf }}} In Kubuntu, replace gksu with kdesu. {{{ #WHITE_TCP_OUT="http https" }}} Uncomment the code, that is, remove the hash (#). |
To change that add the following to /etc/default/moblock {{{ gksu gedit /etc/default/moblock }}} In Kubuntu, replace gksu with kdesu. |
| Line 223: | Line 208: |
Do a {{{ moblock-control restart }}} when you have changed these settings. |
|
| Line 230: | Line 221: |
| You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time). | You can. And this is remommended for your LAN! Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time). |
| Line 235: | Line 226: |
| Then, edit /etc/moblock/moblock.conf {{{ gksu gedit /etc/moblock/moblock.conf }}} In Kubuntu, replace gksu with kdesu. To whitelist IPs, edit the following part. {{{ # Do a "moblock-control restart" when you have changed these settings. |
Then, edit /etc/default/moblock {{{ gksu gedit /etc/default/moblock }}} In Kubuntu, replace gksu with kdesu. To whitelist IPs add the following variables: {{{ |
| Line 254: | Line 244: |
| Separate IP addresses with a whitespace. You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Edit the following part. |
Separate IP addresses with a whitespace. Do a {{{ moblock-control restart }}} when you have changed these settings. You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable: |
| Line 262: | Line 257: |
| Separate phrases with a semicolon. | Separate phrases with a semicolon. Do a {{{ moblock-control reload }}} when you have changed these settings. |
| Line 277: | Line 276: |
| Do a {{{ moblock-control update }}} when you have changed these settings. |
|
| Line 279: | Line 285: |
| Edit /etc/moblock/moblock.conf. {{{ gksu gedit /etc/moblock/moblock.conf }}} In Kubuntu, replace gksu with kdesu. Set the following. |
Edit /etc/default/moblock. {{{ gksu gedit /etc/default/moblock }}} In Kubuntu, replace gksu with kdesu. Set the following: |
| Line 297: | Line 303: |
| Enable netfilter support in xconfig, or in the kernel source config file. | Enable netfilter support in xconfig, or in the kernel source config file as modules. Alternatively, if you have iptables support built-in directly in the kernel edit /etc/default/moblock: {{{ gksu gedit /etc/default/moblock }}} In Kubuntu, replace gksu with kdesu. Set the following: {{{ IPTABLES_MODULES="0" }}} This will turn off the module loading and assume that the necessary iptables support is compiled in the kernel (available since moblock 0.9~rc2-12). |
| Line 301: | Line 321: |
| MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/moblock/moblock.conf. {{{ gksu gedit /etc/moblock/moblock.conf |
MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/default/moblock. {{{ gksu gedit /etc/default/moblock |
| Line 316: | Line 336: |
== How do I find out which port a blocked packet was sent on? Edit /etc/default/moblock. {{{ gksu gedit /etc/default/moblock }}} The number in the following setting enables (1) or disables (2) automatic updating. {{{ LOG_IPTABLES="LOG --log-level info" }}} Separate IP addresses with a whitespace. Do a {{{ moblock-control restart" }}} when you have changed these settings. |
|
| Line 322: | Line 361: |
| * '''[http://ubuntuforums.org/showthread.php?t=192559 MoBlock thread where people have asked questions]''' | * '''[http://ubuntuforums.org/showthread.php?t=803183 MoBlock thread where people have asked questions]''' |
ContentsBRTableOfContents(2) |
MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat.
There are plans to make it the official PeerGuardian for Linux.
Note: Since version 0.9 MoBlock does no more conflict with other firewalls. But you have to make sure that MoBlock is started after them and the iptables rules don't get changed later. You may also try [http://iplist.sourceforge.net/ iplist] by [http://forums.phoenixlabs.org/member.php?u=8022 uljanow]. Also consider that routers can make software firewalls on your computer redundant.
Add Repository
Add the correct gpg key to the apt keyring
All repositories use this. In terminal, type the following.
gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B gpg --export --armor 9072870B | sudo apt-key add -
Add specific repository for release
You have to add the repository sources to your /etc/apt/sources.list:
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu.
Add these two lines for your specific release (i.e. Ubuntu 7.10)
Ubuntu 8.04 ("Hardy Heron") 32-bit and 64-bit
deb http://moblock-deb.sourceforge.net/debian hardy main deb-src http://moblock-deb.sourceforge.net/debian hardy main
Ubuntu 7.10 ("Gutsy Gibbon") 32-bit 64-bit
deb http://moblock-deb.sourceforge.net/debian gutsy main deb-src http://moblock-deb.sourceforge.net/debian gutsy main
Ubuntu 7.04 ("Feisty Fawn") 32-bit 64-bit
deb http://moblock-deb.sourceforge.net/debian feisty main deb-src http://moblock-deb.sourceforge.net/debian feisty main
Package Installation
Using Repositories
Install the moblock package. If you want a graphical interface you can also install mobloquer (only hardy and Gutsy). There are also two other packages (moblock-ipq and moblock-nfq) - they are deprecated and will soon be removed.
Ubuntu (development) ("Hardy Heron"), Ubuntu 7.10 ("Gutsy Gibbon") and Ubuntu 7.04 ("Feisty Fawn")
Add the repositories using the above instructions.
Via [:Synaptic:Synaptic Package Manager]
- Via aptitude
sudo aptitude update sudo aptitude install moblock
Ubuntu 6.10 ("Edgy Eft")
These instructions are currently broken, most likely due to a bug in lsb init-functions (lsb-base). Note: there's a working "init-functions" on [http://moblock-deb.svn.sourceforge.net/viewvc/*checkout*/moblock-deb/stuff/init-functions]
Add the repositories using the above instructions.
Then, you need to install two netfilter lib packages.
[http://www.ubuntuforums.org/attachment.php?attachmentid=20162&stc=1&d=1164741758 libnfnetlink] (Hosted by Ubuntu Forums)
[http://www.ubuntuforums.org/attachment.php?attachmentid=20163&stc=1&d=1164741758 libnetfilter-queue] (Hosted by Ubuntu Forums)
Finally, install the moblock package from the repository.
Via [:Synaptic:Synaptic Package Manager]
- Via aptitude
sudo aptitude install moblock
Ubuntu 6.06 ("Dapper Drake")
These instructions have not been confirmed to work. Please report in [http://ubuntuforums.org/showthread.php?t=803183] if they are valid.
Add the repositories using the above instructions.
Then, you need to install two netfilter lib packages.
[http://www.ubuntuforums.org/attachment.php?attachmentid=20165&stc=1&d=1164742172 libnfnetlink] (Hosted by Ubuntu Forums)
[http://www.ubuntuforums.org/attachment.php?attachmentid=20166&stc=1&d=1164742172 libnetfilter-queue] (Hosted by Ubuntu Forums)
Finally, install the moblock package from the repository.
Via [:Synaptic:Synaptic Package Manager]
- Via aptitude
sudo aptitude install moblock
Compile a package
If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you will also have to compile netfilter lib packages).
First, make sure you have added a source repository for your release. Then, run the following in terminal.
sudo aptitude update sudo aptitude install fakeroot mkdir moblock cd moblock sudo apt-get build-dep -y moblock apt-get source moblock cd moblock-* dpkg-buildpackage -rfakeroot cd .. sudo dpkg -i moblock*.deb sudo apt-get install -f
Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better.
Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The MoBlock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock*.deb is installed and its dependencies are installed.
Install a package
Use the instructions at the [:InstallingSoftware] page under [:InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5:Installing downloaded packages]
Configuration and Usage
The packages contain the moblock-control script with the following features:
start and stop MoBlock (including handling of the iptables rules if desired)
- update the specified blocklists from online sources
- use local blocklists
- modify the blocklist and whitelist IPs and ports
The logfiles are rotated daily.
In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block.
Start MoBlock
sudo moblock-control start
Stop MoBlock
sudo moblock-control stop
Restart MoBlock
sudo moblock-control restart
Rebuild Blocklist
sudo moblock-control reload
Moblock is then reloaded.
Update Blocklists
sudo moblock-control update
Moblock is then reloaded.
MoBlock Status
sudo moblock-control status
It receives the iptables settings and the status of the MoBlock daemon.
Test MoBlock
sudo moblock-control test
The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
Frequently Asked Questions (FAQ)
Some applications cannot connect to the internet any more!
No ports are whitelisted by default. So, if the IP address your application is trying to reach, is in the blocklist, it is blocked. To change that add the following to /etc/default/moblock
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu.
WHITE_TCP_OUT="http https"
Do a
moblock-control restart
when you have changed these settings.
See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. In effect, you can now browse blocked ips, with firefox/konqueror or any other browser. If you know the port number of an application you use, then this is the place to put it. If you want to put a range of ports, use the format "startport:endport".
But why can I not just remove the IP address from the blocklist instead?
You can. And this is remommended for your LAN! Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
Then, edit /etc/default/moblock
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu.
To whitelist IPs add the following variables:
WHITE_IP_IN="" WHITE_IP_OUT="" WHITE_IP_FORWARD=""
Insert e.g. "192.168.178.1" to whitelist a single IP, or e.g. "192.168.178.0/24" to whitelist an IP range (192.168.178.0 - 192.168.178.255) or e.g. "192.168.0.0/16" to whitelist a bigger IP range (192.168.0.0 - 192.168.255.255)
Separate IP addresses with a whitespace. Do a
moblock-control restart
when you have changed these settings.
You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable:
# Do a "moblock-control reload" when you have changed these settings. IP_REMOVE=""
Separate phrases with a semicolon. Do a
moblock-control reload
when you have changed these settings.
Remember to reload or restart MoBlock after modifying the configuration.
How do I choose what blocklists to include in the update function?
Edit /etc/moblock/blocklists.list
gksu gedit /etc/moblock/blocklists.list
In Kubuntu, replace gksu with kdesu.
Uncomment the blocklists, that is, remove the hash (#) to enable certain blocklists or comment them out by adding a hash before the blocklists to disable them.
Do a
moblock-control update
when you have changed these settings.
How do I keep it installed, without having it run at startup?
Edit /etc/default/moblock.
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu.
Set the following:
MOBLOCK_INIT="0"
What happens when I install MoBlock the first time?
It will download a new blocklist for you during installation, and start it as a deamon. In other words, it will start automatically everytime you boot up.
I have a custom compiled kernel. Moblock does not work.
Enable netfilter support in xconfig, or in the kernel source config file as modules.
Alternatively, if you have iptables support built-in directly in the kernel edit /etc/default/moblock:
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu.
Set the following:
IPTABLES_MODULES="0"
This will turn off the module loading and assume that the necessary iptables support is compiled in the kernel (available since moblock 0.9~rc2-12).
How do I change automatic updating?
MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/default/moblock.
gksu gedit /etc/default/moblock
The number in the following setting enables (1) or disables (2) automatic updating.
MOBLOCK_CRON="1"
To disable automatic updating, set the following.
MOBLOCK_CRON="0"
== How do I find out which port a blocked packet was sent on?
Edit /etc/default/moblock.
gksu gedit /etc/default/moblock
The number in the following setting enables (1) or disables (2) automatic updating.
LOG_IPTABLES="LOG --log-level info"
Separate IP addresses with a whitespace. Do a
moblock-control restart"
when you have changed these settings.
Credits
Special thanks to [http://ubuntuforums.org/member.php?u=50108 pelle.k] for the Ubuntu Forums [http://ubuntuforums.org/showthread.php?p=1114891 thread] this is derived from, the MoBlock Debian Packages maintainer [http://ubuntuforums.org/member.php?u=228584 jre], and the contributors to MoBlock. The Ubuntu 7.10 64-bit package and source page shell script were provided by [http://ubuntuforums.org/member.php?u=182332 daradib]. The Ubuntu 7.04 64-bit package was provided by [http://ubuntuforums.org/member.php?u=58418 minijoe]. The Ubuntu 6.06 netfilter lib packages were provided by [http://ubuntuforums.org/member.php?u=14921 foxy123].
Further Reading
[http://ubuntuforums.org/showthread.php?t=803183 MoBlock thread where people have asked questions]
[http://moblock.berlios.de/ MoBlock Homepage]
[http://moblock-deb.sourceforge.net/ MoBlock Debian Packages]
[http://phoenixlabs.org/ Phoenix Labs (PeerGuardian)]
[http://ubuntuforums.org/showpost.php?p=1114891&postcount=1 Instructions for FireHOL users (scroll down)]