ContentsBR TableOfContents(2)

MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p).

There are plans to make it the official PeerGuardian for Linux.

Add Repository

Add the correct gpg key to the apt keyring

All repositories use this. In terminal, type the following.

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg --export --armor 9072870B | sudo apt-key add -

Add specific repository for release

You must use a repository for your specific release (i.e. Ubuntu 7.10)

Ubuntu 7.10 ("Gutsy Gibbon") 32-bit

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian gutsy main
deb-src http://moblock-deb.sourceforge.net/debian gutsy main

Ubuntu 7.04 ("Feisty Fawn") 32-bit

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian feisty main
deb-src http://moblock-deb.sourceforge.net/debian feisty main

Ubuntu 6.10 ("Edgy Eft") 32-bit

These instructions may be broken as of 01 October 2007.

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian etch main
deb-src http://moblock-deb.sourceforge.net/debian etch main

Ubuntu 6.06 ("Dapper Drake") 32-bit

These instructions have not been confirmed to work as of 26 September 2007.

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian etch main
deb-src http://moblock-deb.sourceforge.net/debian etch main

64-bit packages

These repositories do not contain 64-bit packages. You can either create your own from source or use a user-built packages.

Ubuntu 7.10 ("Gutsy Gibbon")

Ubuntu 7.10 64-bit [http://ubuntuforums.org/attachment.php?attachmentid=46644&d=1192665875 moblock-nfq package] 0.8-26 (Hosted by Ubuntu Forums)

Ubuntu 7.04 ("Feisty Fawn")

Ubuntu 7.04 64-bit [http://moblock-deb.sourceforge.net/moblock-nfq_0.8-21+feisty_amd64.deb moblock-nfq package] 0.8-21

Package Installation

Using Repositories

MoBlock checks traffic that is sent to the iptables QUEUE (deprecated) or NFQUEUE (new) target. So there are two packages, moblock-ipq and moblock-nfq. Depending on your package of choice you need either the ip_queue or xt_NFQUEUE kernel module loaded. Unless you have a Linux kernel older than 2.6.14, you should use the moblock-nfq package with the new target.

Ubuntu 7.10 ("Gutsy Gibbon") and Ubuntu 7.04 ("Feisty Fawn")

Add the repositories using the above instructions.

Via [:Synaptic:Synaptic Package Manager]
Via apt-get
```
sudo apt-get install moblock-nfq
```

Ubuntu 6.10 ("Edgy Eft")

These instructions may be broken as of 01 October 2007.

Add the repositories using the above instructions.

Then, you need to install two netfilter lib packages.

[http://www.ubuntuforums.org/attachment.php?attachmentid=20162&stc=1&d=1164741758 libnfnetlink] (Hosted by Ubuntu Forums)

[http://www.ubuntuforums.org/attachment.php?attachmentid=20163&stc=1&d=1164741758 libnetfilter-queue] (Hosted by Ubuntu Forums)

Finally, install the moblock-nfq package from the repository.

Via [:Synaptic:Synaptic Package Manager]
Via apt-get
```
sudo apt-get install moblock-nfq
```

Ubuntu 6.04 ("Dapper Drake")

These instructions have not been confirmed to work as of 26 September 2007.

Add the repositories using the above instructions.

Then, you need to install two netfilter lib packages.

[http://www.ubuntuforums.org/attachment.php?attachmentid=20165&stc=1&d=1164742172 libnfnetlink] (Hosted by Ubuntu Forums)

[http://www.ubuntuforums.org/attachment.php?attachmentid=20166&stc=1&d=1164742172 libnetfilter-queue] (Hosted by Ubuntu Forums)

Finally, install the moblock-nfq package from the repository.

Via [:Synaptic:Synaptic Package Manager]
Via apt-get
```
sudo apt-get install moblock-nfq
```

Compile a package

If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for 64-bit packages (although user-built packages are provided above), or for an older release (you will also have to compile netfilter lib packages).

First, make sure you have added a source repository for your release. Then, run the following in terminal.

mkdir moblock
cd moblock
sudo apt-get build-dep -y moblock
apt-get source moblock
cd moblock-*
dpkg-buildpackage -rfakeroot
cd ..
sudo dpkg -i moblock-nfq*.deb
sudo apt-get purge -y iptables-dev libnetfilter-queue-dev libnfnetlink-dev
sudo apt-get install -f

Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better.

These commands make the directory moblock and then changes the current working directory to it. It then installs moblock's development dependencies. The moblock source package is downloaded and changes the current working directory to it. The source and binary packages are built and the working directory moves one directory up. Then the moblock-nfq*.deb is installed and its dependencies are installed. Finally, the development dependencies (including configuration files) are removed.

You can also use this [http://ubuntuforums.org/attachment.php?attachmentid=46643&d=1192665875 shell script] (hosted by Ubuntu Forums). Make sure it is executable. In Ubuntu, you can right click it and click on properties. In the tab Permissions make sure Allow executing this file as program is checked. Then close and double click on the file. Click the button Run in Terminal.

Install a package

Use the instructions at the [:InstallingSoftware] page under [:InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5:Installing downloaded packages]

Configuration and Usage

The packages contain a moblock-control script with the following features:

start and stop MoBlock (including handling of the iptables rules if desired)
update the specified blocklists from online sources
use local blocklists
modify the blocklist and whitelist IPs and ports

The logfiles are rotated daily.

In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block.

sudo moblock-control start - starts MoBlock
sudo moblock-control stop - stops MoBlock
sudo moblock-control restart - restarts MoBlock
sudo moblock-control reload - rebuilds the blocklist and reloads MoBlock
sudo moblock-control update - updates the blocklists and reloads MoBlock
sudo moblock-control status - gives the iptables settings and the status of the MoBlock daemon
sudo moblock-control test - simple test to check if MoBlock is working (pings the first IP in the blocklist and checks if this IP was blocked via /var/log/moblock.log). This does not check if all blocklists are in the correct format, if the whitelisting is correct and if in- and forward connections are controlled.)

The test has been known to have problems. Look at the log to check. This can be done interactively (this command will show you the log in real-time).

```
tail -f /var/log/moblock.log
```

Frequently Asked Questions (FAQ)

Some applications can't connect to the internet any more!

No ports are whitelisted by default. So, if the ip your application is trying to reach, is in the blocklist, it is blocked. To change that, locate line 68 in /etc/moblock/moblock.conf

```
gksu gedit /etc/moblock/moblock.conf
```

In Kubuntu, replace gksu with kdesu.

```
#WHITE_TCP_OUT="http https"
```

Uncomment the code, that is, remove the hash (#).

```
WHITE_TCP_OUT="http https"
```

See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. In effect, you can now browse blocked ips, with firefox/konqueror or any other browser. If you know the port number of an application you use, then this is the place to put it.

But why can't i just remove the ip from the blocklist instead?

You can. Find out what you wan't to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).

```
tail -f /var/log/moblock.log
```

Then, edit /etc/moblock/moblock.conf

```
gksu gedit /etc/moblock/moblock.conf
```

In Kubuntu, replace gksu with kdesu.

To whitelist one specific IP, edit the following part.

# Do a "moblock-control restart" when you have changed these settings.

IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

Separate IP addresses with a whitespace.

To whitelist a whole range you can use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists), edit the following part.

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""

Separate phrases with a semicolon.

Remember to reload or restart MoBlock after modifying the configuration.

How do i choose what blocklists to include in the update function?

Edit /etc/moblock/blocklists.list

```
gksu gedit /etc/moblock/blocklists.list
```

In Kubuntu, replace gksu with kdesu.

How do i keep it installed, without having it run at startup?

Edit /etc/moblock/moblock.conf and set the following.

```
gksu gedit /etc/moblock/moblock.conf
```

In Kubuntu, replace gksu with kdesu.

```
MOBLOCK_INIT="0"
```

What happens when i install MoBlock the first time?

It will download a new blocklist for you during installation, and start it as a deamon. In other words, it will start automatically with (K,X)ubuntu everytime you boot up.

I have a custom compiled kernel. Moblock doesn't work.

Enable netfilter support in xconfig, or in the kernel source config file.

Credits

Special thanks to [http://ubuntuforums.org/member.php?u=50108 pelle.k] for the Ubuntu Forums [http://ubuntuforums.org/showthread.php?p=1114891 thread] this is derived from, the [http://ubuntuforums.org/member.php?u=129871 MoBlock Debian Packages maintainer], and the MoBlock team. The Ubuntu 7.10 64-bit package and source page shell script were provided by [http://ubuntuforums.org/member.php?u=182332 daradib]. The Ubuntu 7.04 64-bit package was provided by [http://ubuntuforums.org/member.php?u=58418 minijoe]. The Ubuntu 6.06 netfilter lib packages were provided by [http://ubuntuforums.org/member.php?u=14921 foxy123].

Ubuntu Documentation

MoBlock

Add Repository

Add the correct gpg key to the apt keyring

Add specific repository for release

Ubuntu 7.10 ("Gutsy Gibbon") 32-bit

Ubuntu 7.04 ("Feisty Fawn") 32-bit

Ubuntu 6.10 ("Edgy Eft") 32-bit

Ubuntu 6.06 ("Dapper Drake") 32-bit

64-bit packages

Ubuntu 7.10 ("Gutsy Gibbon")

Ubuntu 7.04 ("Feisty Fawn")

Package Installation

Using Repositories

Ubuntu 7.10 ("Gutsy Gibbon") and Ubuntu 7.04 ("Feisty Fawn")

Ubuntu 6.10 ("Edgy Eft")

Ubuntu 6.04 ("Dapper Drake")

Compile a package

Install a package

Configuration and Usage

Frequently Asked Questions (FAQ)

Some applications can't connect to the internet any more!

But why can't i just remove the ip from the blocklist instead?

How do i choose what blocklists to include in the update function?

How do i keep it installed, without having it run at startup?

What happens when i install MoBlock the first time?

I have a custom compiled kernel. Moblock doesn't work.

Credits

Further Reading