View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 2 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
PostPosted: Thu Jun 04, 2009 7:49 am 
Offline
Joined: Wed Jul 25, 2007 7:56 pm
Posts: 103
Location: Arlington, VA, USA
Thanks to graysky for his howto on installing Moblock on R5.5. The process is somewhat simpler on R6 because the kernel does not need to be recompiled; however, the Moblock package appears to be buggy and will not update its filter list, and I show you how to fix this.

These steps worked for me on R6.00.07, using the package moblock-0.9rc2-8.

1. Install Moblock.

Code:
# pacman -S moblock


2. View and edit configuration file located at /etc/moblock/config. This file allows you to pick which filters you wish to use, and to whitelist individual ports, IP addresses, subnets, and ranges. You will probably want to add your LAN to the whitelist, as well as any other computer you regularly use to access your box, just to be safe.

Be aware that if you only have remote access to your box, and you're not careful, it's possible to end up locking yourself out! If that's the case, you may want to write a cron job that turns off Moblock every so often, but that's beyond the scope of this HOWTO.

My config file follows:


Code:
# Original MoBlock configuration options from MoBlock-nfq.sh file
ACTIVATE_CHAINS=1
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="http https" # Add "http https" here to prevent moblock from blocking webpages
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

# Added IP whitelisting support
# Apparently iptables no longer accepts the /subnet style for blocks of
# addresses, so I just did literal ranges instead; now iptables no longer
# complains on startup.
#WHITE_IP_IN="192.168.1.0/24"
WHITE_IP_IN="192.168.1.0-192.168.1.255"
#WHITE_IP_OUT="192.168.1.0/24"
WHITE_IP_OUT="192.168.1.0-192.168.1.255"
WHITE_IP_FW=""

# Individual lists can be disabled by prefixing them with '!'
# Bluetack blacklists (http://www.bluetack.co.uk)
BLUETACK=(level1 level2 !level3 !edu ads-trackers-and-bad-pr0n bogon spyware spider Microsoft !proxy hijacked templist !rangetest dshield)

# blocklist.org lists (currently doesn't work)
#BLOCKLIST=(p2p gov spy ads edu)

# backup lists (might be outdated)
#PHOENIXLABS=(p2b.p2b !edu.txt !spider.txt !spyware.txt !level1.txt !level2.txt !level3.txt)

# Change to 'yes' if you want to backup up the old list before writing
# a new one. Only one backup copy will be kept.
BACKUP_OLD_LIST="no"

# Options passed to wget
WGET_OPTS="-q"


3. Moblock needs to be updated before it can be started. If you try and start it now, it will fail with messages about the file banned.list missing. To create this banned.list file, you need to run moblock-update. However, the moblock-update script in this package has a bug that will cause it to fail when downloading filter lists. To fix this, you need to edit /usr/bin/moblock-update. First, save a backup copy of this file, in case you screw up while editing it (you could also just reinstall via pacman, I suppose).

Search for "stat_busy", and comment out each line that begins with it. In my file, there were 8 lines I commented out. You can probably get away with not commenting out all of these, so feel free to try that and see what happens. Save and close the file.

4. Update the filters by running moblock-update.
Code:
# moblock-update


This may take several minutes; it is downloading the filter lists selecting in the config file, and verifying them. When it's finished, you should have a new file in /etc/moblock named "banned.list".

5. Start moblock.

Code:
# /etc/rc.d/moblock start


6. Check to make sure moblock is working. Messages about blocked IPs show up in the log file, located at /var/log/moblock.log. To generate some activity in that file, ping a domain you know is blocked, e.g., microsoft.com:

Code:
$ ping microsoft.com


CTRL+C after a few seconds. If moblock is working and you check the moblock log:
Code:
$ tail /var/log/moblock.log

You should see something like this:
Code:
Blocked OUT: Microsoft Corp,hits: 1,DST: 207.46.197.32
Blocked OUT: Microsoft Corp,hits: 2,DST: 207.46.197.32
Blocked OUT: Microsoft Corp,hits: 3,DST: 207.46.197.32
Blocked OUT: Microsoft Corp,hits: 4,DST: 207.46.197.32
Blocked OUT: Microsoft Corp,hits: 5,DST: 207.46.197.32
Blocked OUT: Microsoft Corp,hits: 6,DST: 207.46.197.32


(Also note that microsoft.com doesn't return pings anyway, it looks like).

7. To ensure that moblock starts when you boot up, add moblock to the appropriate line in /etc/rc.conf. For example, my DAEMONS line in that file reads:

Code:
DAEMONS=(fbsplash !syslog-ng !hotplug !pcmcia network !mysqld !dbus !avahi-daemon moblock samba)


NB: I originally suggested adding lines to rc.local, but that does not work. Editing rc.conf is the correct way to start daemons at boot.

That's it! Please feel free to post with responses, questions, corrections, clarifications, etc.

I am not sure if/how there is any auto-updating of the filters; if there's not, this may necessitate adding a cron job to automatically run moblock-update. I'm also looking into reporting the bug in moblock-update, but not quite sure where to do that.

Also, much information you'll find online uses moblock-control (aka blockcontrol) to start/stop/update moblock, but I don't find any moblock-control or blockcontrol package available for LinHES or Arch.

I found info on the bug at the Arch User Repository site.


Last edited by langelgjm on Mon Jun 15, 2009 8:56 am, edited 1 time in total.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jun 04, 2009 3:09 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
Cool, thanks for posting. So no need for moblock-control (which has been renamed to 'block-control' I just learned)?

_________________
Retired KM user (R4 - R6.04); friend to LH users.


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu