MoBlock on Ubuntu

1. add moblock package path to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian hardy main
deb-src http://moblock-deb.sourceforge.net/debian hardy main

2. add the gpg key

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg --export --armor 9072870B | sudo apt-key add -

3. update package lists and install moblock and its front-end gui, mobloquer

sudo apt-get update
sudo apt-get install moblock moblock-control mobloquer

4. choose which blocklists to be loaded
http://tbg.iblocklist.com/Lists/
http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=17

ads-trackers-and-bad-pr0n.gz #advertising
bogon.gz #bogus IP announcements
dshield.gz #hackers
edu.gz #educational institutions
fornonlancomputers.gz #LAN IP ranges
hijacked.gz #IP blocks that are being used without permission
iana-multicast.gz #http://www.iana.org/assignments/multicast-addresses
iana-private.gz #http://www.iana.org/assignments/ipv4-address-space/
iana-reserved.gz #http://www.iana.org/assignments/ipv4-address-space/
level1.gz #for p2p users
level2.gz #general corporate
level3.gz #paranoid list
Microsoft.gz #Microsoft Corp ranges that are not on Level1
proxy.gz #various proxy servers
rangetest.gz #suspicious IPs
spider.gz #automated programs also known as spiders or bots
spyware.gz #malicious SPYWARE and ADWARE IP Address ranges
templist.gz #sending corrupt or virus p2p data

BusinessISPs.zip should not be loaded because most people are in the ranges.
fornonlancomputers.gz and Bogon.zip must be not selected if there is lan traffic with this host.

5. moblock usage (need root privileges)

moblock-control start - inserts iptables rules and starts MoBlock
moblock-control stop - deletes iptables rules and stops MoBlock
moblock-control restart - restarts MoBlock
moblock-control reload - rebuilds the blocklist and reloads MoBlock
moblock-control update - updates the blocklists and reloads MoBlock
moblock-control status - gives the iptables settings and the status of the MoBlock daemon
moblock-control test - simple test to check if MoBlock is working

6. the use of files in /etc/moblock

blocklists.list #blacklist
allow.p2p #whitelist
guarding.p2p #real ip database which should be blocked built from blocklists.list
moblock.conf #configuration file

7. log location

/var/log/moblock.log #block log
/var/log/moblock-control.log #moblock-control status log

8. you can reconfigure moblock withing reinstalling

sudo dpkg-reconfigure moblock


9. allow port 1863 for msn, 5050 for yahoo, 5190 for icq

vi /etc/moblock/moblock.conf

WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="80 443 1863 5050 5190"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD="80 443 1863 5050 5190"
WHITE_UDP_FORWARD=""

you have to set WHITE_TCP_FORWARD if you want to have same whitelist ports on lan or packets from lan computers will be dropped in moblock_fw chain

ERROR 400: Bad Request while MoBlock try to wget level1.gz list

This is caused by the server for that list not working with wget's time-stamping option ( parameter -n )
A workaround is to update the list manually without time-stamping:

cd /var/spool/moblock/cache/dl/
wget http://www.bluetack.co.uk/config/level1.gz

then run the guardian.p2p rebuild process

Rebuild the blocklist of MoBlock on CentOS


# stop service first
/sbin/service moblock stop
#after updating /etc/moblock/lists or whitelist
/etc/cron.daily/moblock reload
#start MoBlock
/sbin/service moblock start


Add an ip or a range to the whitelist of MoBlock on CentOS

1. if there's an IP address you need to whitelist, find the entry in /etc/moblock/guarding.p2p, for example:

FooBar, inc:192.0.34.164-192.0.34.168

2. you need to make a basic regular expression for grep from this line and put it in /etc/moblock/whitelist. To match the exact line, you need to put a backslash (\) before every metacharacter (\, ., ^, $, [) and put a caret ^ at the beginning and a dollar sign $ at the end. In this example, a valid expression is:

^FooBar, inc:192\.0\.34\.164-192\.0\.34\.168$

see the manpages for grep for more information.

Install PeerGuardian Linux on CentOS

1. yum install libnfnetlink-devel
2. download latest libnetfilter_queue from http://www.netfilter.org/projects/libnetfilter_queue/downloads.html
3. tar -jxvf libnetfilter_queue-0.0.13.tar.bz2
4. change to the directory where you extracted the file then execute

./configure
make
make install

5. mv /usr/local/lib/libnetfilter_queue* /usr/lib
6. download MoBlock from http://moblock.berlios.de/
7. tar -jxvf MoBlock-0.8-i586.tar.bz2
8. in the directory where you extracted the files, build MoBlock with:

make
make install

9. mkdir /etc/moblock
10. vi /etc/moblock/lists

# find various blocklist from
# http://www.bluetack.co.uk/forums/index.php?act=dscriptca&CODE=viewcat&cat_id=4
http://www.bluetack.co.uk/config/level1.gz

11. touch /etc/moblock/whitelist
12. vi /etc/init.d/moblock ( edit the WHITE_... variables to whitelist certain ports. )

#!/bin/sh
#
# moblock This shellscript takes care of starting and stopping moblock.
#
# chkconfig: 345 30 70
# description: MoBlock is a application that enables you to block internet \
# traffic based on large lists of ip address ranges in order to \
# protect your privacy.
# processname: moblock
#

ACTIVATE_CHAINS=1
MODE="nfq"
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="21 22 80 110 443"
WHITE_UDP_OUT="123"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

PIDF="/var/run/moblock.pid"
LIST="/etc/moblock/guarding.p2p"
PRG="moblock"
LOG="/var/log/$PRG"
BIN="/usr/bin/$PRG"
CMD="$BIN -p $LIST $LOG >/dev/null &"


# Source function library.
. /etc/rc.d/init.d/functions


fail () {
failure "$2"
echo
[ -n "$1" ] && echo "$1"
}

iptables_init () {
if [ $MODE == "ipq" ]; then
modprobe ip_queue
TARGET="QUEUE"
elif [ $MODE == "nfq" ]; then
modprobe ipt_NFQUEUE
TARGET="NFQUEUE"
fi;
modprobe ipt_state
iptables -N MOBLOCK_IN
iptables -N MOBLOCK_OUT
iptables -N MOBLOCK_FW
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -I MOBLOCK_IN -p all -j $TARGET
iptables -I MOBLOCK_OUT -p all -j $TARGET
iptables -I MOBLOCK_FW -p all -j $TARGET

for PORT in $WHITE_TCP_OUT; do
iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_OUT; do
iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_IN; do
iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_IN; do
iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_FORWARD; do
iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_FORWARD; do
iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
done

# Loopback traffic fix
iptables -I INPUT -p all -i lo -j ACCEPT
iptables -I OUTPUT -p all -o lo -j ACCEPT
}

iptables_reset () {
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -D INPUT -p all -i lo -j ACCEPT
iptables -D OUTPUT -p all -o lo -j ACCEPT
iptables -F MOBLOCK_IN
iptables -X MOBLOCK_IN
iptables -F MOBLOCK_OUT
iptables -X MOBLOCK_OUT
iptables -F MOBLOCK_FW
iptables -X MOBLOCK_FW
}

start () {
echo -n $"Starting MoBlock: "
if ! [ -x $BIN ]; then
fail "Can't execute $BIN" "$PRG startup"
return 1
fi;
if ! [ -f $LIST ]; then
fail "Can't find $LIST" "$PRG startup"
return 1
fi;
if [ -f $PIDF ]; then
PID=`cat $PIDF`
if ps -p $PID >/dev/null; then
fail "$PIDF exists and $PRG is running." "$PRG startup"
return 1
fi;
fi;
iptables_init
daemon "$CMD"
RETVAL=$?
echo
return $RETVAL
}

stop () {
echo -n $"Stopping MoBlock: "
killproc -p "$PIDF" "$PRG"
RETVAL=$?
echo
if ! pidof "$PRG"; then
iptables_reset 2>/dev/null 1>&2
fi;
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
reload)
if [ -f $PIDF ]; then
kill -HUP `cat $PIDF`
RETVAL=$?
fi
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
# restart only if already running
if [ -f $PIDF ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $PRG
RETVAL=$?
;;
top)
if [ -f $PIDF ]; then
a=""
for i in `pidof $PRG`; do
a="$a -p $i"
done
top $a
fi
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart|status|top}"
exit 1
esac

exit $RETVAL

13. chmod +x /etc/init.d/moblock
14. vi /etc/cron.daily/moblock

#!/bin/bash

LURLS="/etc/moblock/lists"
WLIST="/etc/moblock/whitelist"
LIST="/etc/moblock/guarding.p2p"

CACHE="/var/spool/moblock/cache"
FMD5=".md5sum"
DLDIR="dl"

RELOADCMD="/sbin/service moblock reload"

acat () {
while read -r -d $'\0' fn; do
if [ "$(head -c 2 "$fn")" = $'\x1f\x8b' ]; then
gunzip -c "$fn"
elif [ "$(head -c 4 "$fn")" = $'\x50\x4b\x03\x04' ]; then
unzip -p "$fn"
else
cat "$fn"
fi
done
}

download () {
MD5SUM=`md5sum "$LURLS" | cut -c -32`
if [ -f "./$FMD5" ]; then
if [ `cat "$FMD5"` != $MD5SUM ]; then
# The list source file has changed.
# Clean the dl directory.
rm "./$DLDIR"/*
fi;
elif [ `ls -A . | wc -l` -gt 0 ]; then
# There's no md5 file, but the directory is not empty.
# Something's wrong, bail out.
echo "$(pwd) is not empty." >/dev/stderr
exit 1
fi;
echo $MD5SUM >"./$FMD5"
wget -nv -N -t 3 -w 1 -T 120 -P "./$DLDIR" -i "$LURLS"
}

reload () {
find "./$DLDIR" -type f -print0 | acat | dos2unix | nice uniq | \
(nice grep -a -v -f "$WLIST" 2>/dev/null || cat) >"$LIST"
$RELOADCMD
}

if ! [ -f "$LURLS" ]; then
echo "Can't find $LURLS" >/dev/stderr
exit 1
fi;
mkdir -p "$CACHE"
pushd "$CACHE" >/dev/null || exit 1
case "$1" in
reload | nodownload)
reload
;;
'' | download)
download
reload
;;
*)
echo $"Usage: $0 [reload]"
exit 1
esac
popd >/dev/null

15. chmod +x /etc/cron.daily/moblock
16. before you can start the MoBlock service, you need to download the lists first

/etc/cron.daily/moblock

17. make MoBlock to start on boot

/sbin/chkconfig --add moblock

18. to control the MoBlock service, use service moblock command, where command is one of the following:
* start – start MoBlock.
* stop – stop MoBlock.
* reload – reload the blocklist, reset the stats and reopen the log file.
* restart – restart MoBlock. Note that this will start MoBlock even if it was not already running.
* condrestart – restart MoBlock if it is already running.
* status – show whether MoBlock is running or not.
* top – show MoBlock's CPU usage, memory usage, etc.