特殊:Badtitle/NS100:MoBlock:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
第6行: | 第6行: | ||
== Add Repository == | == Add Repository == | ||
=== Add the correct gpg key to the apt keyring === | === Add the correct gpg key to the apt keyring === | ||
For hardy and intrepid type the following in terminal: | |||
<pre><nowiki> | <pre><nowiki> | ||
gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B | gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B | ||
gpg --export --armor 9072870B | sudo apt-key add - | gpg --export --armor 9072870B | sudo apt-key add - | ||
</nowiki></pre> | |||
For jaunty type the following in terminal: | |||
<pre><nowiki> | |||
gpg --keyserver wwwkeys.eu.pgp.net --recv 9C0042C8 | |||
gpg --export --armor 9C0042C8 | sudo apt-key add - | |||
</nowiki></pre> | </nowiki></pre> | ||
=== Add specific repository for release === | === Add specific repository for release === | ||
第17行: | 第22行: | ||
</nowiki></pre> | </nowiki></pre> | ||
In Kubuntu, replace gksu with kdesu. | In Kubuntu, replace gksu with kdesu. | ||
Add the two lines for your specific release (i.e. Ubuntu | Add the two lines for your specific release (i.e. Ubuntu 9.04): | ||
==== Ubuntu 9.04 ("Jaunty Jackalope") 32-bit, 64-bit and lpia ==== | |||
<pre><nowiki> | |||
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main | |||
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main | |||
</nowiki></pre> | |||
==== Ubuntu 8.10 ("Intrepid Ibex") 32-bit and 64-bit ==== | ==== Ubuntu 8.10 ("Intrepid Ibex") 32-bit and 64-bit ==== | ||
<pre><nowiki> | <pre><nowiki> | ||
第27行: | 第37行: | ||
deb http://moblock-deb.sourceforge.net/debian hardy main | deb http://moblock-deb.sourceforge.net/debian hardy main | ||
deb-src http://moblock-deb.sourceforge.net/debian hardy main | deb-src http://moblock-deb.sourceforge.net/debian hardy main | ||
</nowiki></pre> | </nowiki></pre> | ||
== Package Installation == | == Package Installation == | ||
Install the packages moblock and moblock-control. If you want a graphical interface you can also install mobloquer | Install the packages moblock and blockcontrol (previously moblock-control). If you want a graphical interface you can also install mobloquer. | ||
* Via '''[[UbuntuHelp:Synaptic|Synaptic Package Manager]]''' | * Via '''[[UbuntuHelp:Synaptic|Synaptic Package Manager]]''' | ||
* Via aptitude | * Via aptitude | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo aptitude update | sudo aptitude update | ||
sudo aptitude install moblock | sudo aptitude install moblock blockcontrol | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Compile a package === | === Compile a package === | ||
If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you | If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you may also have to compile netfilter lib packages). | ||
First, make sure you have added a source repository for your release. Then, run the following in terminal. | First, make sure you have added a source repository for your release. Then, run the following in terminal. | ||
<pre><nowiki> | <pre><nowiki> | ||
mkdir ~/moblock-deb-packages | |||
cd ~/moblock-deb-packages | |||
sudo aptitude update | sudo aptitude update | ||
sudo aptitude install fakeroot | sudo aptitude install fakeroot | ||
sudo apt-get build-dep -y moblock blockcontrol mobloquer | |||
sudo apt-get build-dep -y moblock | apt-get source moblock blockcontrol mobloquer | ||
apt-get source moblock | |||
cd moblock-* | cd ~/moblock-deb-packages/moblock-0.9~rc2 | ||
dpkg-buildpackage -rfakeroot | dpkg-buildpackage -uc -us -rfakeroot | ||
cd . | sudo dpkg -i ~/moblock-deb-packages/moblock_0.9~rc2-*.deb | ||
sudo dpkg -i moblock*.deb | |||
cd ~/moblock-deb-packages/blockcontrol-1.3 | |||
dpkg-buildpackage -uc -us -rfakeroot | |||
sudo dpkg -i ~/moblock-deb-packages/blockcontrol_*_all.deb | |||
cd ~/moblock-deb-packages/mobloquer-0.6 | |||
dpkg-buildpackage -uc -us -rfakeroot | |||
sudo dpkg -i ~/moblock-deb-packages/mobloquer_*.deb | |||
sudo apt-get install -f | sudo apt-get install -f | ||
</nowiki></pre> | </nowiki></pre> | ||
Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better. | Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better. | ||
Explanation: the directory moblock is created | Explanation: in your home directory the directory moblock-deb-packages is created. Then the current working directory is changed to it. The development dependencies of the packages moblock, blockcontrol and mobloquer are then installed. Then the three source packages are downloaded. | ||
For the three packages one after the other the current working directory is changed to the source directory, the source and binary packages are built and the package is installed. As a last step eventually missing dependencies are installed. | |||
=== Install a package === | === Install a package === | ||
Use the instructions at the '''[[UbuntuHelp:InstallingSoftware]]''' page under '''[[UbuntuHelp:InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages]]''' | Use the instructions at the '''[[UbuntuHelp:InstallingSoftware]]''' page under '''[[UbuntuHelp:InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages]]''' | ||
== Configuration and Usage == | == Configuration and Usage == | ||
blockcontrol features include: | |||
* start and stop MoBlock (including handling of the iptables rules if desired) | * start and stop MoBlock (including handling of the iptables rules if desired) | ||
* update the specified blocklists from online sources | * update the specified blocklists from online sources | ||
第74行: | 第85行: | ||
* modify the blocklist and whitelist IPs and ports | * modify the blocklist and whitelist IPs and ports | ||
The logfiles are rotated daily. | The logfiles are rotated daily. | ||
In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/ | In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/blockcontrol/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/blockcontrol/blockcontrol.conf. This is important especially if MoBlock blocks sites that it should not block. A list of all available configuration options is in /usr/lib/blockcontrol/blockcontrol.defaults (Don't edit the latter file, but put your changes in /etc/blockcontrol/blockcontrol.conf.) | ||
Don't edit | |||
=== Start MoBlock === | === Start MoBlock === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol start | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Stop MoBlock === | === Stop MoBlock === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol stop | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Restart MoBlock === | === Restart MoBlock === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol restart | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Rebuild Blocklist === | === Rebuild Blocklist === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol reload | ||
</nowiki></pre> | </nowiki></pre> | ||
Moblock is then reloaded. | Moblock is then reloaded. | ||
=== Update Blocklists === | === Update Blocklists === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol update | ||
</nowiki></pre> | </nowiki></pre> | ||
Moblock is then reloaded. | Moblock is then reloaded. | ||
=== MoBlock Status === | === MoBlock Status === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol status | ||
</nowiki></pre> | </nowiki></pre> | ||
It receives the iptables settings and the status of the MoBlock daemon. | It receives the iptables settings and the status of the MoBlock daemon. | ||
=== Test MoBlock === | === Test MoBlock === | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo | sudo blockcontrol test | ||
</nowiki></pre> | </nowiki></pre> | ||
The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time). | The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time). | ||
第111行: | 第121行: | ||
tail -f /var/log/moblock.log | tail -f /var/log/moblock.log | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Search in the blocklists === | |||
<pre><nowiki> | |||
sudo blockcontrol search PATTERN | |||
</nowiki></pre> | |||
This way you can search for a pattern in your blocklists. This helps you to find out, which blocklist is responsible for certain blocks. | |||
== Frequently Asked Questions (FAQ) == | == Frequently Asked Questions (FAQ) == | ||
=== I cannot connect to the internet any more! === | === I cannot connect to the internet any more! === | ||
LAN traffic is whitelisted automatically. If you have problems follow these instructions: | |||
MoBlock often blocks your complete LAN, including your router. So you have to whitelist your LAN. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections this might be "eth0", for wireless connections "wlan0". | MoBlock often blocks your complete LAN, including your router. So you have to whitelist your LAN. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections this might be "eth0", for wireless connections "wlan0". | ||
Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then you need to whitelist this range for incoming and outgoing connections. | Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then you need to whitelist this range for incoming and outgoing connections. | ||
Edit /etc/ | Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu) | ||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blockcontrol.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
and add these lines: | and add these lines: | ||
第127行: | 第142行: | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
blockcontrol restart | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
=== Some applications cannot connect to the internet any more! === | === Some applications cannot connect to the internet any more! === | ||
If the IP address that your application is trying to reach is in the blocklist, it will be blocked. But you can allow traffic for specific ports. The ports 80 (http) and 443 (https) are whitelisted by default. | If the IP address that your application is trying to reach is in the blocklist, it will be blocked. But you can allow traffic for specific ports. The ports 80 (http) and 443 (https) are whitelisted by default. | ||
To allow traffic also on other ports edit /etc/ | To allow traffic also on other ports edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu) | ||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blockcontrol.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
and add/edit this line: | and add/edit this line: | ||
第142行: | 第157行: | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
blockcontrol restart | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. | See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. | ||
In effect, you can browse blocked | In effect, you can browse blocked IPs, with firefox/konqueror or any other browser. | ||
If you | If you have an application, that connects to many different IPs, then this is the place to allow traffic for it. If you want to put a range of ports, use the format "startport:endport". | ||
[http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers List of port numbers at wikipedia]. | |||
'''Do not add the privacy needing application's port here (for most people this will be torrent and other P2P tools)! It's the point of MoBlock to check their traffic. Keep the list small, to get a better protection.''' | |||
=== But why can I not just remove the IP address from the blocklist instead? === | === But why can I not just remove the IP address from the blocklist instead? === | ||
You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time). | You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time). | ||
第153行: | 第170行: | ||
tail -f /var/log/moblock.log | tail -f /var/log/moblock.log | ||
</nowiki></pre> | </nowiki></pre> | ||
There are different ways. | There are 3 different ways: | ||
'''1. Whitelist an IP range in allow.p2p''' | |||
Edit /etc/blockcontrol/allow.p2p (in Kubuntu, replace gksu with kdesu) | |||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/allow.p2p | ||
</nowiki></pre> | </nowiki></pre> | ||
If you want to whitelist the IP range "192.168.178.1 - 192.168.178.255 and the IP 123.123.123.123 add this: | If you want to whitelist the IP range "192.168.178.1 - 192.168.178.255 and the IP 123.123.123.123 add this: | ||
<pre><nowiki> | <pre><nowiki> | ||
192.168.178.1- | 192.168.178.1-192.168.178.255 | ||
123.123.123.123-123.123.123.123 | 123.123.123.123-123.123.123.123 | ||
</nowiki></pre> | </nowiki></pre> | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo blockcontrol restart | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
'''2. Whitelist an IP''' | |||
Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu) | |||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blockcontrol.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
To whitelist IPs add the following variables: | To whitelist IPs add the following variables: | ||
第188行: | 第207行: | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo blockcontrol restart | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable to /etc/ | Alternatively you might use ''mobloquer'' for adding IPs to these variables. | ||
'''Use a search phrase''' | |||
You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable to /etc/blockcontrol/blockcontrol.conf: | |||
<pre><nowiki> | <pre><nowiki> | ||
IP_REMOVE="" | IP_REMOVE="" | ||
第201行: | 第222行: | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo blockcontrol reload | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
=== How do I choose what blocklists to include in the update function? === | === How do I choose what blocklists to include in the update function? === | ||
Edit /etc/ | Edit /etc/blockcontrol/blocklists.list | ||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blocklists.list | ||
</nowiki></pre> | </nowiki></pre> | ||
In Kubuntu, replace gksu with kdesu. | In Kubuntu, replace gksu with kdesu. | ||
第214行: | 第234行: | ||
Do a | Do a | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo blockcontrol reload | |||
</nowiki></pre> | </nowiki></pre> | ||
when you have changed these settings. | when you have changed these settings. | ||
=== Some services (avahi, webmin, ftpd, sshd, ...) on my MoBlock machine aren't available to other machines any more! === | |||
Allow all traffic to the port that the service is listening on for INCOMING connections | |||
Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu) | |||
<pre><nowiki> | |||
gksu gedit /etc/blockcontrol/blockcontrol.conf | |||
</nowiki></pre> | |||
E.g. for ssh allow all incoming traffic on port 22 <pre><nowiki> | |||
WHITE_TCP_IN="22" | |||
</nowiki></pre> | |||
If you only want to connect from certain hosts with specific IPs, you can allow all traffic from them by using the WHITE_IP_IN variable or /etc/blockcontrol/allow.p2p. | |||
=== My internet is slow since I installed MoBlock! === | |||
Indeed MoBlock blocks quite much traffic: That's its purpose, but it can be a pain, too. | |||
In default installations outgoing traffic is REJECTED, if it is blocked by MoBlock. This makes sure that the sending application is notified immediately that its traffic was blocked (in contrast to DROPped packets, where no notification is sent, so that the application waits quite long and then gives up). So verify via | |||
<pre><nowiki> | |||
sudo blockcontrol show_config | |||
</nowiki></pre> | |||
if you have these settings: | |||
<pre><nowiki> | |||
REJECT="1" | |||
REJECT_OUT="REJECT" | |||
</nowiki></pre> | |||
You also might reduce the number of used blocklists, and allow traffic to certain IPs or ports. Have a look at the previous questions to learn how. | |||
=== How do I keep it installed, without having it run at startup? === | === How do I keep it installed, without having it run at startup? === | ||
Edit /etc/ | Edit /etc/blockcontrol/blockcontrol.conf: | ||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blockcontrol.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
In Kubuntu, replace gksu with kdesu. | In Kubuntu, replace gksu with kdesu. | ||
Set the following: | Set the following: | ||
<pre><nowiki> | <pre><nowiki> | ||
INIT="0" | |||
</nowiki></pre> | </nowiki></pre> | ||
=== What happens when I install MoBlock the first time? === | === What happens when I install MoBlock the first time? === | ||
First you will be prompted to configure MoBlock via some so called "debconf" questions. Then it will download some blocklists for you during installation (be patient, this may take a while), and start it as a daemon. | |||
Now it will start automatically everytime you boot up and make a daily update of the blocklists - unless you configure blockcontrol otherwise. | |||
=== I tried to install MoBlock but I'm stuck on a screen with a Moblock warning === | |||
This is a so called "debconf" question. Read the text and confirm by pressing "OK". If your debconf interface doesn't support your mouse, then you have to use your keyboard: hit the "TAB" key until "OK" is highlighted and then press "RETURN". | |||
You may also do a "sudo dpkg-reconfigure debconf" and select "Gnome" as your interface. Then you can use your mouse for debconf questions. | |||
=== I have a custom compiled kernel. Moblock does not work. === | === I have a custom compiled kernel. Moblock does not work. === | ||
MoBlock depends on netfilter support in the kernel. There are two possibilities: | MoBlock depends on netfilter support in the kernel. There are two possibilities: | ||
第235行: | 第281行: | ||
'''Netfilter support built-in directly in the kernel:''' | '''Netfilter support built-in directly in the kernel:''' | ||
Enable netfilter support in xconfig, or in the kernel source config file. | Enable netfilter support in xconfig, or in the kernel source config file. | ||
blockcontrol will then make sure that the netfilter support is available to MoBlock. | |||
=== How do I change automatic updating? === | === How do I change automatic updating? === | ||
MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/ | MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit //etc/blockcontrol/blockcontrol.conf: | ||
<pre><nowiki> | <pre><nowiki> | ||
gksu gedit /etc/ | gksu gedit /etc/blockcontrol/blockcontrol.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
The number in the following setting enables (1) or disables (2) automatic updating. | The number in the following setting enables (1) or disables (2) automatic updating. | ||
<pre><nowiki> | <pre><nowiki> | ||
CRON="1" | |||
</nowiki></pre> | </nowiki></pre> | ||
To disable automatic updating, set the following. | To disable automatic updating, set the following. | ||
<pre><nowiki> | <pre><nowiki> | ||
CRON="0" | |||
</nowiki></pre> | </nowiki></pre> | ||
=== MoBlock fails to start or stop === | === MoBlock fails to start or stop === | ||
Have a look at /var/log/ | Have a look at /var/log/blockcontrol.log and /var/log/moblock.log. In most cases an incorrect configuration option is the reason. If you don't understand the logfiles post them in the forum (please do this in CODE tags). | ||
If you think you messed thinks up you can make a clean reinstall: | If you think you messed thinks up you can make a clean reinstall: | ||
<pre><nowiki> | <pre><nowiki> | ||
aptitude purge moblock | aptitude purge moblock blockcontrol mobloquer | ||
aptitude install moblock | aptitude install moblock blockcontrol mobloquer | ||
</nowiki></pre> | </nowiki></pre> | ||
== Credits == | == Credits == | ||
Special thanks to '''[http://ubuntuforums.org/member.php?u=50108 pelle.k]''' for the Ubuntu Forums '''[http://ubuntuforums.org/showthread.php?p=1114891 thread]''' this is derived from, the MoBlock Debian Packages maintainer '''[http://ubuntuforums.org/member.php?u=228584 jre]''', and the contributors to MoBlock | Special thanks to '''[http://ubuntuforums.org/member.php?u=50108 pelle.k]''' for the Ubuntu Forums '''[http://ubuntuforums.org/showthread.php?p=1114891 thread]''' this is derived from, the MoBlock Debian Packages maintainer '''[http://ubuntuforums.org/member.php?u=228584 jre]''', and the contributors to MoBlock. | ||
== Further Reading == | == Further Reading == | ||
* '''[http://ubuntuforums.org/showthread.php?t=803183 MoBlock thread where people have asked questions]''' | * '''[http://ubuntuforums.org/showthread.php?t=803183 MoBlock thread where people have asked questions]''' |
2009年5月12日 (二) 17:53的版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/MoBlock }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/af | • {{#if: UbuntuHelp:MoBlock|Afrikaans| [[::MoBlock/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ar | • {{#if: UbuntuHelp:MoBlock|العربية| [[::MoBlock/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/az | • {{#if: UbuntuHelp:MoBlock|azərbaycanca| [[::MoBlock/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/bcc | • {{#if: UbuntuHelp:MoBlock|جهلسری بلوچی| [[::MoBlock/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/bg | • {{#if: UbuntuHelp:MoBlock|български| [[::MoBlock/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/br | • {{#if: UbuntuHelp:MoBlock|brezhoneg| [[::MoBlock/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ca | • {{#if: UbuntuHelp:MoBlock|català| [[::MoBlock/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/cs | • {{#if: UbuntuHelp:MoBlock|čeština| [[::MoBlock/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/de | • {{#if: UbuntuHelp:MoBlock|Deutsch| [[::MoBlock/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/el | • {{#if: UbuntuHelp:MoBlock|Ελληνικά| [[::MoBlock/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/es | • {{#if: UbuntuHelp:MoBlock|español| [[::MoBlock/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/fa | • {{#if: UbuntuHelp:MoBlock|فارسی| [[::MoBlock/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/fi | • {{#if: UbuntuHelp:MoBlock|suomi| [[::MoBlock/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/fr | • {{#if: UbuntuHelp:MoBlock|français| [[::MoBlock/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/gu | • {{#if: UbuntuHelp:MoBlock|ગુજરાતી| [[::MoBlock/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/he | • {{#if: UbuntuHelp:MoBlock|עברית| [[::MoBlock/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/hu | • {{#if: UbuntuHelp:MoBlock|magyar| [[::MoBlock/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/id | • {{#if: UbuntuHelp:MoBlock|Bahasa Indonesia| [[::MoBlock/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/it | • {{#if: UbuntuHelp:MoBlock|italiano| [[::MoBlock/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ja | • {{#if: UbuntuHelp:MoBlock|日本語| [[::MoBlock/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ko | • {{#if: UbuntuHelp:MoBlock|한국어| [[::MoBlock/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ksh | • {{#if: UbuntuHelp:MoBlock|Ripoarisch| [[::MoBlock/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/mr | • {{#if: UbuntuHelp:MoBlock|मराठी| [[::MoBlock/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ms | • {{#if: UbuntuHelp:MoBlock|Bahasa Melayu| [[::MoBlock/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/nl | • {{#if: UbuntuHelp:MoBlock|Nederlands| [[::MoBlock/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/no | • {{#if: UbuntuHelp:MoBlock|norsk| [[::MoBlock/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/oc | • {{#if: UbuntuHelp:MoBlock|occitan| [[::MoBlock/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/pl | • {{#if: UbuntuHelp:MoBlock|polski| [[::MoBlock/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/pt | • {{#if: UbuntuHelp:MoBlock|português| [[::MoBlock/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ro | • {{#if: UbuntuHelp:MoBlock|română| [[::MoBlock/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/ru | • {{#if: UbuntuHelp:MoBlock|русский| [[::MoBlock/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/si | • {{#if: UbuntuHelp:MoBlock|සිංහල| [[::MoBlock/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/sq | • {{#if: UbuntuHelp:MoBlock|shqip| [[::MoBlock/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/sr | • {{#if: UbuntuHelp:MoBlock|српски / srpski| [[::MoBlock/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/sv | • {{#if: UbuntuHelp:MoBlock|svenska| [[::MoBlock/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/th | • {{#if: UbuntuHelp:MoBlock|ไทย| [[::MoBlock/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/tr | • {{#if: UbuntuHelp:MoBlock|Türkçe| [[::MoBlock/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/vi | • {{#if: UbuntuHelp:MoBlock|Tiếng Việt| [[::MoBlock/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/yue | • {{#if: UbuntuHelp:MoBlock|粵語| [[::MoBlock/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/zh | • {{#if: UbuntuHelp:MoBlock|中文| [[::MoBlock/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/zh-hans | • {{#if: UbuntuHelp:MoBlock|中文(简体)| [[::MoBlock/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:MoBlock | UbuntuHelp:MoBlock | {{#if: | :}}MoBlock}}/zh-hant | • {{#if: UbuntuHelp:MoBlock|中文(繁體)| [[::MoBlock/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:MoBlock|:MoBlock|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :MoBlock/zh | | {{#ifexist: MoBlock/zh | | {{#ifeq: {{#titleparts:MoBlock|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:MoBlock|1|-1|}} | zh | | }}
MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat. There are plans to make it the official PeerGuardian for Linux. Note: Since version 0.9 RC1 MoBlock no longer conflicts with other firewalls. But you have to make sure that MoBlock is started after them and the iptables rules don't get changed later. You may also try iplist by uljanow. Also consider that routers can make software firewalls on your computer redundant.
Add Repository
Add the correct gpg key to the apt keyring
For hardy and intrepid type the following in terminal:
gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B gpg --export --armor 9072870B | sudo apt-key add -
For jaunty type the following in terminal:
gpg --keyserver wwwkeys.eu.pgp.net --recv 9C0042C8 gpg --export --armor 9C0042C8 | sudo apt-key add -
Add specific repository for release
You have to add the repository sources to your /etc/apt/sources.list:
gksu gedit /etc/apt/sources.list
In Kubuntu, replace gksu with kdesu. Add the two lines for your specific release (i.e. Ubuntu 9.04):
Ubuntu 9.04 ("Jaunty Jackalope") 32-bit, 64-bit and lpia
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main
Ubuntu 8.10 ("Intrepid Ibex") 32-bit and 64-bit
deb http://moblock-deb.sourceforge.net/debian intrepid main deb-src http://moblock-deb.sourceforge.net/debian intrepid main
Ubuntu 8.04 ("Hardy Heron") 32-bit and 64-bit
deb http://moblock-deb.sourceforge.net/debian hardy main deb-src http://moblock-deb.sourceforge.net/debian hardy main
Package Installation
Install the packages moblock and blockcontrol (previously moblock-control). If you want a graphical interface you can also install mobloquer.
- Via Synaptic Package Manager
- Via aptitude
sudo aptitude update sudo aptitude install moblock blockcontrol
Compile a package
If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you may also have to compile netfilter lib packages). First, make sure you have added a source repository for your release. Then, run the following in terminal.
mkdir ~/moblock-deb-packages cd ~/moblock-deb-packages sudo aptitude update sudo aptitude install fakeroot sudo apt-get build-dep -y moblock blockcontrol mobloquer apt-get source moblock blockcontrol mobloquer cd ~/moblock-deb-packages/moblock-0.9~rc2 dpkg-buildpackage -uc -us -rfakeroot sudo dpkg -i ~/moblock-deb-packages/moblock_0.9~rc2-*.deb cd ~/moblock-deb-packages/blockcontrol-1.3 dpkg-buildpackage -uc -us -rfakeroot sudo dpkg -i ~/moblock-deb-packages/blockcontrol_*_all.deb cd ~/moblock-deb-packages/mobloquer-0.6 dpkg-buildpackage -uc -us -rfakeroot sudo dpkg -i ~/moblock-deb-packages/mobloquer_*.deb sudo apt-get install -f
Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better. Explanation: in your home directory the directory moblock-deb-packages is created. Then the current working directory is changed to it. The development dependencies of the packages moblock, blockcontrol and mobloquer are then installed. Then the three source packages are downloaded. For the three packages one after the other the current working directory is changed to the source directory, the source and binary packages are built and the package is installed. As a last step eventually missing dependencies are installed.
Install a package
Use the instructions at the UbuntuHelp:InstallingSoftware page under Installing downloaded packages|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages
Configuration and Usage
blockcontrol features include:
- start and stop MoBlock (including handling of the iptables rules if desired)
- update the specified blocklists from online sources
- use local blocklists
- modify the blocklist and whitelist IPs and ports
The logfiles are rotated daily. In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/blockcontrol/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/blockcontrol/blockcontrol.conf. This is important especially if MoBlock blocks sites that it should not block. A list of all available configuration options is in /usr/lib/blockcontrol/blockcontrol.defaults (Don't edit the latter file, but put your changes in /etc/blockcontrol/blockcontrol.conf.)
Start MoBlock
sudo blockcontrol start
Stop MoBlock
sudo blockcontrol stop
Restart MoBlock
sudo blockcontrol restart
Rebuild Blocklist
sudo blockcontrol reload
Moblock is then reloaded.
Update Blocklists
sudo blockcontrol update
Moblock is then reloaded.
MoBlock Status
sudo blockcontrol status
It receives the iptables settings and the status of the MoBlock daemon.
Test MoBlock
sudo blockcontrol test
The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
Search in the blocklists
sudo blockcontrol search PATTERN
This way you can search for a pattern in your blocklists. This helps you to find out, which blocklist is responsible for certain blocks.
Frequently Asked Questions (FAQ)
I cannot connect to the internet any more!
LAN traffic is whitelisted automatically. If you have problems follow these instructions: MoBlock often blocks your complete LAN, including your router. So you have to whitelist your LAN. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections this might be "eth0", for wireless connections "wlan0". Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then you need to whitelist this range for incoming and outgoing connections. Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/blockcontrol/blockcontrol.conf
and add these lines:
WHITE_IP_IN="192.168.0.0/24" WHITE_IP_OUT="192.168.0.0/24"
Do a
blockcontrol restart
when you have changed these settings.
Some applications cannot connect to the internet any more!
If the IP address that your application is trying to reach is in the blocklist, it will be blocked. But you can allow traffic for specific ports. The ports 80 (http) and 443 (https) are whitelisted by default. To allow traffic also on other ports edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/blockcontrol/blockcontrol.conf
and add/edit this line:
WHITE_TCP_OUT="http https"
Do a
blockcontrol restart
when you have changed these settings. See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. In effect, you can browse blocked IPs, with firefox/konqueror or any other browser. If you have an application, that connects to many different IPs, then this is the place to allow traffic for it. If you want to put a range of ports, use the format "startport:endport". List of port numbers at wikipedia. Do not add the privacy needing application's port here (for most people this will be torrent and other P2P tools)! It's the point of MoBlock to check their traffic. Keep the list small, to get a better protection.
But why can I not just remove the IP address from the blocklist instead?
You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
There are 3 different ways: 1. Whitelist an IP range in allow.p2p Edit /etc/blockcontrol/allow.p2p (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/blockcontrol/allow.p2p
If you want to whitelist the IP range "192.168.178.1 - 192.168.178.255 and the IP 123.123.123.123 add this:
192.168.178.1-192.168.178.255 123.123.123.123-123.123.123.123
Do a
sudo blockcontrol restart
when you have changed these settings. 2. Whitelist an IP Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/blockcontrol/blockcontrol.conf
To whitelist IPs add the following variables:
WHITE_IP_IN="" WHITE_IP_OUT="" WHITE_IP_FORWARD=""
Insert e.g. "192.168.178.1" to whitelist a single IP, or e.g. "192.168.178.0/24" to whitelist an IP range (192.168.178.0 - 192.168.178.255) or e.g. "192.168.0.0/16" to whitelist a bigger IP range (192.168.0.0 - 192.168.255.255) Separate IP addresses with a whitespace. So you might have an entry like this:
WHITE_IP_IN="192.168.0.0/24" WHITE_IP_OUT="192.168.0.0/24 123.123.123.123 234.234.234.234"
Do a
sudo blockcontrol restart
when you have changed these settings. Alternatively you might use mobloquer for adding IPs to these variables. Use a search phrase You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable to /etc/blockcontrol/blockcontrol.conf:
IP_REMOVE=""
Separate phrases with a semicolon. So you might have an entry like this:
IP_REMOVE="google;yahoo;altavista"
Do a
sudo blockcontrol reload
when you have changed these settings.
How do I choose what blocklists to include in the update function?
Edit /etc/blockcontrol/blocklists.list
gksu gedit /etc/blockcontrol/blocklists.list
In Kubuntu, replace gksu with kdesu. Uncomment the blocklists, that is, remove the hash (#) to enable certain blocklists or comment them out by adding a hash before the blocklists to disable them. Do a
sudo blockcontrol reload
when you have changed these settings.
Some services (avahi, webmin, ftpd, sshd, ...) on my MoBlock machine aren't available to other machines any more!
Allow all traffic to the port that the service is listening on for INCOMING connections Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/blockcontrol/blockcontrol.conf
E.g. for ssh allow all incoming traffic on port 22
WHITE_TCP_IN="22"
If you only want to connect from certain hosts with specific IPs, you can allow all traffic from them by using the WHITE_IP_IN variable or /etc/blockcontrol/allow.p2p.
My internet is slow since I installed MoBlock!
Indeed MoBlock blocks quite much traffic: That's its purpose, but it can be a pain, too. In default installations outgoing traffic is REJECTED, if it is blocked by MoBlock. This makes sure that the sending application is notified immediately that its traffic was blocked (in contrast to DROPped packets, where no notification is sent, so that the application waits quite long and then gives up). So verify via
sudo blockcontrol show_config
if you have these settings:
REJECT="1" REJECT_OUT="REJECT"
You also might reduce the number of used blocklists, and allow traffic to certain IPs or ports. Have a look at the previous questions to learn how.
How do I keep it installed, without having it run at startup?
Edit /etc/blockcontrol/blockcontrol.conf:
gksu gedit /etc/blockcontrol/blockcontrol.conf
In Kubuntu, replace gksu with kdesu. Set the following:
INIT="0"
What happens when I install MoBlock the first time?
First you will be prompted to configure MoBlock via some so called "debconf" questions. Then it will download some blocklists for you during installation (be patient, this may take a while), and start it as a daemon. Now it will start automatically everytime you boot up and make a daily update of the blocklists - unless you configure blockcontrol otherwise.
I tried to install MoBlock but I'm stuck on a screen with a Moblock warning
This is a so called "debconf" question. Read the text and confirm by pressing "OK". If your debconf interface doesn't support your mouse, then you have to use your keyboard: hit the "TAB" key until "OK" is highlighted and then press "RETURN". You may also do a "sudo dpkg-reconfigure debconf" and select "Gnome" as your interface. Then you can use your mouse for debconf questions.
I have a custom compiled kernel. Moblock does not work.
MoBlock depends on netfilter support in the kernel. There are two possibilities: Netfilter support as kernel modules (recommended): Enable netfilter support in xconfig, or in the kernel source config file as modules. Netfilter support built-in directly in the kernel: Enable netfilter support in xconfig, or in the kernel source config file. blockcontrol will then make sure that the netfilter support is available to MoBlock.
How do I change automatic updating?
MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit //etc/blockcontrol/blockcontrol.conf:
gksu gedit /etc/blockcontrol/blockcontrol.conf
The number in the following setting enables (1) or disables (2) automatic updating.
CRON="1"
To disable automatic updating, set the following.
CRON="0"
MoBlock fails to start or stop
Have a look at /var/log/blockcontrol.log and /var/log/moblock.log. In most cases an incorrect configuration option is the reason. If you don't understand the logfiles post them in the forum (please do this in CODE tags). If you think you messed thinks up you can make a clean reinstall:
aptitude purge moblock blockcontrol mobloquer aptitude install moblock blockcontrol mobloquer
Credits
Special thanks to pelle.k for the Ubuntu Forums thread this is derived from, the MoBlock Debian Packages maintainer jre, and the contributors to MoBlock.
Further Reading
- MoBlock thread where people have asked questions
- MoBlock Homepage
- MoBlock Debian Packages
- Phoenix Labs (PeerGuardian)
- Instructions for FireHOL users (scroll down)