Difference between revisions of "MoBlock"

From ArchWiki
Jump to: navigation, search
(Configuration: fixed error in range)
(7 intermediate revisions by 6 users not shown)
Line 1: Line 1:
'''MoBlock''' is a IP blocking daemon that uses iptables. MoBlock is also unofficial PeerGuardian Linux client that is very useful in filtering malicous peers on P2P networks.
+
[[Category:Networking]]
 +
[[Category:Security]]
 +
{{Warning|MoBlock's development has been stopped in favor of Phoenix Labs' official [[PeerGuardian Linux]] (pgl). Parts of its code have been merged in pgl.}}
 +
 
 +
'''MoBlock''' is a IP blocking daemon that uses iptables. MoBlock is also unofficial [[PeerGuardian Linux]] client that is very useful in filtering malicous peers on P2P networks.
  
 
= Installation =
 
= Installation =
  
First you need [http://aur.archlinux.org/packages.php?ID=5925 moblock] package from [[AUR]]. If you want GUI, install the [http://aur.archlinux.org/packages.php?ID=25466 blockcontrol] (dependency for GUI) and [http://aur.archlinux.org/packages.php?ID=14802 mobloquer] (moblock GUI written using Qt).
+
First you need [https://aur.archlinux.org/packages.php?ID=5925 moblock] package from [[AUR]]. If you want GUI, install the [https://aur.archlinux.org/packages.php?ID=25466 blockcontrol] (dependency for GUI) and [https://aur.archlinux.org/packages.php?ID=14802 mobloquer] (moblock GUI written using Qt).
  
 
= Setting up =
 
= Setting up =
Line 26: Line 30:
  
 
Now run moblock-update to update the lists.
 
Now run moblock-update to update the lists.
 +
 +
Note: If you get an error like this when doing a /etc/rc.d/moblock start:
 +
 +
<code>
 +
iptables v1.4.8: iprange: Bad value for "--dst-range" option: "10.0.1.0/24"<br />
 +
Try `iptables -h' or 'iptables --help' for more information.
 +
</code>
 +
 +
Try using a range instead, so WHITE_IP_IN="10.0.1.0-10.0.1.255"
  
 
== Starting up ==
 
== Starting up ==
Line 34: Line 47:
  
 
This is it! If you decide that moblock must run everytime you boot up, just add word ''moblock'' to your DAEMONS array in /etc/rc.conf
 
This is it! If you decide that moblock must run everytime you boot up, just add word ''moblock'' to your DAEMONS array in /etc/rc.conf
 +
 +
== MSN ==
 +
 +
If you use MSN for instant messaging, you'll need to add port 1863 to the whitelist:
 +
 +
<code>WHITE_TCP_OUT="http https 1863"</code>

Revision as of 18:29, 23 April 2012

Warning: MoBlock's development has been stopped in favor of Phoenix Labs' official PeerGuardian Linux (pgl). Parts of its code have been merged in pgl.

MoBlock is a IP blocking daemon that uses iptables. MoBlock is also unofficial PeerGuardian Linux client that is very useful in filtering malicous peers on P2P networks.

Installation

First you need moblock package from AUR. If you want GUI, install the blockcontrol (dependency for GUI) and mobloquer (moblock GUI written using Qt).

Setting up

Configuration

Open the /etc/moblock/config file with your favourite editor.

I recommend disabling filtering HTTP connections, so find WHITE_TCP_OUT="" and add http https to it. It will looks like: ] WHITE_TCP_OUT="http https"

In this file you can also customize what lists MoBlock will use for filtering, but is best to keep the defaults (MoBlock will filter about 99% bad connections, but will not be too paranoid).

If you are behind NAT, add this to config:

WHITE_IP_IN="192.168.0.0/24"
WHITE_IP_OUT="192.168.0.0/24"

That will whitelist everything from 192.168.0.0 to 192.168.0.255.

Now run moblock-update to update the lists.

Note: If you get an error like this when doing a /etc/rc.d/moblock start:

iptables v1.4.8: iprange: Bad value for "--dst-range" option: "10.0.1.0/24"
Try `iptables -h' or 'iptables --help' for more information.

Try using a range instead, so WHITE_IP_IN="10.0.1.0-10.0.1.255"

Starting up

After configuration just run

# /etc/rc.d/moblock start

This is it! If you decide that moblock must run everytime you boot up, just add word moblock to your DAEMONS array in /etc/rc.conf

MSN

If you use MSN for instant messaging, you'll need to add port 1863 to the whitelist:

WHITE_TCP_OUT="http https 1863"