“UbuntuHelp:MoBlock”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
| 第3行: | 第3行: | ||
MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat. | MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat. | ||
There are plans to make it the official PeerGuardian for Linux. | There are plans to make it the official PeerGuardian for Linux. | ||
| − | Note: Since version 0.9 MoBlock | + | Note: Since version 0.9 RC1 MoBlock no longer conflicts with other firewalls. But you have to make sure that MoBlock is started after them and the iptables rules don't get changed later. You may also try '''[http://iplist.sourceforge.net/ iplist]''' by '''[http://forums.phoenixlabs.org/member.php?u=8022 uljanow]'''. Also consider that routers can make software firewalls on your computer redundant. |
== Add Repository == | == Add Repository == | ||
=== Add the correct gpg key to the apt keyring === | === Add the correct gpg key to the apt keyring === | ||
| 第18行: | 第18行: | ||
In Kubuntu, replace gksu with kdesu. | In Kubuntu, replace gksu with kdesu. | ||
Add the two lines for your specific release (i.e. Ubuntu 7.10): | Add the two lines for your specific release (i.e. Ubuntu 7.10): | ||
| − | ==== Ubuntu ("Intrepid Ibex") 32-bit and 64-bit ==== | + | ==== Ubuntu 8.10 ("Intrepid Ibex") 32-bit and 64-bit ==== |
<pre><nowiki> | <pre><nowiki> | ||
deb http://moblock-deb.sourceforge.net/debian intrepid main | deb http://moblock-deb.sourceforge.net/debian intrepid main | ||
2008年12月16日 (二) 19:25的版本
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat. There are plans to make it the official PeerGuardian for Linux. Note: Since version 0.9 RC1 MoBlock no longer conflicts with other firewalls. But you have to make sure that MoBlock is started after them and the iptables rules don't get changed later. You may also try iplist by uljanow. Also consider that routers can make software firewalls on your computer redundant.
目录
- 1 Add Repository
- 2 Package Installation
- 3 Configuration and Usage
- 4 Frequently Asked Questions (FAQ)
- 4.1 I cannot connect to the internet any more!
- 4.2 Some applications cannot connect to the internet any more!
- 4.3 But why can I not just remove the IP address from the blocklist instead?
- 4.4 How do I choose what blocklists to include in the update function?
- 4.5 How do I keep it installed, without having it run at startup?
- 4.6 What happens when I install MoBlock the first time?
- 4.7 I have a custom compiled kernel. Moblock does not work.
- 4.8 How do I change automatic updating?
- 4.9 MoBlock fails to start or stop
- 5 Credits
- 6 Further Reading
Add Repository
Add the correct gpg key to the apt keyring
All repositories use this. In terminal, type the following.
gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B gpg --export --armor 9072870B | sudo apt-key add -
Add specific repository for release
You have to add the repository sources to your /etc/apt/sources.list:
gksu gedit /etc/apt/sources.list
In Kubuntu, replace gksu with kdesu. Add the two lines for your specific release (i.e. Ubuntu 7.10):
Ubuntu 8.10 ("Intrepid Ibex") 32-bit and 64-bit
deb http://moblock-deb.sourceforge.net/debian intrepid main deb-src http://moblock-deb.sourceforge.net/debian intrepid main
Ubuntu 8.04 ("Hardy Heron") 32-bit and 64-bit
deb http://moblock-deb.sourceforge.net/debian hardy main deb-src http://moblock-deb.sourceforge.net/debian hardy main
Ubuntu 7.10 ("Gutsy Gibbon") 32-bit 64-bit
deb http://moblock-deb.sourceforge.net/debian gutsy main deb-src http://moblock-deb.sourceforge.net/debian gutsy main
Ubuntu 7.04 ("Feisty Fawn") 32-bit 64-bit
deb http://moblock-deb.sourceforge.net/debian feisty main deb-src http://moblock-deb.sourceforge.net/debian feisty main
Package Installation
Install the packages moblock and moblock-control. If you want a graphical interface you can also install mobloquer (not on Ubuntu Feisty). There is also another package (moblock-ipq) - this is an deprecated version for older kernel versions (< 2.6.14).
- Via Synaptic Package Manager
- Via aptitude
sudo aptitude update sudo aptitude install moblock moblock-control
Compile a package
If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for unsupported architectures or for an older release (you will also have to compile netfilter lib packages). First, make sure you have added a source repository for your release. Then, run the following in terminal.
sudo aptitude update sudo aptitude install fakeroot mkdir moblock cd moblock sudo apt-get build-dep -y moblock apt-get source moblock cd moblock-* dpkg-buildpackage -rfakeroot cd .. sudo dpkg -i moblock*.deb sudo apt-get install -f
Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better. Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The moblock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock*.deb is installed and its dependencies are installed. Now, repeat these steps for moblock-control.
Install a package
Use the instructions at the UbuntuHelp:InstallingSoftware page under Installing downloaded packages|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5|Installing downloaded packages
Configuration and Usage
moblock-control features include:
- start and stop MoBlock (including handling of the iptables rules if desired)
- update the specified blocklists from online sources
- use local blocklists
- modify the blocklist and whitelist IPs and ports
The logfiles are rotated daily. In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block. Don't edit /etc/moblock/moblock.conf directly, but put your changes in /etc/default/moblock. Then updates will be easier. Configuration values in the latter file overwrite those in the first.
Start MoBlock
sudo moblock-control start
Stop MoBlock
sudo moblock-control stop
Restart MoBlock
sudo moblock-control restart
Rebuild Blocklist
sudo moblock-control reload
Moblock is then reloaded.
Update Blocklists
sudo moblock-control update
Moblock is then reloaded.
MoBlock Status
sudo moblock-control status
It receives the iptables settings and the status of the MoBlock daemon.
Test MoBlock
sudo moblock-control test
The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
Frequently Asked Questions (FAQ)
I cannot connect to the internet any more!
EDIT: LAN traffic is now whitelisted automatically., but this features is still experimental. If you have problems follow these instructions: MoBlock often blocks your complete LAN, including your router. So you have to whitelist your LAN. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections this might be "eth0", for wireless connections "wlan0". Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then you need to whitelist this range for incoming and outgoing connections. Edit /etc/default/moblock (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/default/moblock
and add these lines:
WHITE_IP_IN="192.168.0.0/24" WHITE_IP_OUT="192.168.0.0/24"
Do a
moblock-control restart
when you have changed these settings.
Some applications cannot connect to the internet any more!
If the IP address that your application is trying to reach is in the blocklist, it will be blocked. But you can allow traffic for specific ports. The ports 80 (http) and 443 (https) are whitelisted by default. To allow traffic also on other ports edit /etc/default/moblock (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/default/moblock
and add/edit this line:
WHITE_TCP_OUT="http https"
Do a
moblock-control restart
when you have changed these settings. See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. In effect, you can browse blocked ips, with firefox/konqueror or any other browser. If you know the port number of an application you use, then this is the place to put it. If you want to put a range of ports, use the format "startport:endport".
But why can I not just remove the IP address from the blocklist instead?
You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).
tail -f /var/log/moblock.log
There are different ways. For one, edit /etc/moblock/allow.p2p (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/moblock/allow.p2p
If you want to whitelist the IP range "192.168.178.1 - 192.168.178.255 and the IP 123.123.123.123 add this:
192.168.178.1-192168.178.255 123.123.123.123-123.123.123.123
Do a
moblock-control restart
when you have changed these settings. For the old method, edit /etc/moblock/allow.p2p (in Kubuntu, replace gksu with kdesu)
gksu gedit /etc/moblock/allow.p2p
To whitelist IPs add the following variables:
WHITE_IP_IN="" WHITE_IP_OUT="" WHITE_IP_FORWARD=""
Insert e.g. "192.168.178.1" to whitelist a single IP, or e.g. "192.168.178.0/24" to whitelist an IP range (192.168.178.0 - 192.168.178.255) or e.g. "192.168.0.0/16" to whitelist a bigger IP range (192.168.0.0 - 192.168.255.255) Separate IP addresses with a whitespace. So you might have an entry like this:
WHITE_IP_IN="192.168.0.0/24" WHITE_IP_OUT="192.168.0.0/24 123.123.123.123 234.234.234.234"
Do a
moblock-control restart
when you have changed these settings. You can also use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists). Add the following variable to /etc/default/moblock:
IP_REMOVE=""
Separate phrases with a semicolon. So you might have an entry like this:
IP_REMOVE="google;yahoo;altavista"
Do a
moblock-control reload
when you have changed these settings. Remember to reload or restart MoBlock after modifying the configuration.
How do I choose what blocklists to include in the update function?
Edit /etc/moblock/blocklists.list
gksu gedit /etc/moblock/blocklists.list
In Kubuntu, replace gksu with kdesu. Uncomment the blocklists, that is, remove the hash (#) to enable certain blocklists or comment them out by adding a hash before the blocklists to disable them. Do a
moblock-control update
when you have changed these settings.
How do I keep it installed, without having it run at startup?
Edit /etc/default/moblock.
gksu gedit /etc/default/moblock
In Kubuntu, replace gksu with kdesu. Set the following:
MOBLOCK_INIT="0"
What happens when I install MoBlock the first time?
It will download a new blocklist for you during installation, and start it as a deamon. In other words, it will start automatically everytime you boot up.
I have a custom compiled kernel. Moblock does not work.
MoBlock depends on netfilter support in the kernel. There are two possibilities: Netfilter support as kernel modules (recommended): Enable netfilter support in xconfig, or in the kernel source config file as modules. Netfilter support built-in directly in the kernel: Enable netfilter support in xconfig, or in the kernel source config file. moblock-control will then make sure that the netfilter support is available to MoBlock.
How do I change automatic updating?
MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/default/moblock.
gksu gedit /etc/default/moblock
The number in the following setting enables (1) or disables (2) automatic updating.
MOBLOCK_CRON="1"
To disable automatic updating, set the following.
MOBLOCK_CRON="0"
MoBlock fails to start or stop
Have a look at /var/log/moblock-control.log and /var/log/moblock.log. In most cases an incorrect configuration option is the reason. If you don't understand the logfiles post them at the forum (please do this in CODE tags). If you think you messed thinks up you can make a clean reinstall:
aptitude purge moblock aptitude install moblock
Credits
Special thanks to pelle.k for the Ubuntu Forums thread this is derived from, the MoBlock Debian Packages maintainer jre, and the contributors to MoBlock. The Ubuntu 7.10 64-bit package and source page shell script were provided by daradib. The Ubuntu 7.04 64-bit package was provided by minijoe. The Ubuntu 6.06 netfilter lib packages were provided by foxy123.
Further Reading
- MoBlock thread where people have asked questions
- MoBlock Homepage
- MoBlock Debian Packages
- Phoenix Labs (PeerGuardian)
- Instructions for FireHOL users (scroll down)
