“UbuntuHelp:MoBlock”的版本间的差异

2007年11月30日 (五) 20:18的版本

文章出处:

https://help.ubuntu.com/community/MoBlock

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p). There are plans to make it the official PeerGuardian for Linux. Note: Firestarter and most iptables firewalls do not work with MoBlock. If you want a firewall that works with MoBlock, you can try FireHOL. See the instructions for FireHOL users (scroll down). You may also try iplist by uljanow. Also consider that routers can make software firewalls on your computer redundant.

Add Repository

Add the correct gpg key to the apt keyring

All repositories use this. In terminal, type the following.

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg --export --armor 9072870B | sudo apt-key add -

Add specific repository for release

You must use a repository for your specific release (i.e. Ubuntu 7.10)

Ubuntu 7.10 ("Gutsy Gibbon") 32-bit

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian gutsy main
deb-src http://moblock-deb.sourceforge.net/debian gutsy main

Ubuntu 7.04 ("Feisty Fawn") 32-bit

Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian feisty main
deb-src http://moblock-deb.sourceforge.net/debian feisty main

Ubuntu 6.10 ("Edgy Eft") 32-bit

These instructions are currently broken, most likely due to a a bug in lsb init-functions (lsb-base). Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian etch main
deb-src http://moblock-deb.sourceforge.net/debian etch main

Ubuntu 6.06 ("Dapper Drake") 32-bit

These instructions have not been confirmed to work. Please report in this thread if they are valid. Add to /etc/apt/sources.list

deb http://moblock-deb.sourceforge.net/debian etch main
deb-src http://moblock-deb.sourceforge.net/debian etch main

64-bit packages

These repositories do not contain 64-bit packages. You can either create your own from source or use a user-built packages.

Ubuntu 7.10 ("Gutsy Gibbon")

Ubuntu 7.10 64-bit moblock-nfq package 0.8-29 (Hosted by Ubuntu Forums)

Ubuntu 7.04 ("Feisty Fawn")

Ubuntu 7.04 64-bit moblock-nfq package 0.8-21

Package Installation

Using Repositories

MoBlock checks traffic that is sent to the iptables QUEUE (deprecated) or NFQUEUE (new) target. So there are two packages, moblock-ipq and moblock-nfq. Depending on your package of choice you need either the ip_queue or xt_NFQUEUE kernel module loaded. Unless you have a Linux kernel older than 2.6.14, you should use the moblock-nfq package with the new target.

Ubuntu 7.10 ("Gutsy Gibbon") and Ubuntu 7.04 ("Feisty Fawn")

Add the repositories using the above instructions.

Via Synaptic Package Manager
Via apt-get

sudo apt-get install moblock-nfq

Ubuntu 6.10 ("Edgy Eft")

These instructions are currently broken, most likely due to a a bug in lsb init-functions (lsb-base). Add the repositories using the above instructions. Then, you need to install two netfilter lib packages. libnfnetlink (Hosted by Ubuntu Forums) libnetfilter-queue (Hosted by Ubuntu Forums) Finally, install the moblock-nfq package from the repository.

Via Synaptic Package Manager
Via apt-get

sudo apt-get install moblock-nfq

Ubuntu 6.06 ("Dapper Drake")

These instructions have not been confirmed to work. Please report in this thread if they are valid. Add the repositories using the above instructions. Then, you need to install two netfilter lib packages. libnfnetlink (Hosted by Ubuntu Forums) libnetfilter-queue (Hosted by Ubuntu Forums) Finally, install the moblock-nfq package from the repository.

Via Synaptic Package Manager
Via apt-get

sudo apt-get install moblock-nfq

Compile a package

If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for 64-bit packages (although user-built packages are provided above), or for an older release (you will also have to compile netfilter lib packages). First, make sure you have added a source repository for your release. Then, run the following in terminal.

sudo apt-get update
sudo apt-get install fakeroot
mkdir moblock
cd moblock
sudo apt-get build-dep -y moblock
apt-get source moblock
cd moblock-*
dpkg-buildpackage -rfakeroot
cd ..
sudo dpkg -i moblock-nfq*.deb
sudo apt-get purge -y build-essential debhelper dpatch dpkg-dev g++ g++-4.1 gettext html2text intltool-debian iptables-dev libc6-dev libnetfilter-queue-dev libnfnetlink-dev libstdc++6-4.1-dev linux-libc-dev patch po-debconf
sudo apt-get install -f

Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better. Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The MoBlock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock-nfq*.deb is installed and its dependencies are installed. Finally, the development dependencies (including configuration files) are removed. You can also use this shell script (hosted by Ubuntu Forums). Make sure it is executable. In Ubuntu, you can right click it and click on properties. In the tab Permissions make sure Allow executing this file as program is checked. Then close and double click on the file. Click the button Run in Terminal.

Install a package

Use the instructions at the [[UbuntuHelp:InstallingSoftware] page under [|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5:Installing downloaded packages]]

Configuration and Usage

The packages contain a moblock-control script with the following features:

start and stop MoBlock (including handling of the iptables rules if desired)
update the specified blocklists from online sources
use local blocklists
modify the blocklist and whitelist IPs and ports

The logfiles are rotated daily. In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block.

Start MoBlock

sudo moblock-control start

Stop MoBlock

sudo moblock-control stop

Restart MoBlock

sudo moblock-control restart

Rebuild Blocklist

sudo moblock-control reload

Moblock is then reloaded.

Update Blocklists

sudo moblock-control update

Moblock is then reloaded.

MoBlock Status

sudo moblock-control status

It receives the iptables settings and the status of the MoBlock daemon.

Test MoBlock

sudo moblock-control test

The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time).

tail -f /var/log/moblock.log

Frequently Asked Questions (FAQ)

Some applications cannot connect to the internet any more!

No ports are whitelisted by default. So, if the IP address your application is trying to reach, is in the blocklist, it is blocked. To change that, locate line 68 in /etc/moblock/moblock.conf

gksu gedit /etc/moblock/moblock.conf

In Kubuntu, replace gksu with kdesu.

#WHITE_TCP_OUT="http https"

Uncomment the code, that is, remove the hash (#).

WHITE_TCP_OUT="http https"

See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections. In effect, you can now browse blocked ips, with firefox/konqueror or any other browser. If you know the port number of an application you use, then this is the place to put it. If you want to put a range of ports, use the format "startport:endport".

But why can I not just remove the IP address from the blocklist instead?

You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).

tail -f /var/log/moblock.log

Then, edit /etc/moblock/moblock.conf

gksu gedit /etc/moblock/moblock.conf

In Kubuntu, replace gksu with kdesu. To whitelist one specific IP, edit the following part.

# Do a "moblock-control restart" when you have changed these settings.
IP_TCP_IN=""
IP_UDP_IN=""
IP_TCP_OUT=""
IP_UDP_OUT=""
IP_TCP_FORWARD=""
IP_UDP_FORWARD=""

Separate IP addresses with a whitespace. To whitelist a whole range you can use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists), edit the following part.

# Do a "moblock-control reload" when you have changed these settings.
IP_REMOVE=""

Separate phrases with a semicolon. Remember to reload or restart MoBlock after modifying the configuration.

How do I choose what blocklists to include in the update function?

Edit /etc/moblock/blocklists.list

gksu gedit /etc/moblock/blocklists.list

In Kubuntu, replace gksu with kdesu. Uncomment the blocklists, that is, remove the hash (#) to enable certain blocklists or comment them out by adding a hash before the blocklists to disable them.

How do I keep it installed, without having it run at startup?

Edit /etc/moblock/moblock.conf.

gksu gedit /etc/moblock/moblock.conf

In Kubuntu, replace gksu with kdesu. Set the following.

MOBLOCK_INIT="0"

What happens when I install MoBlock the first time?

It will download a new blocklist for you during installation, and start it as a deamon. In other words, it will start automatically everytime you boot up.

I have a custom compiled kernel. Moblock does not work.

Enable netfilter support in xconfig, or in the kernel source config file.

How do I change automatic updating?

MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/moblock/moblock.conf.

gksu gedit /etc/moblock/moblock.conf

The number in the following setting enables (1) or disables (2) automatic updating.

MOBLOCK_CRON="1"

To disable automatic updating, set the following.

MOBLOCK_CRON="0"

Credits

Special thanks to pelle.k for the Ubuntu Forums thread this is derived from, the MoBlock Debian Packages maintainer jre, and the contributors to MoBlock. The Ubuntu 7.10 64-bit package and source page shell script were provided by daradib. The Ubuntu 7.04 64-bit package was provided by minijoe. The Ubuntu 6.06 netfilter lib packages were provided by foxy123.

@@ 第1行： / 第1行： @@
 {{From|https://help.ubuntu.com/community/MoBlock}}
 {{Languages|UbuntuHelp:MoBlock}}
 MoBlock is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p).
 There are plans to make it the official PeerGuardian for Linux.
 Note: Firestarter and most iptables firewalls do not work with MoBlock. If you want a firewall that works with MoBlock, you can try FireHOL. See the '''[http://ubuntuforums.org/showpost.php?p=1114891&postcount=1 instructions for FireHOL users]''' (scroll down). You may also try '''[http://iplist.sourceforge.net/ iplist]''' by '''[http://forums.phoenixlabs.org/member.php?u=8022 uljanow]'''.  Also consider that routers can make software firewalls on your computer redundant.
 == Add Repository ==
 === Add the correct gpg key to the apt keyring ===
 All repositories use this. In terminal, type the following.
 <pre><nowiki>
 gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
 gpg --export --armor 9072870B | sudo apt-key add -
 </nowiki></pre>
 === Add specific repository for release ===
 You must use a repository for your specific release (i.e. Ubuntu 7.10)
 ==== Ubuntu 7.10 ("Gutsy Gibbon") 32-bit ====
 Add to /etc/apt/sources.list
 <pre><nowiki>
 deb http://moblock-deb.sourceforge.net/debian gutsy main
 deb-src http://moblock-deb.sourceforge.net/debian gutsy main
 </nowiki></pre>
 ====  Ubuntu 7.04 ("Feisty Fawn") 32-bit ====
 Add to /etc/apt/sources.list
 <pre><nowiki>
 deb http://moblock-deb.sourceforge.net/debian feisty main
 deb-src http://moblock-deb.sourceforge.net/debian feisty main
 </nowiki></pre>
 ==== Ubuntu 6.10 ("Edgy Eft") 32-bit ====
 These instructions are currently broken, most likely due to a a bug in lsb init-functions (lsb-base).
 Add to /etc/apt/sources.list
 <pre><nowiki>
 deb http://moblock-deb.sourceforge.net/debian etch main
 deb-src http://moblock-deb.sourceforge.net/debian etch main
 </nowiki></pre>
 ==== Ubuntu 6.06 ("Dapper Drake") 32-bit ====
 These instructions have not been confirmed to work. Please report in '''[http://ubuntuforums.org/showthread.php?t=192559 this thread]''' if they are valid.
 Add to /etc/apt/sources.list
 <pre><nowiki>
 deb http://moblock-deb.sourceforge.net/debian etch main
 deb-src http://moblock-deb.sourceforge.net/debian etch main
 </nowiki></pre>
 ==== 64-bit packages ====
 These repositories do not contain 64-bit packages. You can either create your own from source or use a user-built packages.
 ===== Ubuntu 7.10 ("Gutsy Gibbon") =====
 Ubuntu 7.10 64-bit '''[http://ubuntuforums.org/attachment.php?attachmentid=50321&d=1195167855 moblock-nfq package]''' 0.8-29 (Hosted by Ubuntu Forums)
 ===== Ubuntu 7.04 ("Feisty Fawn") =====
 Ubuntu 7.04 64-bit '''[http://moblock-deb.sourceforge.net/moblock-nfq_0.8-21+feisty_amd64.deb moblock-nfq package]''' 0.8-21
 == Package Installation ==
 === Using Repositories ===
 MoBlock checks traffic that is sent to the iptables QUEUE (deprecated) or NFQUEUE (new) target. So there are two packages, moblock-ipq and moblock-nfq. Depending on your package of choice you need either the ip_queue or xt_NFQUEUE kernel module loaded. Unless you have a Linux kernel older than 2.6.14, you should use the moblock-nfq package with the new target.
 ==== Ubuntu 7.10 ("Gutsy Gibbon") and Ubuntu 7.04 ("Feisty Fawn") ====
 Add the repositories using the above instructions.
 * Via '''[[UbuntuHelp:Synaptic|Synaptic Package Manager]]'''
 * Via apt-get
@@ 第90行： / 第55行： @@
 sudo apt-get install moblock-nfq
 </nowiki></pre>
 ==== Ubuntu 6.10 ("Edgy Eft") ====
 These instructions are currently broken, most likely due to a a bug in lsb init-functions (lsb-base).
 Add the repositories using the above instructions.
 Then, you need to install two netfilter lib packages.
 '''[http://www.ubuntuforums.org/attachment.php?attachmentid=20162&stc=1&d=1164741758 libnfnetlink]''' (Hosted by Ubuntu Forums)
 '''[http://www.ubuntuforums.org/attachment.php?attachmentid=20163&stc=1&d=1164741758 libnetfilter-queue]''' (Hosted by Ubuntu Forums)
 Finally, install the moblock-nfq package from the repository.
 * Via '''[[UbuntuHelp:Synaptic|Synaptic Package Manager]]'''
 * Via apt-get
@@ 第110行： / 第67行： @@
 sudo apt-get install moblock-nfq
 </nowiki></pre>
 ==== Ubuntu 6.06 ("Dapper Drake") ====
 These instructions have not been confirmed to work. Please report in '''[http://ubuntuforums.org/showthread.php?t=192559 this thread]''' if they are valid.
 Add the repositories using the above instructions.
 Then, you need to install two netfilter lib packages.
 '''[http://www.ubuntuforums.org/attachment.php?attachmentid=20165&stc=1&d=1164742172 libnfnetlink]''' (Hosted by Ubuntu Forums)
 '''[http://www.ubuntuforums.org/attachment.php?attachmentid=20166&stc=1&d=1164742172 libnetfilter-queue]''' (Hosted by Ubuntu Forums)
 Finally, install the moblock-nfq package from the repository.
 * Via '''[[UbuntuHelp:Synaptic|Synaptic Package Manager]]'''
 * Via apt-get
@@ 第130行： / 第79行： @@
 sudo apt-get install moblock-nfq
 </nowiki></pre>
 === Compile a package ===
 If you want to make your own MoBlock binary package from source and install it, you can use the following instructions. Most users will not need to compile a package, but this can be used for 64-bit packages (although user-built packages are provided above), or for an older release (you will also have to compile netfilter lib packages).
 First, make sure you have added a source repository for your release. Then, run the following in terminal.
 <pre><nowiki>
@@ 第150行： / 第96行： @@
 sudo apt-get install -f
 </nowiki></pre>
 Some of these commands can be combined into one, but this lets you make changes like adding a patch if necessary and explains the process better.
 Explanation: the directory moblock is created and the current working directory is changed to it. Moblock's development dependencies are then installed. The MoBlock source package is downloaded and the current working directory is changed to it. The source and binary packages are built and the working directory is moved one directory up. Then the moblock-nfq*.deb is installed and its dependencies are installed. Finally, the development dependencies (including configuration files) are removed.
 You can also use this '''[http://ubuntuforums.org/attachment.php?attachmentid=50325&d=1195170638 shell script]''' (hosted by Ubuntu Forums). Make sure it is executable. In Ubuntu, you can right click it and click on properties. In the tab Permissions make sure Allow executing this file as program is checked. Then close and double click on the file. Click the button Run in Terminal.
 === Install a package ===
 Use the instructions at the '''[[UbuntuHelp:InstallingSoftware]''' page under '''[|InstallingSoftware#head-c0628aa246e0b55ea2009705d1b5a84ede8736b5:Installing downloaded packages]]'''
 == Configuration and Usage ==
 The packages contain a moblock-control script with the following features:
 * start and stop MoBlock (including handling of the iptables rules if desired)
 * update the specified blocklists from online sources
 * use local blocklists
 * modify the blocklist and whitelist IPs and ports
 The logfiles are rotated daily.
 In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block.
 === Start MoBlock ===
 <pre><nowiki>
 sudo moblock-control start
 </nowiki></pre>
 === Stop MoBlock ===
 <pre><nowiki>
 sudo moblock-control stop
 </nowiki></pre>
 === Restart MoBlock ===
 <pre><nowiki>
 sudo moblock-control restart
 </nowiki></pre>
 === Rebuild Blocklist ===
 <pre><nowiki>
 sudo moblock-control reload
 </nowiki></pre>
 Moblock is then reloaded.
 === Update Blocklists ===
 <pre><nowiki>
 sudo moblock-control update
 </nowiki></pre>
 Moblock is then reloaded.
 === MoBlock Status ===
 <pre><nowiki>
 sudo moblock-control status
 </nowiki></pre>
 It receives the iptables settings and the status of the MoBlock daemon.
 === Test MoBlock ===
 <pre><nowiki>
 sudo moblock-control test
 </nowiki></pre>
 The test has been known to have problems in older versions of MoBlock. Look at the log to check if you are unsure. This can be done interactively (this command will show you the log in real-time).
 <pre><nowiki>
 tail -f /var/log/moblock.log
 </nowiki></pre>
 == Frequently Asked Questions (FAQ) ==
 === Some applications cannot connect to the internet any more! ===
 No ports are whitelisted by default. So, if the IP address your application is trying to reach, is in the blocklist, it is blocked.
 To change that, locate line 68 in /etc/moblock/moblock.conf
@@ 第229行： / 第151行： @@
 gksu gedit /etc/moblock/moblock.conf
 </nowiki></pre>
 In Kubuntu, replace gksu with kdesu.
 <pre><nowiki>
 #WHITE_TCP_OUT="http https"
 </nowiki></pre>
 Uncomment the code, that is, remove the hash (#).
 <pre><nowiki>
 WHITE_TCP_OUT="http https"
 </nowiki></pre>
 See? By default port 80 and 443 (also called http and https) is configured, for outgoing connections.
 In effect, you can now browse blocked ips, with firefox/konqueror or any other browser.
 If you know the port number of an application you use, then this is the place to put it. If you want to put a range of ports, use the format "startport:endport".
 === But why can I not just remove the IP address from the blocklist instead? ===
 You can. Find out what you want to whitelist by checking /var/log/moblock.log. This can be done interactively (this command will show you the log in real-time).
 <pre><nowiki>
 tail -f /var/log/moblock.log
 </nowiki></pre>
 Then, edit /etc/moblock/moblock.conf
 <pre><nowiki>
 gksu gedit /etc/moblock/moblock.conf
 </nowiki></pre>
 In Kubuntu, replace gksu with kdesu.
 To whitelist one specific IP, edit the following part.
 <pre><nowiki>
 # Do a "moblock-control restart" when you have changed these settings.
 IP_TCP_IN=""
 IP_UDP_IN=""
@@ 第269行： / 第182行： @@
 IP_UDP_FORWARD=""
 </nowiki></pre>
 Separate IP addresses with a whitespace.
 To whitelist a whole range you can use a search phrase, such as Google, Hotmail, or an actual IP address range (as specified in the blocklists), edit the following part.
 <pre><nowiki>
@@ 第277行： / 第188行： @@
 IP_REMOVE=""
 </nowiki></pre>
 Separate phrases with a semicolon.
 Remember to reload or restart MoBlock after modifying the configuration.
 === How do I choose what blocklists to include in the update function? ===
 Edit /etc/moblock/blocklists.list
 <pre><nowiki>
 gksu gedit /etc/moblock/blocklists.list
 </nowiki></pre>
 In Kubuntu, replace gksu with kdesu.
 Uncomment the blocklists, that is, remove the hash (#) to enable certain blocklists or comment them out by adding a hash before the blocklists to disable them.
 === How do I keep it installed, without having it run at startup? ===
 Edit /etc/moblock/moblock.conf.
 <pre><nowiki>
 gksu gedit /etc/moblock/moblock.conf
 </nowiki></pre>
 In Kubuntu, replace gksu with kdesu.
 Set the following.
 <pre><nowiki>
 MOBLOCK_INIT="0"
 </nowiki></pre>
 === What happens when I install MoBlock the first time? ===
 It will download a new blocklist for you during installation, and start it as a deamon. In other words, it will start automatically everytime you boot up.
 === I have a custom compiled kernel. Moblock does not work. ===
 Enable netfilter support in xconfig, or in the kernel source config file.
 === How do I change automatic updating? ===
 MoBlock automatically updates its blocklists everyday. To configure automatic updating, edit /etc/moblock/moblock.conf.
 <pre><nowiki>
 gksu gedit /etc/moblock/moblock.conf
 </nowiki></pre>
 The number in the following setting enables (1) or disables (2) automatic updating.
 <pre><nowiki>
 MOBLOCK_CRON="1"
 </nowiki></pre>
 To disable automatic updating, set the following.
 <pre><nowiki>
 MOBLOCK_CRON="0"
 </nowiki></pre>
 == Credits ==
 Special thanks to '''[http://ubuntuforums.org/member.php?u=50108 pelle.k]''' for the Ubuntu Forums '''[http://ubuntuforums.org/showthread.php?p=1114891 thread]''' this is derived from, the MoBlock Debian Packages maintainer '''[http://ubuntuforums.org/member.php?u=228584 jre]''', and the contributors to MoBlock. The Ubuntu 7.10 64-bit package and source page shell script were provided by '''[http://ubuntuforums.org/member.php?u=182332 daradib]'''. The Ubuntu 7.04 64-bit package  was provided by '''[http://ubuntuforums.org/member.php?u=58418 minijoe]'''. The Ubuntu 6.06 netfilter lib packages were provided by '''[http://ubuntuforums.org/member.php?u=14921 foxy123]'''.
 == Further Reading ==
 * '''[http://ubuntuforums.org/showthread.php?t=192559 MoBlock thread where people have asked questions]'''
 * '''[http://moblock.berlios.de/ MoBlock Homepage]'''
@@ 第343行： / 第232行： @@
 * '''[http://phoenixlabs.org/ Phoenix Labs (PeerGuardian)]'''
 * '''[http://ubuntuforums.org/showpost.php?p=1114891&postcount=1 Instructions for FireHOL users (scroll down)]'''
 ----
 [[category:CategoryDocumentation]]
 [[category:UbuntuHelp]]

	隐私政策关于Ubuntu中文免责声明
	Mozilla Cavendish Theme based on Cavendish style by Gabriel Wicke modified by DaSch for the Web Community Wiki github Projectpage – Report Bug – Skin-Version: 2.3.4

个人工具

“UbuntuHelp:MoBlock”的版本间的差异 - Ubuntu中文

搜索