Stavo armeggiando con la konsole , quando mi trovo davanti
barabba:/# blockcontrol -h Usage: blockcontrol OPTION Options: start stop restart reload update status test stats reset_stats show_config search
ho cominciato subito a provare i comandi , e devo dire che sono molto più eleganti , pratici e efficaci di mobloquer , ovvero la GUI di moblock .
vi mostrerè l’output di alcuni :
Cominciamo con il fermare moblock
barabba:/# blockcontrol stop
Stopping MoBlock: moblock.
Ora avviamo il servizio
barabba:/# blockcontrol start Starting MoBlock: moblock.
riavviamo moblock
barabba:/# blockcontrol restart Restarting MoBlock: moblock.
Ricarichiamo la lista dei fitri
barabba:/# blockcontrol reload
Reloading MoBlock: moblock.
Passiamo ora ad aggiornare le nostre liste di IP
barabba:/# blockcontrol update
Updating blocklists and reloading MoBlock: moblock.
The following lists were updated:
TBG_Educational_Institutions (last modified: 2009-04-24 09:00)
Bluetack_level2 (last modified: 2009-04-24 09:00)
Bluetack_level3 (last modified: 2009-04-24 09:00)
For the following lists there was no update available:
TBG_Primary_Threats (last modified: 2009-04-24 06:00)
TBG_General_Corporate_Ranges (last modified: 2009-04-24 09:00)
TBG_Business_ISPs (last modified: 2009-04-24 09:00)
TBG_Search_Engines (last modified: 2009-04-24 04:30)
TBG_Hijacked (last modified: 2009-04-24 04:30)
TBG_Bogon (last modified: 2009-04-24 04:30)
Bluetack_level1 (last modified: 2009-04-24 06:00)
Bluetack_edu (last modified: 2009-04-24 06:00)
Bluetack_ads (last modified: 2009-04-24 04:30)
Bluetack_bogon (last modified: 2009-04-24 04:30)
Bluetack_spyware (last modified: 2009-04-24 04:30)
Bluetack_spider (last modified: 2009-04-24 04:30)
Bluetack_Microsoft (last modified: 2009-04-24 04:30)
Bluetack_proxy (last modified: 2009-04-24 04:30)
Bluetack_hijacked (last modified: 2009-04-24 04:30)
Bluetack_dshield (last modified: 2009-04-24 04:30)
Il comando che viene adesso è tra i più chiari
barabba:/# blockcontrol status Current IPv4 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 181K packets, 254M bytes) pkts bytes target prot opt in out source destination 3 85 blockcontrol_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 blockcontrol_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain OUTPUT (policy ACCEPT 79559 packets, 6307K bytes) pkts bytes target prot opt in out source destination 130 8759 blockcontrol_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain blockcontrol_fw (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 0 0 RETURN all -- * * 0.0.0.0/0 208.67.222.222 0 0 RETURN all -- * * 0.0.0.0/0 208.67.220.220 0 0 RETURN all -- * * 0.0.0.0/0 81.174.67.134 0 0 RETURN all -- * * 0.0.0.0/0 87.118.111.215 0 0 RETURN all -- * * 192.168.1.0/24 192.168.1.0/24 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_in (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 1 29 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0 2 56 RETURN all -- * * 192.168.1.0/24 0.0.0.0/0 0 0 RETURN all -- * * 86.64.162.35 0.0.0.0/0 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_out (1 references) pkts bytes target prot opt in out source destination 21 1542 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable 0 0 RETURN all -- * * 0.0.0.0/0 208.67.222.222 0 0 RETURN all -- * * 0.0.0.0/0 208.67.220.220 0 0 RETURN all -- * * 0.0.0.0/0 81.174.67.134 11 714 RETURN all -- * * 0.0.0.0/0 87.118.111.215 1 29 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0 3 180 RETURN all -- * * 0.0.0.0/0 192.168.1.0/24 0 0 RETURN all -- * * 0.0.0.0/0 74.220.215.89 0 0 RETURN all -- * * 0.0.0.0/0 86.64.162.35 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3479 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3478 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 4 240 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 5 300 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 85 5754 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Current IPv6 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Please check if the above printed iptables rules are correct! moblock is running.
Mentre il comando test ci fa sentire più sicuri
barabba:/# blockcontrol test Testing MoBlock: CAUTION: This is just a simple test to check if MoBlock blocks outgoing connections. For this, an IP from the blocklist will be pinged. Then the test checks if this IP appears in the logfile /var/log/moblock.log. MoBlock marks packets to be blocked. This means you have to make sure that the marked packets are also blocked later (with appropriate iptables rules). If you are using the default configuration and MoBlock is started after other firewalls this will be the case. This test does not check if you have sane iptables rules or if your complete blocklist is in the correct format. Therefore success doesn't imply that everything is working as you expect it. Also have a look at "blockcontrol status" and test manually with traceroute. Trying to ping 4.17.157.255 from /var/lib/blockcontrol/guarding.p2p ... MoBlock marked the IP to be blocked and the IP did not answer.. Test succeeded..
Se vogliamo vedere cosa ha filtrato moblock passiamo il comando seguente
barabba:/# blockcontrol stats Dumping stats... ---------------------------------------- Sat Apr 25 00:10:50 2009 MoBlock Stats University of Iowa - 3 hits Enterprise Customers cablemodem - 3 hits CAT Telecom public company Ltd - 3 hits University of Michigan - 3 hits SURIS/RHnet Iceland University Research Network - 3 hits Videotron Telecom Ltee - 3 hits Proxad Static DSL - 3 hits Level 3 Communications - 1 hits TDC Internet Hosting - 2 hits UPC Austria GmbH - 2 hits ----------------------------------------
Se vogliamo resettare le stats che non verranno comunque cancellate
barabba:/# blockcontrol reset_stats Dumping stats to /var/log/MoBlock.stats... ----------------------------------------
Come ultimo vi lascio la mia configurazione
barabba:/# blockcontrol show_config blockcontrol current settings: ACCEPT="1" ACCEPT_MARK="20" ALLOW_FW="" ALLOW_IN="/etc/blockcontrol/allow.p2p" ALLOW_OUT="/etc/blockcontrol/allow.p2p" BLOCKLIST_FORMAT="p" BLOCKLISTS_DIR="/var/spool/blockcontrol" BLOCKLISTS_LIST="/etc/blockcontrol/blocklists.list" CONTROL_CONF="/etc/blockcontrol/blockcontrol.conf" CONTROL_LIB="/usr/lib/blockcontrol/blockcontrol.lib" CONTROL_LOG="/var/log/blockcontrol.log" CONTROL_NAME="blockcontrol" CONTROL_SCRIPT="/usr/bin/blockcontrol" CRON="1" CRON_MAILTO="root" DAEMON="/usr/bin/moblock" DAEMON_LOG="/var/log/moblock.log" DESC="MoBlock" E_BADARGS="2" E_BLOCKLIST="9" E_CONFIG="6" E_IPTABLES="8" E_NETWORK_DOWN="171" E_NOTROOT="4" E_XBIN="5" E_XCD="66" E_XEXTERNAL="170" E_XFILE="7" INIT="1" IP_REMOVE="" IPTABLES_ACTIVATION="1" IPTABLES_CUSTOM_DELETE="/etc/blockcontrol/iptables-custom-remove.sh" IPTABLES_CUSTOM_INSERT="/etc/blockcontrol/iptables-custom-insert.sh" IPTABLES_SETTINGS="1" IPTABLES_TARGET="NFQUEUE" IPTABLES_TARGET_WHITELISTING="RETURN" LOG_IPTABLES="" LOG_SYSLOG="0" LOG_TIMESTAMP="1" LSB="/lib/lsb/init-functions" LSB_MODE="0" MASTER_BLOCKLIST_DIR="/var/lib/blockcontrol" MD5SUM_FILE="/var/spool/blockcontrol/MD5SUM" NAME="moblock" NFQUEUE_NUMBER="92" PATH="/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" PIDFILE="/var/run/moblock.pid" REJECT="1" REJECT_FW="DROP" REJECT_IN="DROP" REJECT_MARK="10" REJECT_OUT="REJECT" STATFILE="/var/log/MoBlock.stats" STDIFS=" " TESTHOST="iblocklist.com" VERBOSITY="1" WGET_OPTS="wget -q -t 5 -T 120 -w 5" WHITE_IP_FORWARD="" WHITE_IP_IN="" WHITE_IP_OUT="" WHITE_LOCAL="1" WHITE_TCP_FORWARD="" WHITE_TCP_IN="4662" WHITE_TCP_OUT="http https 4662 1720" WHITE_UDP_FORWARD="" WHITE_UDP_IN="4672" WHITE_UDP_OUT="4672 3478 3479 5060" The following blocklists are configured to be used: http://list.iblocklist.com/?list=ijfqtofzixtwayqovmxn http://list.iblocklist.com/?list=ecqbsykllnadihkdirsh http://list.iblocklist.com/?list=jcjfaxgyyshvdbceroxf http://list.iblocklist.com/?list=lljggjrpmefcwqknpalp http://list.iblocklist.com/?list=pfefqteoxlfzopecdtyw http://list.iblocklist.com/?list=tbnuqfclfkemqivekikv http://list.iblocklist.com/?list=ewqglwibdgjttwttrinl http://list.iblocklist.com/?list=bt_level1 http://list.iblocklist.com/?list=bt_level2 http://list.iblocklist.com/?list=bt_level3 http://list.iblocklist.com/?list=bt_edu http://list.iblocklist.com/?list=bt_ads http://list.iblocklist.com/?list=bt_bogon http://list.iblocklist.com/?list=bt_spyware http://list.iblocklist.com/?list=bt_spider http://list.iblocklist.com/?list=bt_microsoft http://list.iblocklist.com/?list=bt_proxy http://list.iblocklist.com/?list=bt_hijacked http://list.iblocklist.com/?list=bt_dshield
Se avete capito tutto ora siete pronto per questo
ciao