Pubblicato il di Erode

Moblock da konsole è più bello !

Stavo armeggiando con la konsole , quando mi trovo davanti

barabba:/# blockcontrol -h
Usage: blockcontrol OPTION
Options:
        start
        stop
        restart
        reload
        update
        status
        test
        stats
        reset_stats
        show_config
        search

ho cominciato subito a provare i comandi , e devo dire che sono molto più eleganti , pratici e efficaci di mobloquer , ovvero la GUI di moblock .

vi mostrerè l’output di alcuni :

Cominciamo con il fermare moblock

barabba:/# blockcontrol stop
Stopping MoBlock: moblock.

Ora  avviamo il servizio

barabba:/# blockcontrol start
Starting MoBlock: moblock.

riavviamo  moblock

barabba:/# blockcontrol restart
Restarting MoBlock: moblock.

Ricarichiamo la lista dei fitri

barabba:/# blockcontrol reload
Reloading MoBlock: moblock.

Passiamo ora ad aggiornare le nostre liste di IP

barabba:/# blockcontrol update
Updating blocklists and reloading MoBlock: moblock.
The following lists were updated:
 TBG_Educational_Institutions (last modified: 2009-04-24 09:00)
 Bluetack_level2 (last modified: 2009-04-24 09:00)
 Bluetack_level3 (last modified: 2009-04-24 09:00)
For the following lists there was no update available:
 TBG_Primary_Threats (last modified: 2009-04-24 06:00)
 TBG_General_Corporate_Ranges (last modified: 2009-04-24 09:00)
 TBG_Business_ISPs (last modified: 2009-04-24 09:00)
 TBG_Search_Engines (last modified: 2009-04-24 04:30)
 TBG_Hijacked (last modified: 2009-04-24 04:30)
 TBG_Bogon (last modified: 2009-04-24 04:30)
 Bluetack_level1 (last modified: 2009-04-24 06:00)
 Bluetack_edu (last modified: 2009-04-24 06:00)
 Bluetack_ads (last modified: 2009-04-24 04:30)
 Bluetack_bogon (last modified: 2009-04-24 04:30)
 Bluetack_spyware (last modified: 2009-04-24 04:30)
 Bluetack_spider (last modified: 2009-04-24 04:30)
 Bluetack_Microsoft (last modified: 2009-04-24 04:30)
 Bluetack_proxy (last modified: 2009-04-24 04:30)
 Bluetack_hijacked (last modified: 2009-04-24 04:30)
 Bluetack_dshield (last modified: 2009-04-24 04:30)

Il comando che viene adesso è tra i più chiari

barabba:/# blockcontrol status
Current IPv4 iptables rules (this may take a while):

Chain INPUT (policy ACCEPT 181K packets, 254M bytes)
 pkts bytes target     prot opt in     out     source               destination
    3    85 blockcontrol_in  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 blockcontrol_fw  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14

Chain OUTPUT (policy ACCEPT 79559 packets, 6307K bytes)
 pkts bytes target     prot opt in     out     source               destination
  130  8759 blockcontrol_out  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW mark match !0x14

Chain blockcontrol_fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0xa
    0     0 RETURN     all  --  *      *       0.0.0.0/0            208.67.222.222
    0     0 RETURN     all  --  *      *       0.0.0.0/0            208.67.220.220
    0     0 RETURN     all  --  *      *       0.0.0.0/0            81.174.67.134
    0     0 RETURN     all  --  *      *       0.0.0.0/0            87.118.111.215
    0     0 RETURN     all  --  *      *       192.168.1.0/24       192.168.1.0/24
    0     0 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

Chain blockcontrol_in (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0xa
    1    29 RETURN     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    2    56 RETURN     all  --  *      *       192.168.1.0/24       0.0.0.0/0
    0     0 RETURN     all  --  *      *       86.64.162.35         0.0.0.0/0
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:4672
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4662
    0     0 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

Chain blockcontrol_out (1 references)
 pkts bytes target     prot opt in     out     source               destination
   21  1542 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0xa reject-with icmp-port-unreachable
    0     0 RETURN     all  --  *      *       0.0.0.0/0            208.67.222.222
    0     0 RETURN     all  --  *      *       0.0.0.0/0            208.67.220.220
    0     0 RETURN     all  --  *      *       0.0.0.0/0            81.174.67.134
   11   714 RETURN     all  --  *      *       0.0.0.0/0            87.118.111.215
    1    29 RETURN     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    3   180 RETURN     all  --  *      *       0.0.0.0/0            192.168.1.0/24
    0     0 RETURN     all  --  *      *       0.0.0.0/0            74.220.215.89
    0     0 RETURN     all  --  *      *       0.0.0.0/0            86.64.162.35
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5060
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3479
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3478
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:4672
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1720
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4662
    4   240 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    5   300 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
   85  5754 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0           NFQUEUE num 92

Current IPv6 iptables rules (this may take a while):

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Please check if the above printed iptables rules are correct!

moblock is running.

Mentre il comando test ci fa sentire più sicuri

barabba:/# blockcontrol test
Testing MoBlock:

CAUTION: This is just a simple test to check if MoBlock blocks outgoing
connections. For this, an IP from the blocklist will be pinged. Then the test
checks if this IP appears in the logfile /var/log/moblock.log.

MoBlock marks packets to be blocked. This means you have to make sure that the
marked packets are also blocked later (with appropriate iptables rules). If you
are using the default configuration and MoBlock is started after other firewalls
this will be the case.

This test does not check if you have sane iptables rules or if your complete
blocklist is in the correct format. Therefore success doesn't imply that
everything is working as you expect it.

Also have a look at "blockcontrol status" and test manually with traceroute.

Trying to ping 4.17.157.255 from /var/lib/blockcontrol/guarding.p2p ...
MoBlock marked the IP to be blocked and the IP did not answer..
Test succeeded..

Se vogliamo vedere cosa ha filtrato moblock passiamo il comando seguente

barabba:/# blockcontrol stats
Dumping stats...
----------------------------------------
Sat Apr 25 00:10:50 2009
 MoBlock Stats

   University of Iowa - 3 hits
   Enterprise Customers cablemodem - 3 hits
   CAT Telecom public company Ltd - 3 hits
   University of Michigan - 3 hits
   SURIS/RHnet Iceland University Research Network - 3 hits
   Videotron Telecom Ltee - 3 hits
   Proxad Static DSL - 3 hits
   Level 3 Communications - 1 hits
   TDC Internet Hosting - 2 hits
   UPC Austria GmbH - 2 hits
----------------------------------------

Se vogliamo resettare le stats che non verranno comunque cancellate

barabba:/# blockcontrol reset_stats
Dumping stats to /var/log/MoBlock.stats...
----------------------------------------

Come ultimo vi lascio la mia configurazione

barabba:/# blockcontrol show_config
blockcontrol current settings:
ACCEPT="1"
ACCEPT_MARK="20"
ALLOW_FW=""
ALLOW_IN="/etc/blockcontrol/allow.p2p"
ALLOW_OUT="/etc/blockcontrol/allow.p2p"
BLOCKLIST_FORMAT="p"
BLOCKLISTS_DIR="/var/spool/blockcontrol"
BLOCKLISTS_LIST="/etc/blockcontrol/blocklists.list"
CONTROL_CONF="/etc/blockcontrol/blockcontrol.conf"
CONTROL_LIB="/usr/lib/blockcontrol/blockcontrol.lib"
CONTROL_LOG="/var/log/blockcontrol.log"
CONTROL_NAME="blockcontrol"
CONTROL_SCRIPT="/usr/bin/blockcontrol"
CRON="1"
CRON_MAILTO="root"
DAEMON="/usr/bin/moblock"
DAEMON_LOG="/var/log/moblock.log"
DESC="MoBlock"
E_BADARGS="2"
E_BLOCKLIST="9"
E_CONFIG="6"
E_IPTABLES="8"
E_NETWORK_DOWN="171"
E_NOTROOT="4"
E_XBIN="5"
E_XCD="66"
E_XEXTERNAL="170"
E_XFILE="7"
INIT="1"
IP_REMOVE=""
IPTABLES_ACTIVATION="1"
IPTABLES_CUSTOM_DELETE="/etc/blockcontrol/iptables-custom-remove.sh"
IPTABLES_CUSTOM_INSERT="/etc/blockcontrol/iptables-custom-insert.sh"
IPTABLES_SETTINGS="1"
IPTABLES_TARGET="NFQUEUE"
IPTABLES_TARGET_WHITELISTING="RETURN"
LOG_IPTABLES=""
LOG_SYSLOG="0"
LOG_TIMESTAMP="1"
LSB="/lib/lsb/init-functions"
LSB_MODE="0"
MASTER_BLOCKLIST_DIR="/var/lib/blockcontrol"
MD5SUM_FILE="/var/spool/blockcontrol/MD5SUM"
NAME="moblock"
NFQUEUE_NUMBER="92"
PATH="/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
PIDFILE="/var/run/moblock.pid"
REJECT="1"
REJECT_FW="DROP"
REJECT_IN="DROP"
REJECT_MARK="10"
REJECT_OUT="REJECT"
STATFILE="/var/log/MoBlock.stats"
STDIFS=" "
TESTHOST="iblocklist.com"
VERBOSITY="1"
WGET_OPTS="wget -q -t 5 -T 120 -w 5"
WHITE_IP_FORWARD=""
WHITE_IP_IN=""
WHITE_IP_OUT=""
WHITE_LOCAL="1"
WHITE_TCP_FORWARD=""
WHITE_TCP_IN="4662"
WHITE_TCP_OUT="http https 4662 1720"
WHITE_UDP_FORWARD=""
WHITE_UDP_IN="4672"
WHITE_UDP_OUT="4672 3478 3479 5060"

The following blocklists are configured to be used:
http://list.iblocklist.com/?list=ijfqtofzixtwayqovmxn
http://list.iblocklist.com/?list=ecqbsykllnadihkdirsh
http://list.iblocklist.com/?list=jcjfaxgyyshvdbceroxf
http://list.iblocklist.com/?list=lljggjrpmefcwqknpalp
http://list.iblocklist.com/?list=pfefqteoxlfzopecdtyw
http://list.iblocklist.com/?list=tbnuqfclfkemqivekikv
http://list.iblocklist.com/?list=ewqglwibdgjttwttrinl
http://list.iblocklist.com/?list=bt_level1
http://list.iblocklist.com/?list=bt_level2
http://list.iblocklist.com/?list=bt_level3
http://list.iblocklist.com/?list=bt_edu
http://list.iblocklist.com/?list=bt_ads
http://list.iblocklist.com/?list=bt_bogon
http://list.iblocklist.com/?list=bt_spyware
http://list.iblocklist.com/?list=bt_spider
http://list.iblocklist.com/?list=bt_microsoft
http://list.iblocklist.com/?list=bt_proxy
http://list.iblocklist.com/?list=bt_hijacked
http://list.iblocklist.com/?list=bt_dshield

Se avete capito tutto ora siete pronto per questo

2matti

ciao

Rispondi

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.