Search:  
Gentoo Wiki

Moblock

Contents

Preface

MoBlock is a linux console application that blocks connections from/to hosts listed in a file in peerguardian format (guarding.p2p). It uses an iptables ipqueue userspace library and it is very light in resource usage (CPU, RAM).

This tutorial walks you through installing and configuring moblock using Gentoo packages in the sunrise overlay as well as the main portage tree.

Warning

Be careful if deploying MoBlock on a firewall. This method, on a NATing Firewall, could bring your internet connection down. Your mileage may vary, but it's probably best to deploy with caution.

Required Kernel Options

The following Kernel options are required. However, the current moblock ebuild will let you know if any of them that are missing, so you shouldn't have to scrutinize this too closely.

Warning: It is imperative that you disable the < > IP Userspace queueing via NETLINK (OBSOLETE) option, for ip_queue will interfere with moblock.
Linux Kernel Configuration: Required Options
   Networking  --->
      Networking options  --->
         [*] Network packet filtering framework (Netfilter)  ---> 
            Core Netfilter Configuration  --->
               <*> Netfilter netlink interface
               <*>   Netfilter NFQUEUE over NFNETLINK interface
               <*> Netfilter connection tracking support
               <*> Connection tracking netlink interface (EXPERIMENTAL)
               <*> Netfilter Xtables support (required for ip_tables)
               <M>   "NFQUEUE" target Support  
               <M>   "state" match support
            IP: Netfilter Configuration  --->  
               < > IP Userspace queueing via NETLINK (OBSOLETE)
               <*> IP tables support (required for filtering/masq/NAT)
               <M>   Packet filtering

Install

# Use layman to add the Project Sunrise overlay.
layman -a sunrise

# You may need to configure your kernel before the installation.
emerge -v moblock 

# Optionally add moblock-update to cron.
ln -s /usr/sbin/moblock-update /etc/cron.daily/moblock

# Optionally add MoBlock to the default runlevel.
rc-update add moblock default

Configuration

Edit /etc/conf.d/moblock and set your preferences. Mainly, you should select which blocklists you want. After this, moblock-update will be run when you first start MoBlock; this will download the latest blocklists you've selected and compile them into /var/db/moblock/guarding.p2p, which the MoBlock daemon will use.

If you want to see how MoBlock is doing, you can run /usr/sbin/moblock-stats.

See also

Retrieved from "http://www.gentoo-wiki.info/MoBlock"

Last modified: Sat, 06 Sep 2008 10:15:00 +0000 Hits: 4,953