moblock-deb provides packages related to IP blocking software,
similar to PeerGuardian: In order to protect your privacy internet
traffic is blocked based on large lists of IP address ranges. The
packages are PeerGuardian Linux (pgl), and its precessors moblock,
blockcontrol and mobloquer. This site offers Debian packages for the
current Debian and Ubuntu distributions. pgl is available starting with Debian 6.0 squeeze and Ubuntu 10.04 lucid.
pgld and MoBlock are IP block daemons, which do the actual blocking. pglcmd and blockcontrol are utilities, designed to do all tasks related to the daemons. pgl-gui and mobloquer are GUI.
WARNING: IP blockers may block your complete network/internet access! Using too many and/or inappropriate lists may seriously degrade your internet service.
The software starts automatically at system boot per default. Some preconfigured blocklists are updated once a day. Be warned: this will not only block many unwanted IPs, but in most cases this will result in a limited network availability. This includes your own LAN and router, many webpages, services like eMail, instant messaging or the “weather applet” and your machine’s accessibility from the internet.
There are many configuration options to prevent this. E.g. the default is to always allow (whitelist) LAN traffic, DNS server and loopback device. If you are on a public LAN, you probably want to disable this feature.
WARNING: Users with firewall (iptables rules)
The IPblockers don’t conflict with other firewalls (iptables rules). But if you use them, you have to take special care to avoid severe conflicts. Make sure the following three conditions hold:
The IPblocker marks non-matched (IP is not in the blocklist) packets. (The marking feature is on per default.)
Other firewalls do not mark packets.
The IPblocker is started after other firewalls. If other firewalls are started/reloaded after the IPblocker, then you need to restart it again. You will be fine, if the iptables rules which send traffic to the iptables chains (pgl_in, pgl_fwd and pgl_out) stand before all other iptables rules which ACCEPT traffic. To help you achieve this, a watchdog restarts the IPblocker if it detects any problems. But a manual restart is still recommended, whenever another application changed the iptables setup.
Features
pglcmd and blockcontrol have the following features:
[Debian and Ubuntu 8.04 hardy] Tell your system about the packages (step 1):
Add these entries to /etc/apt/sources.list:
Debian 5.0 lenny:
deb http://moblock-deb.sourceforge.net/debian lenny main
deb-src http://moblock-deb.sourceforge.net/debian lenny main
Debian 6.0 squeeze:
deb http://moblock-deb.sourceforge.net/debian squeeze main
deb-src http://moblock-deb.sourceforge.net/debian squeeze main
Debian 7.0 wheezy:
deb http://moblock-deb.sourceforge.net/debian wheezy main
deb-src http://moblock-deb.sourceforge.net/debian wheezy main
Debian sid (unstable):
deb http://moblock-deb.sourceforge.net/debian sid main
deb-src http://moblock-deb.sourceforge.net/debian sid main
Ubuntu 8.04 hardy:
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu hardy main
deb http://archive.ubuntu.com/ubuntu hardy main universe
Add my gpg key to the apt keyring
Debian
I sign the packages here at moblock-deb with my gpg key. To verify the integrity of the packages you have to add my gpg key to the apt keyring. (Otherwise your package manager will warn you about UNTRUSTED sources. By adding the gpg key, you tell your package manager that you trust me.) My old gpg keys 9072870B and 58712F29 expired, use the new one C0145138 instead:
gpg —keyserver keyserver.ubuntu.com —recv-keys C0145138
gpg —export —armor C0145138 | sudo apt-key add -
Ubuntu
I sign the source packages that I upload to ppa.launchpad.net. There the packages are built and then signed with another GPG key (both happens outside of my control). So if you trust me and launchpad you have to use this:
gpg —keyserver keyserver.ubuntu.com —recv 9C0042C8
gpg —export —armor 9C0042C8 | sudo apt-key add -
[Ubuntu] Tell your system about the packages (step 1):
Ubuntu 10.04 lucid, Ubuntu 10.10 maverick, Ubuntu 11.04 Natty and Ubuntu 11.10 Oneiric :
sudo add-apt-repository ppa:jre-phoenix/ppa
If your package manager complains about missing dependencies (libnetfilter-queue and libnfnetlink), you need to add the “universe” section entry to /etc/apt/sources.list (replace YOURDIST with lucid, maverick, natty or oneiric):
deb http://archive.ubuntu.com/ubuntu YOURDIST main universe
[Debian and Ubuntu] Tell your system about the packages (step 2):
Run this command (on command line) to update the list of available packages:
sudo apt-get update
[Debian and Ubuntu] Install it:
Either from within your package manager or from the command line:
sudo apt-get install moblock blockcontrol mobloquer
If you don’t need a GUI you should install pgl instead:
sudo apt-get install pgld pglcmd
(Source)
pgld and MoBlock are IP block daemons, which do the actual blocking. pglcmd and blockcontrol are utilities, designed to do all tasks related to the daemons. pgl-gui and mobloquer are GUI.
WARNING: IP blockers may block your complete network/internet access! Using too many and/or inappropriate lists may seriously degrade your internet service.
The software starts automatically at system boot per default. Some preconfigured blocklists are updated once a day. Be warned: this will not only block many unwanted IPs, but in most cases this will result in a limited network availability. This includes your own LAN and router, many webpages, services like eMail, instant messaging or the “weather applet” and your machine’s accessibility from the internet.
There are many configuration options to prevent this. E.g. the default is to always allow (whitelist) LAN traffic, DNS server and loopback device. If you are on a public LAN, you probably want to disable this feature.
WARNING: Users with firewall (iptables rules)
The IPblockers don’t conflict with other firewalls (iptables rules). But if you use them, you have to take special care to avoid severe conflicts. Make sure the following three conditions hold:
The IPblocker marks non-matched (IP is not in the blocklist) packets. (The marking feature is on per default.)
Other firewalls do not mark packets.
The IPblocker is started after other firewalls. If other firewalls are started/reloaded after the IPblocker, then you need to restart it again. You will be fine, if the iptables rules which send traffic to the iptables chains (pgl_in, pgl_fwd and pgl_out) stand before all other iptables rules which ACCEPT traffic. To help you achieve this, a watchdog restarts the IPblocker if it detects any problems. But a manual restart is still recommended, whenever another application changed the iptables setup.
Features
pglcmd and blockcontrol have the following features:
- Start and stop IP block daemon. Or let init do this automatically.
- Update your blocklist from online sources and local blocklists. Or let cron do this automatically on a regular basis.
- Remove lines by keyword from the blocklists.
- Handle your iptables rules: use a default setup, easily allow all traffic on specific ports and use an allow list, or add your own sophisticated iptables rules.
- Allow all LAN traffic and the DNS server automatically. If you are on a public LAN, you probably want to disable this feature.
- Check the status and test the IP block daemon.
- A watchdog monitors the IP block daemon and restarts if necessary.
- Detects if kernel modules are needed and loads them if necessary.
- Set verbosity and logging options.
- Provides LSB 3.1 compatible init script.
- Daily rotation of the logfiles.
[Debian and Ubuntu 8.04 hardy] Tell your system about the packages (step 1):
Add these entries to /etc/apt/sources.list:
Debian 5.0 lenny:
deb http://moblock-deb.sourceforge.net/debian lenny main
deb-src http://moblock-deb.sourceforge.net/debian lenny main
Debian 6.0 squeeze:
deb http://moblock-deb.sourceforge.net/debian squeeze main
deb-src http://moblock-deb.sourceforge.net/debian squeeze main
Debian 7.0 wheezy:
deb http://moblock-deb.sourceforge.net/debian wheezy main
deb-src http://moblock-deb.sourceforge.net/debian wheezy main
Debian sid (unstable):
deb http://moblock-deb.sourceforge.net/debian sid main
deb-src http://moblock-deb.sourceforge.net/debian sid main
Ubuntu 8.04 hardy:
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu hardy main
deb http://archive.ubuntu.com/ubuntu hardy main universe
Add my gpg key to the apt keyring
Debian
I sign the packages here at moblock-deb with my gpg key. To verify the integrity of the packages you have to add my gpg key to the apt keyring. (Otherwise your package manager will warn you about UNTRUSTED sources. By adding the gpg key, you tell your package manager that you trust me.) My old gpg keys 9072870B and 58712F29 expired, use the new one C0145138 instead:
gpg —keyserver keyserver.ubuntu.com —recv-keys C0145138
gpg —export —armor C0145138 | sudo apt-key add -
Ubuntu
I sign the source packages that I upload to ppa.launchpad.net. There the packages are built and then signed with another GPG key (both happens outside of my control). So if you trust me and launchpad you have to use this:
gpg —keyserver keyserver.ubuntu.com —recv 9C0042C8
gpg —export —armor 9C0042C8 | sudo apt-key add -
[Ubuntu] Tell your system about the packages (step 1):
Ubuntu 10.04 lucid, Ubuntu 10.10 maverick, Ubuntu 11.04 Natty and Ubuntu 11.10 Oneiric :
sudo add-apt-repository ppa:jre-phoenix/ppa
If your package manager complains about missing dependencies (libnetfilter-queue and libnfnetlink), you need to add the “universe” section entry to /etc/apt/sources.list (replace YOURDIST with lucid, maverick, natty or oneiric):
deb http://archive.ubuntu.com/ubuntu YOURDIST main universe
[Debian and Ubuntu] Tell your system about the packages (step 2):
Run this command (on command line) to update the list of available packages:
sudo apt-get update
[Debian and Ubuntu] Install it:
Either from within your package manager or from the command line:
sudo apt-get install moblock blockcontrol mobloquer
If you don’t need a GUI you should install pgl instead:
sudo apt-get install pgld pglcmd
(Source)