blockcontrol, previously moblock-control - Page 7

		Phoenix Labs > Projects > PeerGuardian Linux
blockcontrol, previously moblock-control

FAQ

Page 7 of 7

« First

Thread Tools

Display Modes


08-13-2009, 01:37 PM	#61
jre Senior Member Join Date: Sep 2005 Posts: 588	Re: blockcontrol, previously moblock-control Yes, the pidof is the problem. But I´m afraid that killall5 has another behaviour then pidof. Please post this: Code: pidof -o %PPID -x /usr/bin/moblock echo $? If this returns the pid (4 digits) of moblock and a "0" (in case moblock is running), or no pid, but just a "1" (if moblock is not running), then it works. In that case you can quick fix the path issue by creating a symlink to /bin/pidof Code: sudo ln -s /sbin/pidof /bin I´ve got a solution here ready for that problem (blockcontrol now searches the whole PATH for pidof). But if it doesn´t work remove the symlink again and edit your /usr/lib/blockcontrol/blockcontrol.lib and add the fat code: Code: pidofproc () { [...] if [ -x "$1" ] ; then return 3 # (assume) daemon is not running fi return 4 # Unable to determine status } Please post your logfile and the output of the code (blockcontrol start/stop, status, ps, ls) again. __________________ Code: Please post your logfiles and output of commands wrapped in [ CODE ] tags. You find them in the advanced editing mode: # Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages. Author of blockcontrol, previously moblock-control.


08-13-2009, 07:54 PM	#62
Torquewrench Member Join Date: Mar 2009 Country: Posts: 22	Re: blockcontrol, previously moblock-control Seems like we're getting somewhere: Code: root@wigdor:~# pidof -o %PPID -x /usr/bin/moblock root@wigdor:~# echo $? 1 root@wigdor:~# ln -s /sbin/pidof /bin root@wigdor:~# root@wigdor:~# blockcontrol stop Stopping IP block daemon: moblock. root@wigdor:~# blockcontrol status Current IPv4 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 38 packets, 2749 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 24 packets, 2272 bytes) pkts bytes target prot opt in out source destination Current IPv6 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Please check if the above printed iptables rules are correct! moblock is not running failed! blockcontrol.wd is not running failed! root@wigdor:~# ps aux\|grep blockcontrol root 2913 0.0 0.0 2084 632 pts/0 R+ 16:52 0:00 grep blockcontrol root@wigdor:~# ls -l /var/run/block /bin/ls: cannot access /var/run/block: No such file or directory root@wigdor:~# blockcontrol start Starting IP block daemon: moblock. root@wigdor:~# blockcontrol status Current IPv4 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 214 packets, 14691 bytes) pkts bytes target prot opt in out source destination 0 0 blockcontrol_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 blockcontrol_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain OUTPUT (policy ACCEPT 142 packets, 14536 bytes) pkts bytes target prot opt in out source destination 2 200 blockcontrol_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14 Chain blockcontrol_fw (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.1 0 0 RETURN all -- * * 192.168.1.0/24 192.168.1.0/24 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_in (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * * 192.168.1.0/24 0.0.0.0/0 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.1.2-192.168.1.255 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain blockcontrol_out (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable 0 0 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.1 2 200 RETURN all -- * * 0.0.0.0/0 192.168.1.0/24 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 192.168.1.2-192.168.1.255 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Current IPv6 iptables rules (this may take a while): Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Please check if the above printed iptables rules are correct! moblock is running. PID: 3049 CMD: /usr/bin/moblock -p /var/lib/blockcontrol/guarding.p2p -q 92 -t -r 10 -a 20 /var/log/moblock.log blockcontrol.wd is running. PID: 3057 CMD: /bin/sh /usr/bin/blockcontrol.wd root@wigdor:~# ps aux\|grep blockcontrol root 3049 64.7 5.3 56260 55304 pts/0 S 16:52 0:14 /usr/bin/moblock -p /var/lib/blockcontrol/guarding.p2p -q 92 -t -r 10 -a 20 /var/log/moblock.log root 3057 0.0 0.1 3404 1956 pts/0 S 16:52 0:00 /bin/sh /usr/bin/blockcontrol.wd root 3122 0.0 0.0 2084 632 pts/0 R+ 16:53 0:00 grep blockcontrol root@wigdor:~# ls -l /var/run/block -rw-r--r-- 1 root root 5 2009-08-13 16:52 /var/run/blockcontrol.wd.pid -rw-r--r-- 1 root root 5 2009-08-13 16:52 /var/run/moblock.pid root@wigdor:~# blockcontrol test Testing moblock: CAUTION: This is just a simple test to check if moblock blocks outgoing connections. For this, an IP from the blocklist will be pinged. Then the test checks if this IP appears in the logfile /var/log/moblock.log. moblock marks packets to be blocked. This means you have to make sure that the marked packets are also blocked later (with appropriate iptables rules). If you are using the default configuration and moblock is started after other firewalls this will be the case. This test does not check if you have sane iptables rules or if your complete blocklist is in the correct format. Therefore success doesn't imply that everything is working as you expect it. Also have a look at "blockcontrol status" and test manually with traceroute. Trying to ping 4.2.176.95 from /var/lib/blockcontrol/guarding.p2p ... moblock marked the IP to be blocked and the IP did not answer.. Test succeeded.. Am I there?

08-14-2009, 10:16 AM

#63

jre

Senior Member

Join Date: Sep 2005

Posts: 588

Re: blockcontrol, previously moblock-control

Quote:

Originally Posted by Torquewrench

Am I there?

Yes

I´ll release a new blockcontrol soon, which will fit for you, too. I still need to fix the error message about "kill" in blockcontrol.log

__________________

Code:

Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #

Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.


08-20-2009, 03:49 PM	#64
jre Senior Member Join Date: Sep 2005 Posts: 588	Re: blockcontrol, previously moblock-control done __________________ Code: Please post your logfiles and output of commands wrapped in [ CODE ] tags. You find them in the advanced editing mode: # Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages. Author of blockcontrol, previously moblock-control.


08-20-2009, 08:36 PM	#65
Torquewrench Member Join Date: Mar 2009 Country: Posts: 22	Re: blockcontrol, previously moblock-control I'll try it out when I get home and let you know how it goes. Thanks!


11-07-2009, 09:25 PM	#66
Torquewrench Member Join Date: Mar 2009 Country: Posts: 22	Re: blockcontrol, previously moblock-control jre, Well it worked beautifully all those months ago, now I have to build a new server and I'm trying to replicate the install. Did you incorporate the changes you made to the file above into 1.6.9 or current, or should I use the one above? Thanks, Phil/TW


11-08-2009, 08:31 AM	#67
jre Senior Member Join Date: Sep 2005 Posts: 588	Re: blockcontrol, previously moblock-control Huh, what have I done the last months? One never knows ;-> But after looking over the thread, I´m quite sure that I have done everything to fix your issues. So go with the current version. __________________ Code: Please post your logfiles and output of commands wrapped in [ CODE ] tags. You find them in the advanced editing mode: # Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages. Author of blockcontrol, previously moblock-control.

Page 7 of 7

« First

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Forum Jump

All times are GMT -5. The time now is 10:29 PM.