Moblock disabilita gli aggiornamenti

[Ischia]

ciao,

ho installato moblock ma ora nonostante abbia abilitato il white_tcp_out http ed https non riesco più ad eseguire gli aggiornamenti di ubuntu: problema nella risoluzione del nome  :-\

qualcuno ha già riscontrato il problema e risolto?

ciao e grazie.

[Miguel77]

anche io uso moblock e non ho mai avuto problemi negli aggiornamenti.

• se disattivi moblock riesci ad aggiornare?
• i dns sono impostati correttamente?
• riesci a nevigare con un browser qualunque?

ciao

[Ischia]

emmm mea culpa!!!

sono due i punti in cui andare ad impostare il white_tcp_out  >:(

infatti manco navigavo ... ma non me ne ero avveduto visto che stavo lavorando da shell remota!

grazie!

[Miguel77]

veramente c'è solo un campo in cui impostare le porte da aprire per il white_tcp_out.
se hai risolto bene , comunque potresti postare per curiosità mia il tuo file di configurazione di moblock?
vorrei vedere quali sono i 2 punti

[Ischia]

eccoti qua il mio file di configurazione 

Codice: Seleziona tutto

# moblock.conf - configuration file for moblock-control

# This file is sourced by a shell script. Any line which starts with a # (hash)
# is a comment and is ignored. If you set the same variable several times,
# then only the last line will be used. You have to stop/restart/reload moblock
# if you change entries.

# Values from this file (moblock.conf) will be overwritten by moblock.default
# (/etc/default/moblock) if they are set there.
# THE DEBIAN (AND UBUNTU) PACKAGE CONFIGURATION SYSTEM DEBCONF AND THE
# GRAPHICAL INTERFACE MOBLOQUER STORE THE CONFIGURATION IN MOBLOCK.DEFAULT.
# It is strongly recommended that you make your changes in this file, too.

############################ General configuration ############################

# Set the format of the blocklists that you use. All your blocklists have to be
# in this format.
# d - eMule ipfilter.dat format
#     Example line:
#     001.000.000.000 , 001.255.255.255 , 100 , Some organization
# n - PeerGuardian .p2b v2 binary format
# p - PeerGuardian .p2p text format (default)
#     Example line:
#     Some organization:1.0.0.0-1.255.255.255
BLOCKLIST_FORMAT="p"

# Turn on/off MoBlock's logging to stdout (this isn't supported in
# moblock-control since moblock is started in the background)
# For moblock-control's output to STDOUT see the VERBOSITY setting below.
#LOG_STDOUT="0"

# Turn on/off timestamping in the logfile
# 0 - No timestamping
# 1 - Timestamping (default)
LOG_TIMESTAMP="1"

# Turn on/off the MoBlock daemon's logging to syslog
# 0 - Don't log to syslog (default)
# 1 - Log to syslog
LOG_SYSLOG="0"

# Iptables logging of blocked packets
# Set an iptables target for blocked packets. This will only work if marking
# matched (IP is in the blocklist) packets is on (i.e. REJECT="1").
# The iptables rules will be inserted directly before the iptables rule which
# decides what happens to "marked block" packets.
# Examples:
# "" (empty string): no rule will be inserted (default)
# "LOG --log-level info": blocked packets will be logged to syslog with "info"
#     log level. This allows to find out e.g. the port and to verify if a packet
#     is really blocked and not just "marked block".
LOG_IPTABLES=""

# Set the verbosity of moblock-control
# This only affects the output to STDOUT by moblock-control, cron and init.
# This does not affect logging or the output of the MoBlock daemon.
# 0 - Output to STDOUT is off (only errors will be reported)
# 1 - Output to STDOUT is on (default)
# 2 - Output to STDOUT is on, but no warning will be shown if an operation is
#     configured not to be executed.
VERBOSITY="1"

# Turn on/off automatic start
# Note: this tells the MoBlock init script from starting on "start". Therefore
# MoBlock will not be started at system boot. The same behaviour can be achieved
# by removing/tweaking the init file and the links pointing to it. You can do
# this manually or by using an application such as rcconf.
# 0 - Don´t start MoBlock at system boot
# 1 - Start MoBlock at system boot (default)
MOBLOCK_INIT="1"

# Turn on/off automatic blocklist update
# 0 - Don´t update the blocklists automatically
# 1 - Update the blocklists automatically (default)
MOBLOCK_CRON="1"

################## Settings for the iptables firewall rules ###################

# MoBlock checks traffic in userspace. Iptables rules decide which traffic gets
# there.

# Do a "moblock-control stop" before you change these iptables settings and a
# "moblock-control start" afterwards.

# The old variable IPTABLES_MODULES is obsolete since moblock-control
# 0.9~rc2-17. Now it is checked automatically if kernel modules need to be
# loaded.

# Set the iptables target for sending traffic to userspace.
# NFQUEUE - available since kernel version 2.6.13 (default)
# QUEUE   - (deprecated, you have to edit the Makefile and recompile MoBlock to
#           use this)
IPTABLES_TARGET="NFQUEUE"

# Set the NFQUEUE queue number.
# Valid queue numbers are 0 to 65535. The default value is 92.
NFQUEUE_NUMBER="92"

# Set how traffic is sent to MoBlock
# 0 - Don't set any iptables rules.
#     You or another script/firewall has to do this!
# 1 - Place MoBlock's iptables rules in separate iptables chains (moblock_in,
#     moblock_out and moblock_fw). (default)
# 2 - Only set custom iptables rules (/etc/moblock/iptables-custom-insert.sh
#     and iptables-custom-remove.sh)
IPTABLES_SETTINGS="1"

# Activate MoBlock's iptables chains?
# This section works only for IPTABLES_SETTINGS="1"
# 0 - Do nothing. You or another script/firewall has to do this!
# 1 - Send all NEW traffic to MoBlock's iptables chains (moblock_in,
#     moblock_out and moblock_fw). These iptables rules are inserted at the head
#     of the chains INPUT, OUTPUT and FORWARD. It is absolutely safe to only
#     check NEW traffic. (default)
# 2 - Send all traffic to MoBlock's iptables chains (moblock_in, moblock_out and
#     moblock_fw). These iptables rules are inserted at the head of the chains
#     INPUT, OUTPUT and FORWARD. Checking all (not only NEW) traffic might cause
#     problems because MoBlock has to check much more traffic then. Further
#     whitelisting gets more complicated, since you have to think of both
#     directions, incoming and outgoing. Only do this, if you are sure that you
#     want to.
IPTABLES_ACTIVATION="1"

# Set what happens to matched (IP is in the blocklist) packets.
# 0 - DROP them directly (as in MoBlock 0.8).
# 1 - MARK them. Further iptables rules decide what happens to them. E.g. this
#     allows to REJECT packets to avoid the long timeout which occurs when
#     packets are DROPped, see below. This setting is also necessary for
#     iptables logging to syslog, see above. (default)
REJECT="1"

# Set the corresponding MARK
REJECT_MARK="10"

# Set the iptables target for "marked block" packets.
# This section works only for IPTABLES_ACTIVATION="1"
# REJECT_IN is useless for the unpatched MoBlock source (0.8 and 0.9RC2), since
# there matched incoming packets are dropped directly. So the DROP rule in
# the iptables chain moblock_in will never be met.
# Valid values are all iptables targets. Be careful: senseless values are also
# accepted.
# REJECT: The sender of the packet is notified that the packet was blocked.
# DROP: The sender of the packet is not notified that the packet was blocked.
REJECT_IN="DROP"
REJECT_OUT="REJECT"
REJECT_FW="DROP"

# Set what happens to non-matched (IP is not in the blocklist) packets.
# 0 - ACCEPT them directly (as in MoBlock 0.8)
# 1 - MARK them. MoBlock will then ignore them. This allows integration with
#     other firewalls. (default)
ACCEPT="1"

# Set the corresponding MARK
ACCEPT_MARK="20"

# Set the iptables target for whitelisting packets.
# Valid values are all iptables targets. Be careful: senseless values are also
# accepted.
# ACCEPT: The packets are accepted directly.
# RETURN: Further iptables rules decide what happens to the packets. MoBlock
# will ignore them. This allows integration with other firewalls. (default)
IPTABLES_TARGET_WHITELISTING="RETURN"

# Whitelist local traffic
# 0 - Do nothing.
# 1 - Automatically whitelist LAN traffic and traffic on the loopback device.
#     (default)
# 2 - Whitelist the loopback device (same as obsolete setting LOOPBACK="1").
WHITE_LOCAL="1"

############################### Whitelist ports ###############################

# Whitelist ports by port number or with the associated service name. Port
# ranges are specified in the format "port:port". Up to 15 ports can be
# specified. A port range (port:port) counts as two ports.
# Seperate several entries with whitespace (" "). Be careful: senseless values
# are also accepted.
#
# Common ports:
#   80 - http
#  443 - https
#   22 - ssh
#
# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_TCP_IN="http"
WHITE_UDP_IN=""
WHITE_TCP_OUT="http https 80 443"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""
# This is an example to whitelist outgoing web traffic:
# WHITE_TCP_OUT="http https"
# This is an example to whitelist the port range 1000-1024:
# WHITE_TCP_OUT="1000:1024"


################################ Whitelist IPs ################################

# New in version 0.9~rc2-12:
# You can specify IP ranges that shall not be checked by MoBlock in a separate
# file. Per default this is /etc/moblock/allow.p2p. See the ALLOW_[IN|OUT|FW]
# settings below if you want to use different allowlists for incoming, outgoing
# and forwarded traffic.

# Whitelist either a network name, a hostname (please note that specifying any
# name to be resolved with a remote query such as DNS is a really bad idea), a
# network IP address (with /mask), or a plain IP address.
# (using iptables with the target IPTABLES_TARGET_WHITELISTING)
# The mask can be either a network mask or a plain number, specifying the number
# of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
# to 255.255.255.0.
# Seperate several entries with whitespace (" ")
# This section works only for IPTABLES_SETTINGS="1"
# Do a "moblock-control restart" when you have changed these settings.

WHITE_IP_IN=""
WHITE_IP_OUT="http https"
WHITE_IP_FORWARD=""

###################### Remove lines from the blocklist ########################

# Remove lines from the blocklist matching the specified pattern (the search
# pattern is case-insensitive).
# Seperate patterns with a semicolon ";". Be careful: senseless values are also
# accepted.
# Warning for beginners: If you want to whitelist a special IP then use the
# allowlist. If you specify an IP here you will most likely fail.
#
# Do a "moblock-control reload" when you have changed these settings.

IP_REMOVE="it.archive.ubuntu.com"
# This is an example to remove all lines from the blocklist which contain one
# of the words "google", "yahoo", "altavista", "debian" or "sourceforge":
# IP_REMOVE="google;yahoo;altavista;debian;sourceforge"

############################## General settings ###############################

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

# The name of the application: moblock or nfblockd.
# Don't set this in moblock.default because most paths are set depending
# on the NAME variable before moblock.default is loaded
NAME="moblock"

# The path of the moblock binary (for nfblockd /usr/sbin/nfblockd will be chosen
# automatically):
DAEMON="/usr/bin/$NAME"

# The path of the moblock-control script
CONTROL_SCRIPT="/usr/bin/$NAME-control"

# The path of the configuration files' directory. Because others variables
# depend on this you have to set this here, not in moblock.default.
CONF_DIR="/etc/$NAME"

# The path of moblock.default
CONTROL_DEFAULT="/etc/default/$NAME"

# The path of the master blocklist directory
MASTER_BLOCKLIST_DIR="/etc/$NAME"

# The path of the directory where the blocklists are downloaded to
BLOCKLISTS_DIR="/var/spool/$NAME"

# The path of the directory where completely downloaded blocklists are copied to
BLOCKLISTS_DIR_USED="$BLOCKLISTS_DIR/used"

# The path of blocklists.list
BLOCKLISTS_LIST="$CONF_DIR/blocklists.list"

# The path to the allow lists
# Note that per default the same allow list is used for all (in, out and
# forwarded) connections.
# The path to the allow list for incoming connections
ALLOW_IN="$CONF_DIR/allow.p2p"
# The path to the allow list for outgoing connections
ALLOW_OUT="$CONF_DIR/allow.p2p"
# The path to the allow list for forwarded connections
ALLOW_FW="$CONF_DIR/allow.p2p"

# The path of iptables-custom-insert.sh
IPTABLES_CUSTOM_INSERT="$CONF_DIR/iptables-custom-insert.sh"

# The path of iptables-custom-remove.sh
IPTABLES_CUSTOM_DELETE="$CONF_DIR/iptables-custom-remove.sh"

# The path of the logfiles' directory and the logfiles
LOG_DIR="/var/log"
DAEMON_LOG="$LOG_DIR/$NAME.log"
CONTROL_LOG="$LOG_DIR/$NAME-control.log"

# The daemon's stat file
STATFILE="/var/log/MoBlock.stats"

# The path of moblock's pid file
PIDFILE="/var/run/$NAME.pid"

# The path of the lsb init functions
LSB="/lib/lsb/init-functions"

# Before updating the blocklists check if this host is reachable
TESTHOST="iblocklist.com"

# Full LSB compatibility
# moblock-control was created to run with every LSB 3.1 compatible system. You
# need a file /lib/lsb/init-functions. If your distribution misses this file
# you can download one based on the Debian version from
# moblock-deb.sourceforge.net.
# 0 - Debian compatible system (uses start-stop-daemon instead of start_daemon)
#     (default)
# 1 - LSB 3.1 but not Debian compatible system
LSB_MODE="0"

[Miguel77]

come pensavo:

la riga

Codice: Seleziona tutto

# WHITE_TCP_OUT="http https"

é un commento, infatti inizia per # e dunque non viene interpretata.

la riga che viene letta da moblock è questa:

Codice: Seleziona tutto

WHITE_TCP_OUT="http https 80 443"

puoi anche cancellare i valori 80 e 443, perché hai già inserito http e https.

ciao

[Ryo Saeba]

    Ciao Ischia,

Perchè non usi Mobloquer una comoda interfaccia grafica per Moblock

http://guide.debianizzati.org/index.php/Moblock_-_mobloquer

[Ischia]

ho letto dell'interfaccia ... ma il fatto è che io lavoro principale via shell su questo computer. In più da ciò che ho letto in giro sembra che sia anche abbastanza pensante l'interfaccia ed il mio pc già fa fatica di suo 

grazie comunque
Ischia.

[Miguel77]

mobloquer non si avvia in automatico, puoi usarla per attivare i parametri che vuoi e poi non la avii piu'.
comunque il range delle impostazioni che puoi settare è limitato, ad esempio se vuoi aprire delle porte non standard (es io per mt-daap ho dovuto aprire la porta di avahi) devi farlo tramite file di configurazione.

ciao