Welcome !

logfile screenshot

MoBlock, like PeerGuardian, is an application that blocks internet traffic based on large lists of IP address ranges in order to protect your privacy. This site provides Debian packages of MoBlock for Debian (etch, lenny and sid) and Ubuntu (feisty, gutsy, hardy).

For these packages moblock-control was developed which is designed to do all tasks related to MoBlock. moblock-control is also available separately for all Linux distributions.

mobloquer is a GUI for MoBlock. Packages are available for Debian lenny and sid and Ubuntu gutsy and hardy.

WARNING: Users with firewall (iptables rules)

Since version 0.9, MoBlock no longer conflicts with other firewalls. Make sure the following three conditions hold:

  • MoBlock marks non-matched (IP is not in the blocklist) packets (this is the default).
  • Other firewalls do not mark packets.
  • MoBlock is started after other firewalls.
If other firewalls are started/reloaded after MoBlock, then you need to restart MoBlock again. You will be fine, if the iptables rule which sends traffic to MoBlock (target NFQUEUE) and (if MoBlock marks matched packets) the iptables rule which decides what happens to matched packets, stand before all other iptables rules which ACCEPT traffic.
You can check your iptables rules with iptables -L -nv or moblock-control status.

Technical note:

MoBlock checks traffic (packets) that is sent to the iptables NFQUEUE (or the deprecated QUEUE) target. If the necessary support is not built in the kernel directly, moblock-control will load the necessary kernel modules.
Up to MoBlock 0.8 packets that do not match the blocklist are ACCEPTed and packets that match the blocklist are DROPped.
Since MoBlock 0.9 packets can also be MARKed so that iptables rules that match this mark decide what happens with these packets. Per default marking is on. Marked packets repeat the hook function (NF_REPEAT). So they are sent back to the head of the iptables chain again. A packet may only bear one mark so there mustn't be any other applications / iptables rules that mark packets. Otherwise MoBlock (with marking on) will not work and packets will loop forever. "Marked block" outgoing packets will be REJECTED, "Marked block" incoming and forwarded packets will be DROPped. "Marked accept" packets will be ignored by MoBlock, so other iptables rules decide what happens to them.


Features

logfile screenshot

moblock-control has the following features:

  • Start and stop MoBlock (including handling of the iptables rules if desired).
    This is possible automatically at every system boot with init.
  • Update the specified blocklists from online sources.
    This is possible automatically (e.g. daily) with cron.
  • Use local blocklists.
  • Modify the blocklist, whitelist ports and use an allow list.
  • Whitelist LAN traffic automatically. This feature is still experimental.
  • Use custom iptables rules if desired.
  • Set verbosity and logging options.
  • Detect if kernel modules are needed and load them if necessary.
  • Check the status and test MoBlock.
  • Provides LSB 3.1 compatible init script.
  • Daily rotation of the logfiles.

Configuration and Usage

MoBlock starts automatically at system boot per default. Some preconfigured blocklists are updated once a day. MoBlock will not only block many unwanted IPs but in most cases running MoBlock will result in a limited network availability. This includes many webpages, services like eMail, instant messaging and the "weather applet" and your machine's accessibility from the internet.


To prevent this you can whitelist (traffic is not checked by MoBlock) ports, use a allow list and modify the blocklist. Since 0.9~rc2-12 LAN traffic is whitelisted automatically, but this feature is still experimental.


Blocklists are configured in blocklists.list (/etc/moblock/blocklists.list). The allow list is in allow.p2p (/etc/moblock/allow.p2p). If desired different allow lists for incoming, outgoing and forward connections may be used. The rest is done in "moblock.conf".


moblock-control first reads its hardcoded defaults, then the configuration file moblock.conf (/etc/moblock/moblock.conf) and last moblock.default (/etc/default/moblock). The latter overwrites the previous values.


You can configure MoBlock with "sudo dpkg-reconfigure moblock".


Usage (you need root privileges):

  • moblock-control start - inserts iptables rules and starts MoBlock
  • moblock-control stop - deletes iptables rules and stops MoBlock
  • moblock-control restart - restarts MoBlock
  • moblock-control reload - rebuilds the blocklist and reloads MoBlock
  • moblock-control update - updates the blocklists and reloads MoBlock
  • moblock-control status - gives the iptables settings and the status of the MoBlock daemon
  • moblock-control test - simple test to check if MoBlock is working

Grab the packages!


Add to /etc/apt/sources.list


Debian 4.0 etch (stable):

deb http://moblock-deb.sourceforge.net/debian etch main
deb-src http://moblock-deb.sourceforge.net/debian etch main

Debian lenny (testing):

deb http://moblock-deb.sourceforge.net/debian lenny main
deb-src http://moblock-deb.sourceforge.net/debian lenny main

Debian sid (unstable):

deb http://moblock-deb.sourceforge.net/debian sid main
deb-src http://moblock-deb.sourceforge.net/debian sid main

Ubuntu 7.04 feisty:

deb http://moblock-deb.sourceforge.net/debian feisty main
deb-src http://moblock-deb.sourceforge.net/debian feisty main

Ubuntu 7.10 gutsy:

deb http://moblock-deb.sourceforge.net/debian gutsy main
deb-src http://moblock-deb.sourceforge.net/debian gutsy main

Ubuntu 8.04 hardy:

deb http://moblock-deb.sourceforge.net/debian hardy main
deb-src http://moblock-deb.sourceforge.net/debian hardy main

Note for Ubuntu users:

You also need the "universe" section, something like 
deb http://archive.ubuntu.com YOURDIST main universe

Update your package list

To let apt verify the integrity of the packages you have to add my gpg key to the apt keyring (may be optional depending on your system's settings):

gpg --keyserver wwwkeys.eu.pgp.net --recv 9072870B
gpg --export --armor 9072870B | sudo apt-key add -

Run this command (on command line) to update the list of available packages:

sudo aptitude update

Install it (i386 and amd64)

Either from within your package manager or from the command line:

sudo aptitude install moblock
sudo aptitude install mobloquer

Build your own packages (all architectures)


To manually build packages of the current versions you need a "deb-src ..." entry in your apt sources.list. The source is the same for all Debian and Ubuntu versions.

MoBlock packages (current version)

mkdir moblock
cd moblock
sudo apt-get build-dep moblock
apt-get source moblock
cd moblock-{MAJOR_VERSION}
dpkg-buildpackage -rfakeroot

... and you will have your own deb in the directory moblock. Install it with

sudo dpkg -i ../moblock_{VERSION}_{ARCHITECTURE}.deb
Example (may be outdated): 
mkdir moblock
cd moblock
sudo apt-get build-dep moblock
apt-get source moblock
cd moblock-0.9~rc2
dpkg-buildpackage -rfakeroot
sudo dpkg -i ../moblock_0.9~rc2-12_i386.deb

MoBlock packages (development version)

mkdir moblock
cd moblock
sudo aptitude install debhelper iptables-dev debconf dpatch libnetfilter-queue-dev libnfnetlink-dev svn
svn co https://moblock-deb.svn.sourceforge.net/svnroot/moblock-deb/moblock moblock-deb
cd moblock-deb/moblock-{MAJOR_VERSION}/moblock-{MAJOR_VERSION}
dpkg-buildpackage -rfakeroot

... and you will have your own deb in the directory moblock/moblock-deb/moblock-{VERSION}. Install it with

sudo dpkg -i ../moblock_{VERSION}_{ARCHITECTURE}.deb

mobloquer packages (current version)

mkdir mobloquer
cd mobloquer
sudo apt-get build-dep mobloquer
apt-get source mobloquer
cd mobloquer-{MAJOR_VERSION}
dpkg-buildpackage -rfakeroot

... and you will have your own deb in the directory mobloquer. Install it with

sudo dpkg -i ../mobloquer_{VERSION}_{ARCHITECTURE}.deb
Example (may be outdated): 
mkdir mobloquer
cd mobloquer
sudo apt-get build-dep mobloquer
apt-get source mobloquer
cd mobloquer-0.5
dpkg-buildpackage -rfakeroot
sudo dpkg -i ../mobloquer_0.5-1_i386.deb

moblock-control (all Linux distributions, all architectures)


Download moblock-control from the project's page. Have a look at the README. You may need to adjust some paths and copy the files to their correct places manually.

Feedback and Development

The preferred place for discussions and support is at the Linux forum of phoenixlabs.org.

Please visit and use the project's page here at sourceforge to submit bugs and patches or request features.

You can browse the development repository at http://moblock-deb.svn.sourceforge.net/. Use subversion or (even easier) svk to work with it. The fastest way to get something changed in the packages is to post a patch.

For general feedback or if you want some privacy you can drop me an email.

Latest news

Aug 19 2008
New MoBlock (0.9~rc2-17) packages, moblock-nfq removed
Since the 0.9 series has less bugs and nicer features then the "official" stable 0.8 I removed the "moblock-nfq" package. Updates to "moblock" will be made automatically. Since the case for "moblock-ipq" is a bit complicated this case is not handled automatically. Interested users with old kernel (<2.6.13) please ask for help for transition.
For the other changes see the MoBlock 0.9RC2 debian changelog
The subversion development repository is updated again!

Jul 14 2008
New MoBlock (0.9~rc2-13) packages
debconf support added, port 80 and 443 whitelisted per default again, LAN traffic automatically whitelisted (experimental), port logging, hopefully removed all bashisms - Have fun.
I have not made a separate file release of moblock-control, yet. Contact me if you want one now.
The preview packages have been removed, since they are obsolete now.
The development repository is still not updated.

Jun 22 2008
Preview packages
You can download preview packages of MoBlock (0.9~rc2-12~pre45) here. Have a look at the changelog! I would welcome feedback about debconf and the new automatic local network whitelisting.
The development repository is still not updated.

May 29 2008
Preview packages
You can download preview packages of MoBlock (0.9~rc2-12~pre37) here. Next to many other changes this version has debconf support. Of course I want to know if it works technically. But I'm also interested in feedback about the debconf descriptions. Are they unclear, too technical, ...?
Development repository currently not updated
The version control software that I use (svk) is currently not in Debian lenny, therefore I don't sync my local changes to the development repository.

May 09 2008
Repository redesigned, amd64 packages added
Yay, now I can build amd64 packages natively and test them myself. So here you go, get i386 or amd64 packages from moblock-deb.sf.net.
I used this occasion to also make a software change: Now the repository is made with reprepro instead of debarchiver. Therefore the repository now finally has the pool structure (no changes needed on your side). The packages are still built with cowbuilder (i386 is emulated, for Debian Etch and Ubuntu Feisty i386 packages I have to use pbuilder). Because Debian Sid failed to bootstrap I use the Lenny packages there, too. At least currently the dependencies are satisfied on both dists.
New MoBlock (0.8-41 and 0.9~rc2-11) and mobloquer (0.5-1) packages
Only minor changes with MoBlock but really nice upstream changes with mobloquer - get it!

Apr 07 2008
MoBlock 0.9~rc2-8 packages and moblock-control released
New default blocklists. For the other changes see the MoBlock 0.9RC2 debian changelog

Resources

Related projects

Other important stuff

  • Tor: An anonymous Internet communication system
  • Jabber: Open source instant messaging
  • GnuPG: secure communication and data storage
  • Everything you want to know about iptables
  • Privoxy: Privacy enhancing HTTP Proxy
SourceForge.net Logo