diff options
| author | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
|---|---|---|
| committer | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
| commit | 2648e999d277eac5c3d331a3609bcc73fafbea71 (patch) | |
| tree | 40951fb8e7fdbe28a0baa324ae615055203f1e2e /abs/extra/community/moblock | |
| parent | c759b5e0c4aa6fc37412b4dee2cf9ad993fd376d (diff) | |
| parent | 7e6f7ca174e1af67178dc5293a312a4a733eb095 (diff) | |
| download | linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.zip linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.gz linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.bz2 | |
Merge branch 'testing'
# By James Meyer (1091) and others
# Via James Meyer (5) and others
* testing: (1148 commits)
LinHES-config: during install don't kill off lirc. This keeps the remote active all the way to the finish
Change version numbers to 8.0 to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web
LinHES-conifig: mv_install.py for the last partition don't go all the way to the end. Gotta leave room for gpt tables.
xf86-video-ati: xorg ati driver.
LinHES-config: timezip.py add syncing up of parental lvl passwords and starting level with MBE.
LinHES-system: correct the logic for breaking out of the wmctrl loop. As written it would break out of the inner loop..but not the 60 iteration loop.
e16_theme_settings: remove slide-in prop for new windows. For whatever reason this was preventing mplayer from being positioned correctly for appletrailers.
LinHES-config, mythinstall: change case of hd_pvr and serial to all lower refs #902
zilog-firmware: firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters but including the firmware just in case someone really wants to
linhes-udev-rules: added hdprv_lirc rule. All of these lirc rules are limited to exactly one device. If more then one device is present then only the last device in init will get the symlink
runit-scripts: fix logging for igdeamon, add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr
LinHES-system: add lh_system_restore and lh_system_backup. These scripts are called from the mythmenu. refs #900
iguanair: rebuild with python 2.7
LinHES-system: msg_daemon.py fix init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first.
linhes-udev-rules: add rules for mce,streamzap,serial lirc devices.
mythinstall: recompile for matching libs
mythtv: latest .25-fixes and change mythbackup/restore call lh_system_$op to replace mythbackup/mythrestore. mythbackup no longer works correctly with the new windowmanager
linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist
LinHES-config, supplimental-web: Fix proxy numbering for Ceton infiniTV
linhes-system: add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/
...
Diffstat (limited to 'abs/extra/community/moblock')
| -rw-r--r-- | abs/extra/community/moblock/MoBlock-nfq.sh.patch | 53 | ||||
| -rwxr-xr-x | abs/extra/community/moblock/PKGBUILD | 57 | ||||
| -rw-r--r-- | abs/extra/community/moblock/config | 30 | ||||
| -rwxr-xr-x | abs/extra/community/moblock/moblock | 70 | ||||
| -rwxr-xr-x | abs/extra/community/moblock/moblock-update | 174 | ||||
| -rw-r--r-- | abs/extra/community/moblock/moblock.install | 26 | ||||
| -rw-r--r-- | abs/extra/community/moblock/moblock.logrotate | 11 | ||||
| -rw-r--r-- | abs/extra/community/moblock/moblock_0.9_rc2.patch | 912 | ||||
| -rw-r--r-- | abs/extra/community/moblock/moblock_include.patch | 10 |
9 files changed, 0 insertions, 1343 deletions
diff --git a/abs/extra/community/moblock/MoBlock-nfq.sh.patch b/abs/extra/community/moblock/MoBlock-nfq.sh.patch deleted file mode 100644 index f9136c3..0000000 --- a/abs/extra/community/moblock/MoBlock-nfq.sh.patch +++ /dev/null @@ -1,53 +0,0 @@ ---- MoBlock-0.8/MoBlock-nfq.sh.orig 2008-11-30 03:44:02.000000000 -0500 -+++ MoBlock-0.8/MoBlock-nfq.sh 2008-12-01 18:56:15.000000000 -0500 -@@ -3,14 +3,10 @@ - # MoBlock.sh - MoBlock start script - # --------------------------------- - --ACTIVATE_CHAINS=1 --WHITE_TCP_IN="" --WHITE_UDP_IN="" --WHITE_TCP_OUT="" --WHITE_UDP_OUT="" --WHITE_TCP_FORWARD="" --WHITE_UDP_FORWARD="" -+# Some configuration options have been moved to an external conf file -+# This should make maintenance and upgrading easier - -+. /etc/moblock/config - - PIDF=/var/run/moblock.pid - -@@ -78,6 +74,17 @@ - iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT - done - -+# For added IP whitelisting support -+ -+for IP in $WHITE_IP_OUT; do -+ iptables -I MOBLOCK_OUT -p all -m iprange --dst-range $IP -j ACCEPT -+done -+for IP in $WHITE_IP_IN; do -+ iptables -I MOBLOCK_IN -p all -m iprange --src-range $IP -j ACCEPT -+done -+for IP in $WHITE_IP_FW; do -+ iptables -I MOBLOCK_FW -p all -m iprange --dst-range $IP -j ACCEPT -+done - - # Loopback traffic fix - -@@ -85,7 +92,8 @@ - iptables -I OUTPUT -p all -o lo -j ACCEPT - - # Here you can change block list and log files --./moblock -p /etc/guarding.p2p ./moblock.log -+#./moblock -p /etc/guarding.p2p ./moblock.log -+/usr/bin/moblock -p /etc/moblock/banned.list /var/log/moblock.log >/dev/null 2>&1 - - # On exit delete the rules we added - -@@ -108,3 +116,4 @@ - if [ -f $PIDF ]; then - rm $PIDF; - fi -+ diff --git a/abs/extra/community/moblock/PKGBUILD b/abs/extra/community/moblock/PKGBUILD deleted file mode 100755 index 0f3ff26..0000000 --- a/abs/extra/community/moblock/PKGBUILD +++ /dev/null @@ -1,57 +0,0 @@ -# Contributor: Kevin Edmonds <edmondskevin@hotmail.com> -# Maintainer: Filip Wojciechowski, filip at loka dot pl - -pkgname=moblock -pkgver=0.9rc2 -pkgrel=9 -pkgdesc="Console application that blocks connections from/to hosts listed in a file in peerguardian format" -arch=('i686' 'x86_64') -url="http://moblock.berlios.de/" -license=('GPL') -depends=(libnetfilter_queue iptables) -backup=(etc/moblock/config) -install=moblock.install -source=(http://download.berlios.de/moblock/MoBlock-0.8-i586.tar.bz2 \ - moblock_0.9_rc2.patch \ - MoBlock-nfq.sh.patch \ - moblock_include.patch \ - config \ - moblock-update \ - moblock \ - moblock.logrotate) - -build() { - cd ${srcdir}/MoBlock-0.8 - - # patch to update moblock to the latest cvs version - patch -Np1 -i ../moblock_0.9_rc2.patch || return 1 - # add IP whitelisting and move configs to a separate conf file - patch -Np1 -i ../MoBlock-nfq.sh.patch || return 1 - # necessary to make moblock build with recent kernels - patch -Np1 -i ../moblock_include.patch || return 1 - - # change the CFLAGS for both i686 and x84_64 builds - sed -i "s#-Wall -O.*-ffast-math#$CFLAGS#g" Makefile - - # build - make || return 1 -} - -package() { - cd ${srcdir}/MoBlock-0.8 - #move the files - install -D -m 755 ./MoBlock-nfq.sh ${pkgdir}/usr/bin/moblock-nfq || return 1 - install -D -m 744 ./moblock ${pkgdir}/usr/bin/moblock || return 1 - install -D -m 755 ../moblock-update ${pkgdir}/usr/bin/moblock-update || return 1 - install -D -m 744 ../moblock ${pkgdir}/etc/rc.d/moblock || return 1 - install -D -m 644 ../config ${pkgdir}/etc/moblock/config || return 1 - install -D -m 644 ../moblock.logrotate ${pkgdir}/etc/logrotate.d/moblock || return 1 -} -md5sums=('199967adb48b153be90db10fe21325c5' - 'e4e33c515677fa53eaca4616591d4e44' - 'e9f3c6b09f5e07dee948450780340ea3' - 'b23b5214965df59632de5cec317ddbde' - '840bb52a99529305e49212a69c9ced8a' - '49a16feb221d4d912cc7200313517f7b' - '1bdc949fcff0ce751a5096e489061513' - 'a8285fd3e68043cd8d21993d3dbbf9d4') diff --git a/abs/extra/community/moblock/config b/abs/extra/community/moblock/config deleted file mode 100644 index 7d7c287..0000000 --- a/abs/extra/community/moblock/config +++ /dev/null @@ -1,30 +0,0 @@ -# Original MoBlock configuration options from MoBlock-nfq.sh file -ACTIVATE_CHAINS=1 -WHITE_TCP_IN="" -WHITE_UDP_IN="" -WHITE_TCP_OUT="" # Add "http https" here to prevent moblock from blocking webpages -WHITE_UDP_OUT="" -WHITE_TCP_FORWARD="" -WHITE_UDP_FORWARD="" - -# Added IP whitelisting support -WHITE_IP_IN="" -WHITE_IP_OUT="" -WHITE_IP_FW="" - -# Individual lists can be disabled by prefixing them with '!' -# Bluetack blacklists (http://www.bluetack.co.uk) -BLUETACK=(level1 level2 !level3 !edu ads-trackers-and-bad-pr0n bogon spyware spider Microsoft !proxy hijacked templist !rangetest dshield) - -# blocklist.org lists (currently doesn't work) -#BLOCKLIST=(p2p gov spy ads edu) - -# backup lists (might be outdated) -#PHOENIXLABS=(!p2b.p2b edu.txt spider.txt spyware.txt level1.txt !level2.txt !level3.txt) - -# Change to 'yes' if you want to backup up the old list before writing -# a new one. Only one backup copy will be kept. -BACKUP_OLD_LIST="no" - -# Options passed to wget -WGET_OPTS="-q" diff --git a/abs/extra/community/moblock/moblock b/abs/extra/community/moblock/moblock deleted file mode 100755 index d88bd2e..0000000 --- a/abs/extra/community/moblock/moblock +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -. /etc/rc.conf -. /etc/rc.d/functions - -case "$1" in - start) - stat_busy "Starting MoBlock" - if [ ! -f /var/run/moblock.pid ] - then - /usr/bin/moblock-nfq & - if [ $? -gt 0 ] - then - stat_fail - else - add_daemon moblock - stat_done - fi - else - stat_fail - fi - ;; - update) - stat_busy "Updating MoBlock block list..." - error=0 - /usr/bin/moblock-update || error=1 - stat_busy "Updating MoBlock block list" - if [ $error -eq 1 ]; then - stat_fail - else - stat_done - fi - ;; - stats) - stat_busy "Logging stats to /var/log/MoBlock.stats" - PID=`cat /var/run/moblock.pid 2>/dev/null` - if [ ! -z "$PID" ]; then - /bin/kill -USR2 $PID - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - else - stat_fail - fi - ;; - stop) - stat_busy "Stopping MoBlock" - PID=`cat /var/run/moblock.pid 2>/dev/null` - if [ ! -z "$PID" ]; then - /bin/kill $PID - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon moblock - stat_done - fi - else - stat_fail - fi - ;; - restart) - $0 stop - sleep 2 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart|update|stats}" -esac diff --git a/abs/extra/community/moblock/moblock-update b/abs/extra/community/moblock/moblock-update deleted file mode 100755 index aae861d..0000000 --- a/abs/extra/community/moblock/moblock-update +++ /dev/null @@ -1,174 +0,0 @@ -#!/bin/bash - -. /etc/moblock/config - -CONF_DIR=/etc/moblock -TEMP_DIR=$(/usr/bin/mktemp -t -d moblock-updateXXXXXXXX) -LIST_FILE=banned.list - -USECOLOR="no" -. /etc/rc.d/functions -PREFIX_REG=" >" -PREFIX_HL="::" - -function extract() -{ - /usr/bin/find $TEMP_DIR -type f -name '*.gz' -o -name '*.zip' |\ - while read N - do - case "$N" in - *.zip) /usr/bin/unzip -oqq "$N" 2>/dev/null - if [ $? -gt 0 ]; then - rm -f "$N" - return 1 - else - rm -f "$N" - fi - ;; - *.gz) /bin/gunzip -f "$N" 2>/dev/null - if [ $? -gt 0 ]; then - rm -f "$N" - return 1 - fi - ;; - *) continue - ;; - esac - done - return 0 -} - -cd $TEMP_DIR - -printf "${C_SEPARATOR} ------------------------------\n" -printhl "Downloading and extracting files:\n" - -# Bluetack lists (with fallback) -for i in ${BLUETACK[@]} -do - if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then - stat_busy "BLUETACK '${i}'... " - /usr/bin/wget ${WGET_OPTS} "http://www.bluetack.co.uk/config/${i}.gz" && extract - if [ $? -gt 0 ] || [ ! -f ${i} ]; then - stat_fail - bfile=$i - if [ "$bfile" = "ads-trackers-and-bad-pr0n" ]; then - bfile="ads" - elif [ "$bfile" = "Microsoft" ];then - bfile="microsoft" - fi - stat_busy "[!!] BLUETACK '${i}' (fallback link)... " - /usr/bin/wget ${WGET_OPTS} "http://list.iblocklist.com/?list=bt_${bfile%%-*}" -O "${i}.gz" && extract - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - else - stat_done - fi - fi -done - -# Blocklist lists -for i in ${BLOCKLIST[@]} -do - if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then - stat_busy "BLOCKLIST '${i}'... " - /usr/bin/wget ${WGET_OPTS} "blocklist.org/${i}.p2b.gz" && extract - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - fi -done - -# Old phoenixlabs.org lists -for i in ${PHOENIXLABS[@]} -do - if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then - stat_busy "PHOENIXLABS '${i}'... " - /usr/bin/wget ${WGET_OPTS} "fox.phoenixlabs.org/${i}" && extract - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - fi -done - -if [ $(/bin/cat "$TEMP_DIR"/* | /usr/bin/wc -l) -eq 0 ]; then - printf "\n" - printhl "ERROR: No files were downloaded" - printf "${C_SEPARATOR} ------------------------------\n" - exit 1 -fi - -# Check files -printsep -printhl "Checking integrity of downloaded files:\n" - -/usr/bin/find -type f | while read N -do - stat_busy "File '$(echo $N | /bin/awk -F/ '{print $NF}')'... " - scan1=$(/bin/cat "$N" | /usr/bin/wc -l) - scan2=$(/bin/egrep -o ":[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*-[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" "$N" | /usr/bin/wc -l) - if [ $scan1 -eq $scan2 ]; then - stat_done - else - if [ $scan2 -gt 0 ]; then - if [ $scan1 -gt $scan2 ]; then - stat_append "$(($scan1-$scan2)) of $scan1 entries failed validation; keeping the file" - stat_done - fi - else - stat_fail - stat_busy "[!!] Removing corrupted file... " - rm "$N" 2>/dev/null - if [ $? -gt 0 ]; then - stat_fail - exit 1 - else - stat_done - fi - fi - fi -done - -printsep -printhl "Saving the list:\n" - -# Make backup -if [ "$BACKUP_OLD_LIST" = "yes" ] && [ -f "$CONF_DIR"/"$LIST_FILE" ]; then - stat_busy "Backing up old list to '$CONF_DIR/$LIST_FILE.gz'... " - /bin/gzip -f "$CONF_DIR"/"$LIST_FILE" 2>/dev/null - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi -fi - -# Save the list -stat_busy "Saving new list to '$CONF_DIR/$LIST_FILE'... " -/bin/cat "$TEMP_DIR"/* > "$CONF_DIR"/"$LIST_FILE" 2>&1 -if [ $? -gt 0 ]; then - stat_fail - exit 1 -else - stat_done - printf "\n" - printhl "Saved `cat "$CONF_DIR"/"$LIST_FILE" | wc -l` ranges" - printf "${C_SEPARATOR} ------------------------------\n" -fi - -rm -rf "$TEMP_DIR" - -# Restart MoBlock -if [ -f /var/run/moblock.pid ]; then - /bin/kill -HUP `cat /var/run/moblock.pid` >/dev/null 2>&1 -fi - -exit 0 - diff --git a/abs/extra/community/moblock/moblock.install b/abs/extra/community/moblock/moblock.install deleted file mode 100644 index 6afe1d5..0000000 --- a/abs/extra/community/moblock/moblock.install +++ /dev/null @@ -1,26 +0,0 @@ -post_install() { - #clean up after an old hack - if [ -h /usr/lib/libnfnetlink.so.1 ]; then - rm /usr/lib/libnfnetlink.so.1 - fi - echo "" - echo ">>> moblock-update script no longer uses /var/spool/moblock" - echo ">>> as a temporary directory. You can safely delete it." - echo "" -} - -post_upgrade() { - #clean up after an old hack - if [ -h /usr/lib/libnfnetlink.so.1 ]; then - rm /usr/lib/libnfnetlink.so.1 - fi - echo "" - echo ">>> moblock-update script no longer uses /var/spool/moblock" - echo ">>> as a temporary directory. You can safely delete it." - echo "" -} - -op=$1 -shift -$op $* - diff --git a/abs/extra/community/moblock/moblock.logrotate b/abs/extra/community/moblock/moblock.logrotate deleted file mode 100644 index 6ed64bb..0000000 --- a/abs/extra/community/moblock/moblock.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -"/var/log/moblock.log" /var/log/MoBlock.stats { - daily - missingok - notifempty - sharedscripts - postrotate - /usr/bin/test -f /var/run/moblock.pid && /bin/kill -HUP `cat /var/run/moblock.pid 2>/dev/null` 2>/dev/null || exit 0 - endscript - compress -} - diff --git a/abs/extra/community/moblock/moblock_0.9_rc2.patch b/abs/extra/community/moblock/moblock_0.9_rc2.patch deleted file mode 100644 index 69994ff..0000000 --- a/abs/extra/community/moblock/moblock_0.9_rc2.patch +++ /dev/null @@ -1,912 +0,0 @@ -diff -Naur MoBlock-0.8_orig/Changelog MoBlock-0.8/Changelog ---- MoBlock-0.8_orig/Changelog 2006-03-22 12:44:31.000000000 -0500 -+++ MoBlock-0.8/Changelog 2008-02-10 11:56:08.000000000 -0500 -@@ -4,6 +4,23 @@ - - --- - -+0.9: - fix for kernel 2.6.23 -+ - support for MARKing packets instead of DROPping or -+ ACCEPTing -+ - example start script that REJECTs packets instead of -+ DROPping. -+ - Integrated a patch from David Walluck for proper loading -+ of p2b files (version 2) -+ - command line options for logging to syslog, stdout -+ and log timestamping -+ - fixed loading pg1 lists with comments (lines starting -+ with '#') -+ - fixed a bug in ranges merge -+ - applied patch 2223 by badfish99: "IPs logged with bytes -+ reversed on big-endian m/c" -+ -+--- -+ - 0.8: - support for NFQUEUE-ing from iptables FORWARD chain (thx to - hyakki for suggestions and testing!) - - included patches from Maximilian Mehnert to support log file -diff -Naur MoBlock-0.8_orig/Makefile MoBlock-0.8/Makefile ---- MoBlock-0.8_orig/Makefile 2006-03-22 12:44:31.000000000 -0500 -+++ MoBlock-0.8/Makefile 2007-11-22 08:10:44.000000000 -0500 -@@ -1,4 +1,3 @@ -- - # To use the old-soon-to-be-deprecated libipq interface - # uncomment the following line and comment the NFQUEUE one, - # then comment the gcc line with netfilter_queue and -@@ -7,7 +6,7 @@ - #QUEUE_LIB=LIBIPQ - QUEUE_LIB=NFQUEUE - --CFLAGS=-Wall -O2 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \ -+CFLAGS=-Wall -O3 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \ - -D_GNU_SOURCE -D$(QUEUE_LIB) -L/usr/include/libipq - CC=gcc - -diff -Naur MoBlock-0.8_orig/MoBlock-nfq-reject.sh MoBlock-0.8/MoBlock-nfq-reject.sh ---- MoBlock-0.8_orig/MoBlock-nfq-reject.sh 1969-12-31 19:00:00.000000000 -0500 -+++ MoBlock-0.8/MoBlock-nfq-reject.sh 2007-11-22 08:10:44.000000000 -0500 -@@ -0,0 +1,104 @@ -+#!/bin/sh -+# -+# MoBlock.sh - MoBlock start script -+# --------------------------------- -+ -+ACTIVATE_CHAINS=1 -+WHITE_TCP_IN="" -+WHITE_UDP_IN="" -+WHITE_TCP_OUT="" -+WHITE_UDP_OUT="" -+WHITE_TCP_FORWARD="" -+WHITE_UDP_FORWARD="" -+REJECT_MARK="10" -+ -+PIDF=/var/run/moblock.pid -+ -+FNAME=`basename $0 .sh` -+MODE=`echo $FNAME|awk -F- '{print $2}'` -+ -+if [ -f $PIDF ]; then -+ PID=`cat $PIDF` -+ if [ `ps -p $PID|wc -l` -gt 1 ]; then -+ echo "$0: $PIDF exists and processs seems to be running. Exiting." -+ exit 1; -+ fi; -+fi; -+ -+if [ $MODE == "ipq" ]; then -+ modprobe ip_queue -+ TARGET="QUEUE" -+elif [ $MODE == "nfq" ]; then -+ modprobe ipt_NFQUEUE -+ TARGET="NFQUEUE" -+fi; -+ -+modprobe ipt_state -+ -+# Filter all traffic, edit for your needs -+ -+iptables -N MOBLOCK_IN -+iptables -N MOBLOCK_OUT -+iptables -N MOBLOCK_FW -+ -+if [ $ACTIVATE_CHAINS -eq 1 ]; then -+ iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN -+ iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT -+ iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW -+fi; -+ -+ -+iptables -I MOBLOCK_IN -p all -j $TARGET -+ -+iptables -I MOBLOCK_OUT -p all -j $TARGET -+ -+iptables -I MOBLOCK_FW -p all -j $TARGET -+ -+for PORT in $WHITE_TCP_OUT; do -+ iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT -+done -+for PORT in $WHITE_UDP_OUT; do -+ iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT -+done -+ -+for PORT in $WHITE_TCP_IN; do -+ iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT -+done -+for PORT in $WHITE_UDP_IN; do -+ iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT -+done -+ -+for PORT in $WHITE_TCP_FORWARD; do -+ iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT -+done -+for PORT in $WHITE_UDP_FORWARD; do -+ iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT -+done -+ -+iptables -I OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT -+iptables -I FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT -+ -+# Here you can change block list and log files -+./moblock -d /etc/ipfilter.dat -t -s -r $REJECT_MARK ./moblock.log -+ -+# On exit delete the rules we added -+ -+if [ $ACTIVATE_CHAINS -eq 1 ]; then -+ iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN -+ iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT -+ iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW -+fi; -+ -+iptables -D OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT -+iptables -D FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT -+ -+iptables -F MOBLOCK_IN -+iptables -X MOBLOCK_IN -+iptables -F MOBLOCK_OUT -+iptables -X MOBLOCK_OUT -+iptables -F MOBLOCK_FW -+iptables -X MOBLOCK_FW -+ -+if [ -f $PIDF ]; then -+ rm $PIDF; -+fi -diff -Naur MoBlock-0.8_orig/MoBlock.c MoBlock-0.8/MoBlock.c ---- MoBlock-0.8_orig/MoBlock.c 2006-03-22 12:44:31.000000000 -0500 -+++ MoBlock-0.8/MoBlock.c 2008-02-10 11:56:08.000000000 -0500 -@@ -35,6 +35,8 @@ - #include <linux/netfilter_ipv4.h>
- #include <signal.h>
- #include <regex.h>
-+#include <time.h>
-+#include <syslog.h>
-
- // in Makefile define LIBIPQ to use soon-to-be-deprecated ip_queue,
- // NFQUEUE for ipt_NFQUEUE (from kernel 2.6.14)
-@@ -46,7 +48,7 @@ - #include <libnetfilter_queue/libnetfilter_queue.h>
- #endif
-
--#define MB_VERSION "0.8"
-+#define MB_VERSION "0.9rc2"
-
- #define BUFSIZE 2048
- #define PAYLOADSIZE 21
-@@ -58,6 +60,9 @@ - #define SRC_ADDR(payload) (*(in_addr_t *)((payload)+12))
- #define DST_ADDR(payload) (*(in_addr_t *)((payload)+16))
-
-+#define likely(x) __builtin_expect((x),1)
-+#define unlikely(x) __builtin_expect((x),0)
-+
- // rbt datatypes/functions
-
- typedef enum {
-@@ -96,7 +101,8 @@ - char filename[100];
- } blocklist_info;
-
--int merged_ranges=0, skipped_ranges=0;
-+u_int32_t merged_ranges=0, skipped_ranges=0, accept_mark=0, reject_mark=0;
-+u_int8_t log2syslog=0, log2file=0, log2stdout=0, timestamp=0;
-
- #ifdef LIBIPQ
- static void die(struct ipq_handle *h)
-@@ -112,11 +118,13 @@ - static char buf[2][ sizeof("aaa.bbb.ccc.ddd") ];
- static short int index=0;
-
-+ ip = ntohl(ip);
-+
- sprintf(buf[index],"%d.%d.%d.%d",
-- (ip) & 0xff,
-- (ip >> 8) & 0xff,
-+ (ip >> 24) & 0xff,
- (ip >> 16) & 0xff,
-- (ip >> 24) & 0xff);
-+ (ip >> 8) & 0xff,
-+ (ip) & 0xff);
-
- if (index) {
- index=0;
-@@ -134,10 +142,38 @@ - fflush(stdout);
- }
-
-+void log_action(char *msg)
-+{
-+ char timestr[30];
-+ time_t tv;
-+
-+ if (timestamp) {
-+ tv = time(NULL);
-+ strncpy(timestr, ctime(&tv), 19);
-+ timestr[19] = '\0';
-+ strcat(timestr, "| ");
-+ }
-+ else strcpy(timestr, "");
-+
-+ if (log2syslog) {
-+ syslog(LOG_INFO, msg);
-+ }
-+
-+ if (log2file) {
-+ fprintf(logfile,"%s%s",timestr,msg);
-+ fflush(logfile);
-+ }
-+
-+ if (log2stdout) {
-+ fprintf(stdout,"%s%s",timestr,msg);
-+ }
-+}
-+
- inline void ranged_insert(char *name,char *ipmin,char *ipmax)
- {
- recType tmprec;
- int ret;
-+ char msgbuf[255];
-
- if ( strlen(name) > (BNAME_LEN-1) ) {
- strncpy(tmprec.blockname, name, BNAME_LEN);
-@@ -149,10 +185,11 @@ - if ( (ret=insert(ntohl(inet_addr(ipmin)),&tmprec)) != STATUS_OK )
- switch(ret) {
- case STATUS_MEM_EXHAUSTED:
-- fprintf(logfile,"Error inserting range, MEM_EXHAUSTED.\n");
-+ log_action("Error inserting range, MEM_EXHAUSTED.\n");
- break;
- case STATUS_DUPLICATE_KEY:
-- fprintf(logfile,"Duplicated range ( %s )\n",name);
-+ sprintf(msgbuf,"Duplicated range ( %s )\n",name);
-+ log_action(msgbuf);
- break;
- case STATUS_MERGED:
- merged_ranges++;
-@@ -161,8 +198,9 @@ - skipped_ranges++;
- break;
- default:
-- fprintf(logfile,"Unexpected return value from ranged_insert()!\n");
-- fprintf(logfile,"Return value was: %d\n",ret);
-+ log_action("Unexpected return value from ranged_insert()!\n");
-+ sprintf(msgbuf,"Return value was: %d\n",ret);
-+ log_action(msgbuf);
- break;
- }
- }
-@@ -177,15 +215,19 @@ - regex_t regmain;
- regmatch_t matches[4];
- int i;
-+ char msgbuf[255];
-
- regcomp(®main, "^(.*)[:]([0-9.]*)[-]([0-9.]*)$", REG_EXTENDED);
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
- while ( (count=getline(&line,&len,fp)) != -1 ) {
-+ if ( line[0] == '#' ) //comment line, skip
-+ continue;
- for(i=count-1; i>=0; i--) {
- if ((line[i] == '\r') || (line[i] == '\n') || (line[i] == ' ')) {
- line[i] = 0;
-@@ -207,36 +249,78 @@ - line+matches[3].rm_so);
- ntot++;
- } else {
-- fprintf(logfile,"Short guarding.p2p line %s, skipping it...\n", line);
-+ sprintf(msgbuf,"Short guarding.p2p line %s, skipping it...\n", line);
-+ log_action(msgbuf);
- }
- }
- if (line)
- free(line);
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
--void loadlist_pg2(char *filename) // experimental, no check for list sanity
-+void loadlist_pg2(char *filename) // supports only v2 files
- {
- FILE *fp;
-- int i,retval,ntot=0;
-- char name[100],ipmin[16]; // hope we don't have a list with longer names...
-+ int i, j, c, retval=0, ntot=0;
-+ char name[100],ipmin[16], msgbuf[255]; // hope we don't have a list with longer names...
- uint32_t start_ip, end_ip;
- struct in_addr startaddr,endaddr;
-+ size_t s;
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf, "Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
-
-- fgetc(fp); // skip first 4 bytes, don't know what they are
-- fgetc(fp);
-- fgetc(fp);
-- retval=fgetc(fp);
-+ for (j=0; j<4; j++) {
-+ c=fgetc(fp);
-+ if ( c != 0xff ) {
-+ sprintf(msgbuf,"Byte %d: 0x%x != 0xff, aborting...\n", j+1, c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != 'P' ) {
-+ sprintf(msgbuf,"Byte 5: %c != P, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != '2' ) {
-+ sprintf(msgbuf,"Byte 6: %c != 2, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-
-- while ( retval != EOF ) {
-+ c=fgetc(fp);
-+ if ( c != 'B' ) {
-+ sprintf(msgbuf,"Byte 7: %c != B, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != 0x02 ) {
-+ sprintf(msgbuf,"Byte 8: version: %d != 2, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ do {
- i=0;
- do {
- name[i]=fgetc(fp);
-@@ -244,9 +328,22 @@ - } while ( name[i-1] != 0x00 && name[i-1] != EOF);
- if ( name[i-1] != EOF ) {
- name[i-1]='\0';
-- fread(&start_ip,4,1,fp);
-- fread(&end_ip,4,1,fp);
-- startaddr.s_addr=start_ip;
-+ s=fread(&start_ip,4,1,fp);
-+ if ( s != 1 ) {
-+ sprintf(msgbuf,"Failed to read start IP: %d != 1, aborting...\n", (int)s);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+ s=fread(&end_ip,4,1,fp);
-+ if ( s != 1 ) {
-+ sprintf(msgbuf,"Failed to read end IP: %d != 1, aborting...\n", (int)s);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ startaddr.s_addr=start_ip;
- endaddr.s_addr=end_ip;
- strcpy(ipmin,inet_ntoa(startaddr));
- ranged_insert(name,ipmin,inet_ntoa(endaddr));
-@@ -255,22 +352,25 @@ - else {
- retval=EOF;
- }
-- }
-+ } while ( retval != EOF );
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n",ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
- void loadlist_dat(char *filename)
- {
- FILE *fp;
- int ntot=0;
-- char readbuf[200], *name, start_ip[16], end_ip[16];
-+ char readbuf[200], *name, start_ip[16], end_ip[16], msgbuf[255];
- unsigned short ip1_0, ip1_1, ip1_2, ip1_3, ip2_0, ip2_1, ip2_2, ip2_3;
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
-
-@@ -286,38 +386,45 @@ - ntot++;
- }
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
- void reopen_logfile(void)
- {
-+ char msgbuf[255];
-+
- if (logfile != NULL) {
- fclose(logfile);
- logfile=NULL;
- }
- logfile=fopen(logfile_name,"a");
- if (logfile == NULL) {
-- fprintf(stderr, "Unable to open logfile %s\n", logfile_name);
-+ sprintf(msgbuf, "Unable to open logfile %s\n", logfile_name);
-+ log_action(msgbuf);
- exit(-1);
- }
-- fprintf(logfile, "Reopening logfile.\n");
-+ log_action("Reopening logfile.\n");
- }
-
- void my_sahandler(int sig)
- {
-+ char msgbuf[255];
-+
- switch( sig ) {
- case SIGUSR1:
-- fprintf(logfile,"Got SIGUSR1! Dumping stats...\n");
-+ log_action("Got SIGUSR1! Dumping stats...\n");
- ll_show(logfile);
- reopen_logfile();
- break;
- case SIGUSR2:
-- fprintf(logfile,"Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
-+ log_action("Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
- ll_log();
- break;
- case SIGHUP:
-- fprintf(logfile,"\nGot SIGHUP! Dumping and resetting stats, reloading blocklist\n\n");
-+ log_action("Got SIGHUP! Dumping and resetting stats, reloading blocklist\n");
- ll_log();
- ll_clear(); // clear stats list
- destroy_tree(); // clear loaded ranges
-@@ -332,17 +439,18 @@ - loadlist_pg2(blocklist_info.filename);
- break;
- default:
-- fprintf(logfile,"Unknown blocklist type while reloading list, contact the developer!\n");
-+ log_action("Unknown blocklist type while reloading list, contact the developer!\n");
- break;
- }
- reopen_logfile();
- break;
- case SIGTERM:
-- fprintf(logfile,"Got SIGTERM! Dumping stats and exiting.\n");
-+ log_action("Got SIGTERM! Dumping stats and exiting.\n");
- ll_log();
- exit(0);
- default:
-- fprintf(logfile,"Received signal = %d but not handled\n",sig);
-+ sprintf(msgbuf,"Received signal = %d but not handled\n",sig);
-+ log_action(msgbuf);
- break;
- }
- }
-@@ -378,7 +486,7 @@ - {
- int id=0, status=0;
- struct nfqnl_msg_packet_hdr *ph;
-- char *payload;
-+ char *payload, msgbuf[255];
- recType tmprec;
-
- ph = nfq_get_msg_packet_hdr(nfa);
-@@ -389,34 +497,78 @@ - switch (ph->hook) {
- case NF_IP_LOCAL_IN:
- if ( find(ntohl(SRC_ADDR(payload)),&tmprec) == STATUS_OK ) {
-+ // we drop the packet instead of rejecting
-+ // we don't want the other host to know we are alive
- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ sprintf(msgbuf,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- case NF_IP_LOCAL_OUT:
- if ( find(ntohl(DST_ADDR(payload)),&tmprec) == STATUS_OK ) {
-- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ if ( likely(reject_mark) ) {
-+ // we set the user-defined reject_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
-+ }
-+ else {
-+ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-+ }
-+ sprintf(msgbuf,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- case NF_IP_FORWARD:
- if ( find2(ntohl(SRC_ADDR(payload)), ntohl(DST_ADDR(payload)), &tmprec) == STATUS_OK ) {
-- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
-+ if ( likely(reject_mark) ) {
-+ // we set the user-defined reject_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
-+ }
-+ else {
-+ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-+ }
-+ sprintf(msgbuf,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
- tmprec.blockname, tmprec.hits, ip2str(SRC_ADDR(payload)), ip2str(DST_ADDR(payload)));
-- fflush(logfile);
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- default:
-- fprintf(logfile,"Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
-+ log_action("Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
- break;
- }
- }
- else {
-- fprintf(logfile,"NFQUEUE: can't get msg packet header.\n");
-+ log_action("NFQUEUE: can't get msg packet header.\n");
- return(1); // from nfqueue source: 0 = ok, >0 = soft error, <0 hard error
- }
-- fflush(logfile);
- return(0);
- }
- #endif
-@@ -492,46 +644,48 @@ - struct nfq_q_handle *qh;
- struct nfnl_handle *nh;
- int fd,rv;
-- char buf[BUFSIZE];
-+ char buf[BUFSIZE], msgbuf[255];
-
- h = nfq_open();
- if (!h) {
-- fprintf(logfile, "Error during nfq_open()\n");
-+ log_action("Error during nfq_open()\n");
- exit(-1);
- }
-
- if (nfq_unbind_pf(h, AF_INET) < 0) {
-- fprintf(logfile, "error during nfq_unbind_pf()\n");
-- exit(-1);
-+ log_action("error during nfq_unbind_pf()\n");
-+ //exit(-1);
- }
-
- if (nfq_bind_pf(h, AF_INET) < 0) {
-- fprintf(logfile, "Error during nfq_bind_pf()\n");
-+ log_action("Error during nfq_bind_pf()\n");
- exit(-1);
- }
-
-- fprintf(logfile,"NFQUEUE: binding to queue '%hd'\n", queuenum);
-+ sprintf(msgbuf,"NFQUEUE: binding to queue '%hd'\n", queuenum);
-+ log_action(msgbuf);
- qh = nfq_create_queue(h, queuenum, &nfqueue_cb, NULL);
- if (!qh) {
-- fprintf(logfile, "error during nfq_create_queue()\n");
-+ log_action("error during nfq_create_queue()\n");
- exit(-1);
- }
-
- if (nfq_set_mode(qh, NFQNL_COPY_PACKET, PAYLOADSIZE) < 0) {
-- fprintf(logfile, "can't set packet_copy mode\n");
-+ log_action("can't set packet_copy mode\n");
- exit(-1);
- }
-
- nh = nfq_nfnlh(h);
- fd = nfnl_fd(nh);
-
-- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
-+ while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
- nfq_handle_packet(h, buf, rv);
- }
-
-- printf("NFQUEUE: unbinding from queue 0\n");
-+ log_action("NFQUEUE: unbinding from queue 0\n");
- nfq_destroy_queue(qh);
- nfq_close(h);
-+ nfq_unbind_pf(h, AF_INET);
- return(0);
- #endif
-
-@@ -540,11 +694,16 @@ - void print_options(void)
- {
- printf("\nMoBlock %s by Morpheus",MB_VERSION);
-- printf("\nSyntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>\n\n");
-+ printf("\nSyntax: MoBlock -dnp <blocklist> [-q 0-65535] <logfile>\n\n");
- printf("\t-d\tblocklist is an ipfilter.dat file\n");
- printf("\t-n\tblocklist is a peerguardian 2.x file (.p2b)\n");
- printf("\t-p\tblocklist is a peerguardian file (.p2p)\n");
- printf("\t-q\t0-65535 NFQUEUE number (as specified in --queue-num with iptables)\n");
-+ printf("\t-r MARK\tmark packet with MARK instead of DROP\n");
-+ printf("\t-a MARK\tmark packet with MARK instead of ACCEPT\n");
-+ printf("\t-l\tlog to stdout\n");
-+ printf("\t-s\tlog to syslog\n");
-+ printf("\t-t\tlog timestamping\n\n");
- }
-
- void on_quit()
-@@ -556,6 +715,7 @@ - {
- int ret=0;
- unsigned short int queuenum=0;
-+ char msgbuf[255];
-
- if (argc < 3) {
- print_options();
-@@ -591,10 +751,11 @@ - }
- logfile_name=malloc(strlen(argv[argc-1])+1);
- strcpy(logfile_name,argv[argc-1]);
-+ log2file = 1;
- printf("* Logging to %s\n",logfile_name);
-
- while (1) { //scan command line options
-- ret=getopt(argc, argv, "d:n:p:q:");
-+ ret=getopt(argc, argv, "d:n:p:q:a:r:stl");
- if ( ret == -1 ) break;
-
- switch (ret) {
-@@ -619,6 +780,28 @@ - case 'q':
- queuenum=(unsigned short int)atoi(optarg);
- break;
-+ case 'r':
-+ reject_mark=(u_int32_t)atoi(optarg);
-+ printf("* DROP MARK: %d\n", reject_mark);
-+ reject_mark=htonl(reject_mark);
-+ break;
-+ case 'a':
-+ accept_mark=(u_int32_t)atoi(optarg);
-+ printf("* ACCEPT MARK: %d\n", accept_mark);
-+ accept_mark=htonl(accept_mark);
-+ break;
-+ case 's':
-+ log2syslog = 1;
-+ printf("* Logging to syslog\n");
-+ break;
-+ case 't':
-+ timestamp = 1;
-+ printf("* Log timestamp enabled\n");
-+ break;
-+ case 'l':
-+ log2stdout = 1;
-+ printf("* Log to stdout enabled\n");
-+ break;
- case '?': // unknown option
- print_options();
- exit(-1);
-@@ -626,10 +809,14 @@ - }
- }
-
-- printf("* Merged ranges: %d\n", merged_ranges);
-- fprintf(logfile, "Merged ranges: %d\n", merged_ranges);
-- printf("* Skipped useless ranges: %d\n", skipped_ranges);
-- fprintf(logfile,"Skipped useless ranges: %d\n", skipped_ranges);
-+ sprintf(msgbuf, "* Merged ranges: %d\n", merged_ranges);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
-+ sprintf(msgbuf,"* Skipped useless ranges: %d\n", skipped_ranges);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- fflush(NULL);
-
- netlink_loop(queuenum);
-diff -Naur MoBlock-0.8_orig/README MoBlock-0.8/README ---- MoBlock-0.8_orig/README 2006-03-22 12:44:31.000000000 -0500 -+++ MoBlock-0.8/README 2007-11-22 08:10:44.000000000 -0500 -@@ -1,5 +1,5 @@ - --MoBlock README v0.8 -+MoBlock README v0.9 - http://moblock.berlios.de - - .Introduction. -@@ -47,6 +47,22 @@ - ip_conntrack 40044 1 ipt_state - iptable_filter 2176 1 - ip_tables 17600 3 ipt_NFQUEUE,ipt_state,iptable_filter -+ -+ ...and these with kernel 2.6.23 using NFQUEUE interface: -+ -+ nfnetlink_queue 9344 1 -+ nfnetlink 4568 2 nfnetlink_queue -+ ipt_REJECT 3520 2 -+ xt_mark 1600 2 -+ nf_conntrack_ipv4 12424 5 -+ iptable_filter 2308 1 -+ ip_tables 10328 1 iptable_filter -+ xt_state 1984 5 -+ nf_conntrack 48356 2 nf_conntrack_ipv4,xt_state -+ xt_NFQUEUE 1664 3 -+ x_tables 11396 5 ipt_REJECT,xt_mark,ip_tables,xt_state,xt_NFQUEUE -+ -+ (notice that ipt_NFQUEUE has changed to xt_NFQUEUE, same thing for other modules too) - - 2) A valid guarding.p2p/ipfilter.dat/p2p.p2b host file in /etc ( /etc/guarding.p2p ). - MoBlock tries to skip malformed or duplicate ranges but -@@ -140,8 +156,18 @@ - To specify a NFQUEUE queue number: - - ./moblock -p /etc/guarding.p2p -q 5 MoBlock.log -+ -+ From version 0.9 MoBlock supports MARKing packets and RETURN them to -+ iptables, there's an example start script (MoBlock-nfq-reject.sh) that -+ uses this feature to REJECT packet instead of dropping them. It can help -+ in complex firewall configuration where you need more control of packets -+ flow after MoBlock inspection. -+ See the mentioned start script for reference, you can set the MARK value -+ for packets that MoBlock would drop (ip in list) with the "-r" command line -+ option and for packets that MoBlock would accept (ip not in list) with -+ the "-a" command line option. - -- To stop it: -+ To stop MoBlock: - - kill -TERM <MoBlockPid> - -@@ -149,7 +175,7 @@ - To obtain stats about blocked ranges while it's running: - - kill -USR1 <MoBlockPid> # write stats to logfile -- kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats -+ kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats - - ** NEW: to reload the blocklist while MoBlock is running send to it the - HUP signal: -@@ -168,7 +194,10 @@ - took some code and ideas from his FTwall - - Andrew de Quincey (adq at lidskialf dot net) for regular expressions - and command line args patch --- Maximilian Mehnert (clessing at freenet dot de) for logfile rotation -+- clessing at freenet dot de for logfile rotation - patches, pid file creation, start script, fixes/files for debian packaging -+- David Walluck, patch for proper loading of p2b files -+- jre, for continuing clessing work on debian packaging and many other -+ contributions - --Last Updated: 20/Mar/2006 -+Last Updated: 15/Oct/2007 -diff -Naur MoBlock-0.8_orig/rbt.c MoBlock-0.8/rbt.c ---- MoBlock-0.8_orig/rbt.c 2006-03-22 12:44:31.000000000 -0500 -+++ MoBlock-0.8/rbt.c 2008-02-10 11:56:08.000000000 -0500 -@@ -19,7 +19,7 @@ - #include <stdarg.h> - #include <time.h> - --#define RBT_VERSION 0.8 -+#define RBT_VERSION 0.9 - #define BNAME_LEN 80 - - /* implementation dependend declarations */ -@@ -421,7 +421,7 @@ - - statusEnum insert(keyType key, recType *rec) { - nodeType *current, *parent, *x; -- keyType tmpkey; -+ //keyType tmpkey; - recType tmprec; - int ret; - -@@ -433,6 +433,23 @@ - current = root; - parent = 0; - while (current != NIL) { -+ if (compEQ2(current->key, key, rec->ipmax)) { // current node key is inside new range to be inserted -+ strcpy(tmprec.blockname, rec->blockname); // block name from new range -+ if (compLT(current->rec.ipmax, rec->ipmax)) -+ tmprec.ipmax = rec->ipmax; -+ else tmprec.ipmax = current->rec.ipmax; -+ tmprec.hits = 0; -+ //printf("deleting node :%lu\n", current->key); -+ ret=delete(current->key); -+ if ( ret != STATUS_OK ) -+ return(ret); -+ ret=insert(key, &tmprec); -+ if ( ret == STATUS_OK ) { -+ printf("new merge\n"); -+ return(STATUS_MERGED); -+ } -+ else return(ret); -+ } - if (compEQ(key, current->key)) { - if ( rec->ipmax > current->rec.ipmax ) { - current->rec.ipmax=rec->ipmax; -@@ -458,7 +475,7 @@ - } - } - //check if higher ip (ipmax) is already in a range -- if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) { -+ /*if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) { - fprintf(logfile,"higher ip in range\n"); - tmpkey=key; - strcpy(tmprec.blockname,current->rec.blockname); -@@ -470,7 +487,7 @@ - if ( ret == STATUS_OK ) - return(STATUS_MERGED); - else return(ret); -- } -+ }*/ - parent = current; - current = compLT(key, current->key) ? - current->left : current->right; -@@ -495,7 +512,7 @@ - } else { - root = x; - } -- -+ //printf("new node, key: %lu, parent: %lu\n", x->key, parent ? parent->key : 0); - insertFixup(x); - lastFind = NULL; - diff --git a/abs/extra/community/moblock/moblock_include.patch b/abs/extra/community/moblock/moblock_include.patch deleted file mode 100644 index 644e824..0000000 --- a/abs/extra/community/moblock/moblock_include.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- MoBlock-0.8/MoBlock.c.orig 2008-08-15 14:41:49.000000000 -0400 -+++ MoBlock-0.8/MoBlock.c 2008-08-15 14:43:45.000000000 -0400 -@@ -32,6 +32,7 @@ - #include <netinet/udp.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
-+#include <limits.h>
- #include <linux/netfilter_ipv4.h>
- #include <signal.h>
- #include <regex.h>
|