Linux: Installing ipblock/iplist and configuring autostart

*Update 5/1/2014* This post has been superceeded by
"Linux: Installing Peer Guardian 2; an IP blocker like PeerBlock for Windows".

---

iplist/ipblock is a great little tool for Linux which protects you from "bad connections", pretty much what PeerGuardian/PeerBlock does for Windows.

I had a bit of trouble getting it to run properly, and considering how many posts there were about it I figured I'd write a post to help out some people.

Depending on your base version of Linux, add the sources.list in the repository list given here. (It's kept more up to date than this blog post)

Remember to import the signed keys too!

Note: If you're not comfortable with using "vim", feel free to replace any following commands with "gksu gedit" instead.

Once you've done that, put yourself on superuser mode and prepare to get down and dirty with the terminal.

su
apt-get update
apt-get install iplist

Once it's done installing, copy the default setting files over:

cp /usr/share/doc/iplist/examples/ipblock.lists /etc
cp /usr/share/doc/iplist/examples/ipblock.conf /etc

Now to edit the configuration files:

vim /etc/ipblock.conf
  • Change AUTOSTART to "Yes".
  • Remove any lists you don't want from BLOCK_LIST (at minimum keep "level1" and "bogon")
  • Any event information is logged in "/tmp/ipblock.log"
  • Your downloaded list files are stored in "/var/cache/ipblock"

Now edit the list files:

vim /etc/ipblock.lists

Replace the "bluetack.co.uk" entries for the lists you want to keep (in BLOCK_LIST) with the corresponding URL from iblocklists. From my experience, iblocklists.com is updated more often and more reliable than bluetack.

Now to download the lists. You can either use the terminal or the GUI ("Menu" > "Internet" > "IP Block" > click "Update" at the top)

ipblock -u

Then remember to get out of superuser mode.

exit

Restart your computer to check if the AUTOSTART is running properly!

Problems?

TrollFace

If ipblock is preventing your computer from accessing the internet after a reboot (preventing outbound connections, connection into your computer, not pinging correctly, etc) then I'm assuming that you're using wireless/WiFi.

This took a few days for me to figure out but the reason why this is happening is because the wireless takes a moment to connect.

This "moment" is long enough for ipblock to start via the init.d daemon script. It loads up ip_tables, then realises there are no active connections to filter and exits.

This issue will also cause the download of your list files to fail.

ipblock[####]: error: update of level1.gz failed

ipblock[####]: error: update of bogon.gz failed

ipblock[####]: error: update of edu.gz failed

Even though checking the status of ipblock will say it's not running:

sudo ipblock -l
ipblock[####]: error: IPblock is not running

Starting it manually after the WiFi has connected will fix everything, whoever this is not ideal.

To fix this, you'll have to add a short delay before ipblock starts.

sudo vim /etc/init.d/ipblock

Now add in "sleep 30" after "start)":

case "$1" in
start)
    sleep 30
    log_daemon_msg "Starting $DESC" "ipblock"
...

Save, reboot and test.

All is well. Time to embrace your victory ...

funny-hilarious-awesomeness-0
LIKE A BOSS

Sources

 
Copyright © Twig's Tech Tips
Theme by BloggerThemes & TopWPThemes Sponsored by iBlogtoBlog