iplist is a list based packet handler which uses the netfilter netlink-queue library (kernel 2.6.14 or later). It filters by IP-address and is optimized for thousands of IP-address ranges.
Some typical reasons for using iplist are:
* to protect your privacy while sharing with others
* to ban unwanted clients from servers
* to block whole countries or networks
* to block spam- and ad-servers
I took the fedora 9 source rpm and compiled it without issues. It requires changes to the /etc/rc.d/ipblock and /etc/ipblock.conf to run. I am including links to the changed files.
Changes:
/etc/rc.d/ipblock used fedora functions calls. These were changed to rc_status calls.
/etc/ipblock.conf was changed to allow normal traffic for http, https, ftp, ssh, ports 8000, 8080 and 3128 for use of external proxies for both local and forward traffic. (should work out of the box for most folks)
The only file missing is the i686 version of iplist and thats because it’s on my laptop in the car…you can compile it using “rpmbuild --rebuild iplist*.src.rpm” once you have the libraries and their devel packages installed. If someone compiles it perhaps they could upload to 2shared or wherever and post the link.
Hope someone finds this useful. IPlist has a java based GUI which makes configuring it quite easy. You can get to it by running “ipblock -g”. More details can be found on the homepage including a faq. From the gui you can run “Update” and it will download recommended lists and set them to update every 2 days. You can also make it auto start or not etc.
do you notice any slow-down? Being Java based, i would say it eats up a considerable amount of CPU, i havent tried it though, thats why i was interested in your opinion about this.
I previously used moblock. Only the configuration app is java…the filtering is done via iptables just like moblock. The only difference I’ve noticed is it’s a heck of a lot easier to setup iplist then to get moblock configured right. Moblock doesn’t have any suse rpm’s either. You do NOT need to keep the java app running.
ah now i understand, def this is a great application! Its a shame that PeerGuardian is not available for Linux!!
What about writing down your tutorial in a wiki page? I’m sure several people are looking for something like this and are not aware of the existence of this application
I think I’ll wait until I see if I can get proper rpm’s for suse built that already contain all the needed changes…this will make the process simpler. I wanted, however to go ahead and make the information available to folks who might need it. Ideally it would be great if the app could be placed into the opensuse build service.
moblock while an excellent app still requires you to manually setup the script to auto download the lists and for me occasionally just stopped filtering for no apparent reason. In the moblock forum I modified the fedora scripts there too to allow them to run under suse but never had an integrated rpm for it.
Thanks for the feedback. Hope someone can use the information.
Ok…I’ve modified the spec file of the fedora rpm to include the changed rc.d config file and the ipblock.conf file needed for suse. Please note that the /etc/rc.d/ipblock file will NOT show up until after you run ipblock once via command line or gui as it checks the config file for autostart=yes and copies the file if it doesn’t exist. Let me know if you run into issues.
I just run azureus, download the level1 from bluetack.co.uk/config
point to the .txt file in the options-IPFilters in azureus
I know there is a IPFilter plugin- but I don’t find it as good!
I have dht disabled and so get very few blocks most of the time, I mostly pick up stuff from private sites.
If you enable dht, the IP blocks go crazy.
I know some have been using utorrent and using the emule .dat file for IP blocking
And that option is fine if torrents are the only p2p you are doing and if you only have 1 app on 1 pc you are using it on. iplist (and moblock) similar to peerguardian protect the entire system (or an entire network if on the gateway pc) vs protecting a specific application. If I log onto gnutella via gtk-gnutella I’m protected. If I log onto soulseek for music, I’m protected. If my windows machine in the other room gets an app trying to phone home on some odd port I’m protected.
Stopping things at the front end is much more efficient then 6 different apps all trying to download an ip filter list at random times and staying in sync. You can also use it for ad blocking.
Yes, I should have read more carefully the start of the thread.
I’m just one machine. ADSL to the net via netgear DG834GT.
Ideally I would love to have a small linux box doing the netgear’s job, I could then congfigure as you describe and much more too.
My Son provides the server that hosts all my web sites so I really don’t need the additional expense at home and certainly can’t justify the expense (if you know what I mean).
Unfortunately, although my Son is very good with Linux and he works with it in his IT job, he still runs a microsoft exchange and is a total WOW nut amongst other stuff, and just can’t break free from M$.
It should run on any version of suse. I compiled it under opensuse 11 x86_64 and will be uploading the 32 bit rpm from my laptop later this morning. You will still need libnetfilter_queue, libnfnetlink and both their devel packages to compile the rpm. You don’t need the devel packages, just the main ones to just install the precompiled rpm.
Has anyone tried to add it at the startup (boot time) ?
I suppose adding the line *ipblock -s *in /etc/init.d/boot.local could work. There is a Autostart checkbox in the GUI but it just means that the ip filtering is autostarted when the GUI starts.
It does run automatically at bootup. Once ipblock has been copied to /etc/rc.d (which happens the first time you run ipblock) that gets ran on each bootup and the very top of it checks if it should autostart:
case "$AUTOSTART" in
[Nn]*|"")
exit 0
;;
esac
You can check if it’s running by doing a “ps aux | grep ipblock” and you should see this:
Did you check under system runlevels to make sure ipblock is enabled for your runlevel? You do not need to run the gui AT ALL if you don’t want to and you certainly don’t need to run it each time to start ipblock…the gui’s ONLY purpose is to do config changes and even those can be done by editing the .conf file manually from command line.
