2010-02-22

Whitelisting Ports in MoBlock on Ubuntu Linux

Bottom line: Instructions for white-listing ports in MoBlock (at least on Ubuntu Linux) is here.

You know, when I used to use a Mac, I had Little Snitch set up to keep an eye on outbound network traffic. Now on Ubuntu Linux, I use MoBlock with the Mobloquer GUI control program to sort of keep an eye on outbound traffic.

"Sort of" because all I've done is select certain lists of IPs to block (hasn't hurt to block the ones to known malware servers, for example). It's not as informative or as easy to use as Little Snitch, but the alternative is to use nothing (and keep factors like ease of use, time to set up, etc, in mind).

Unfortunately, it also blocks a bunch of ports I need for my messaging and email programs to contact the servers.

In Mobloquer, there is a helpful Settings tab with options to white-list certain IPs and ports. Unfortunately, the standard ports it provides checkbox settings for are not the ports I need open for email and messaging to work. So instead, I white-list certain IPs.

The "Whitelist IPs" button brings up another helpful window where I could enter an IP, or I could enter a domain name (eg, imap.google.com) and resolve it to its IP address then white-list it. This happily worked for many months.

Until for some reason, Google's the IP that imap.google.com resolves to started changing about every 15 minutes or so. Now my lazy technique of white-listing IPs no longer worked. I had to figure out how to white-list the port instead, but there's no easy GUI window for that in Mobloquer (and recall the standard choices given doesn't work because Google and some other servers I connect to use non-standard ports).

So I had to look up instructions for it. The two important lines are:
gksu gedit /etc/blockcontrol/blockcontrol.conf
and edit this line to include all the ports you need
WHITE_TCP_OUT="http https"
and restart the blockcontrol
blockcontrol restart
It's pretty easy, but it would've been nice if a window for that was available in the Mobloquer GUI (although I can see that it could be easily confused and mistaken by users who don't understand what it's for, then used to white-list every common port, rendering the whole program useless).

No comments: