net-misc/moblock: Fixes and Enhancements

svn path=/sunrise/; revision=9162
author: Daniel Santos (javamonger) <daniel.santos@pobox.com> 2009-09-03 20:36:13 +0000
committer: Daniel Santos (javamonger) <daniel.santos@pobox.com> 2009-09-03 20:36:13 +0000
commit: ef51b06d347126567d696c3e2c90b27377213787 (patch)
tree: 6fdac896dc97f1fbd3ca8229a41ea4a802d75296
parent: media-radio/ibp: tested on amd64 (diff)
download: sunrise-ef51b06d347126567d696c3e2c90b27377213787.tar.gz
sunrise-ef51b06d347126567d696c3e2c90b27377213787.tar.bz2
sunrise-ef51b06d347126567d696c3e2c90b27377213787.zip
17 files changed, 961 insertions, 292 deletions
diff --git a/net-misc/moblock/ChangeLog b/net-misc/moblock/ChangeLog
index 7f5ccbeaf..6c6578a87 100644
--- a/net-misc/moblock/ChangeLog
+++ b/net-misc/moblock/ChangeLog
@@ -1,7 +1,57 @@
 # ChangeLog for net-misc/moblock
-# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+*moblock-0.8-r2 (03 Sep 2009)
+
+  03 Sep 2009; Daniel Santos (dansan) <daniel.santos@pobox.com>
+  +files/moblock-0.8-fix-broken-compile.patch, -files/0.8-r1/confd,
+  -files/0.8-r1/initd, +files/0.8-r2/init.d, +files/0.8-r2/logrotate,
+  +files/0.8-r2/moblock.minimal.example, files/moblock-0.8-makefile.patch,
+  +files/0.8-r2/moblock.normal.example,
+  +files/moblock-0.8-rename-stats-file.patch, -files/0.8-r1/moblock-stats,
+  -files/0.8-r1/moblock-update, +files/0.8-r2/moblock.paranoid.example,
+  +files/0.8-r2/moblock-stats, +files/0.8-r2/moblock-update,
+  -moblock-0.8-r1.ebuild, +moblock-0.8-r2.ebuild,
+  +files/moblock-0.8-fix-nfq_unbind_pf-error.patch, metadata.xml:
+  See bug #143535 for discussion and history.
+  * Fixed broken scripts by sourcing functions.sh from /etc/init.d instead
+    of /sbin since it was moved in >sys-apps/baselayout-2.0.0 (thanks also
+    to Zorzo Luca <lucazorzo@gmail.com> and Santiago M. Mola)
+  * Fix compiler error "'INT_MIN' undeclared here (not in a function)" by
+    manually including limits.h, although this appears to have been a bug
+    in sys-kernel/linux-headers (thanks also to Zorzo Luca).
+  * Fix error "iptables: No chain/target/match by that name" by adding
+    NETFILTER_XT_MATCH_STATE to CONFIG_CHECK (thanks to Zorzo Luca).
+  * Fix error "error during nfq_unbind_pf()" on 2.6.23 and later kernels
+    (it is actually expected now and ignored).
+  * Added options to specify additional white and black list ranges via
+    {WHITE,BLACK}_IP_{IN,OUT,FORWARD} variables in conf.d (thanks to Alan
+    Pastor <t7gt7g@gmail.com> and From Gabriel Devenyi <ace@staticwave.ca>).
+  * moblock-update will spend less time on servers that are down (happens a
+    lot). This can be tweaked via WGET_EXTRA_OPTIONS in /etc/conf.d/moblock.
+  * Modified the overall scheme that moblock-update uses so we can include
+    iblocklist.org as a mirror, which likes to prepends "bt_" to their file
+    names.
+  * Renamed "templist" blocklist to "badpeers" in conf.d to match change on
+    servers.
+  * Added new blocklists "gnutella" and "webexploit-forumspam" to conf.d.
+  * Added new files /etc/conf.d/moblock.{minimal,normal,parinoid}.example.
+    By default, the "normal" version is copied to /etc/conf.d/moblock during
+    install.
+  * Added USE flag "logrotate" USE flag that installs an
+    /etc/logrotate/moblock file and pulls in app-admin/logrotate (thanks to
+    Peter Avramucz <muczyjoe@gmail.com> and Marc Elser
+    <melser_regs@gmxpro.net>)
+  * Added USE flag "network-cron" which installs a link to moblock-update in
+    /etc/cron-weekly.
+  * Added USE flag "paranoid" use flag that changes the cron job to daily
+    and causes the parinoid configuration file to be used in conf.d.
+  * Modified moblock-stats slightly because in some cases tail is claiming
+    it can't find file - (dash) when redirecting that file to it.
+  * Modified ebuild to restart moblock after install if moblock is running.
+  eat me
+
   21 Mar 2008; Jakub Moc <jakub@gentoo.org> moblock-0.8-r1.ebuild:
   Fix pkg_postinst
 
diff --git a/net-misc/moblock/Manifest b/net-misc/moblock/Manifest
index dfe4d7ef2..93c28db60 100644
--- a/net-misc/moblock/Manifest
+++ b/net-misc/moblock/Manifest
@@ -1,9 +1,15 @@
-AUX 0.8-r1/confd 2943 RMD160 a288c9fc1c78136d1c79941f951287ccdfbe05a5 SHA1 dee0747b843b5e07da84fb99d6170fc68534abc6 SHA256 620a6071f3cb19f355fa2baae634577d68557702aa4adfe670a8afe0e7e75674
-AUX 0.8-r1/initd 2664 RMD160 fbace6642fd3d8a6f062ccac37ee60494049f322 SHA1 b001a7c815e627b1f12e170d7a2e6605bf39997e SHA256 8642a30eac4d66d7ecf2c97177757ab6e1a98e9285fe3138227ea61c59abe1b8
-AUX 0.8-r1/moblock-stats 1157 RMD160 877b9283003c3f64805363cb4cd469a30b5dfdd9 SHA1 cc83e59ec5e45c508d853d72255da110a487118f SHA256 5a3490d11d523d2c00e169efd965be068fcd8ee423e12221c1143b70ecb8f308
-AUX 0.8-r1/moblock-update 3921 RMD160 557647c4926f8935edce7b706b05d0fc53ee8182 SHA1 2793cc93df72827e104bd9f888f9867aa344d4ee SHA256 ddd095267130df35feb3fb5a905b893ff7afd133e525421174f622245eeebbd8
-AUX moblock-0.8-makefile.patch 825 RMD160 1fc36ed1c33267a391d2daffaff5c60043c69017 SHA1 260c99a69a6aa7a3df697330898783b98e72e072 SHA256 0d780e33c7f762d62ee9223b072b3ac0ccbf52e81934a4d505933528b3d48ca7
+AUX 0.8-r2/init.d 3291 RMD160 4c150c9c5af5855a2e5069fe4e582ceb84481ebe SHA1 e301ca0125e95711c1e514965d48d6b7a45ff3a3 SHA256 d9df0687b6d96cf7e16b5f9fcfee2c6898e1ad9d90af4072afb5f681c61078fd
+AUX 0.8-r2/logrotate 507 RMD160 8f832b68297f3b56acf645bf781c971cd5dd863d SHA1 45a305909dc30408300f2ff17434dafcdf2ef718 SHA256 37b358df66a8c9fe459eef07ac1628d18e310ef5513ec96cc877a614cfbda7da
+AUX 0.8-r2/moblock-stats 1563 RMD160 5578b63648dac38410bc332f35d33b648a28c228 SHA1 a0def11fd30bbf5af8d4c571099110591acdee76 SHA256 e377f51339353cac058034ca293b4fdbff36860e3190a03c7a814ee08d10ed12
+AUX 0.8-r2/moblock-update 8227 RMD160 8b5f7bfd1b3131e4248d3df27eb26fa5a1eeaa8e SHA1 aee2246b2d75a3c6a306f04609f49e8d03ae9975 SHA256 5fbd331a901bdaf6fe5c8204f90c67fdf7c0a813531908f87e7716dc518c1106
+AUX 0.8-r2/moblock.minimal.example 4419 RMD160 5ce2437d1bfbf09a05abed368afd65b213de6046 SHA1 07926be0b40d55a7e930de7d1683769a9d14c23c SHA256 bd9805943bc6df6780fee3bcaf820f3fbefa01657b7c7be45f4edc21ef9f8a81
+AUX 0.8-r2/moblock.normal.example 4206 RMD160 40b651546bbf92aa153d1ca6f8e7bdcde98780b3 SHA1 46229c883092a030b73a686a925e5a19ec5ca448 SHA256 7132e85a20df2e47fb908d6f5ab0ed2a8f2b4b568cf99bf9819fad1a9b8a6cd0
+AUX 0.8-r2/moblock.paranoid.example 4332 RMD160 654c8bc3f6fc2ee778129c2b0085988b6e4e5553 SHA1 0e4b20a23256a69b18d26922d611b42d84533bb9 SHA256 f4db345d9f3dadfc0b7bfb4350493fbfd70473ef82e3e2ffbd8679422c55f6fd
+AUX moblock-0.8-fix-broken-compile.patch 351 RMD160 23653999eaeb893791a65d1cc180ec4798debe7b SHA1 5ab9365d5025772b78d25fa7fd694c19fce3afa7 SHA256 656434d27f4b749553b581ca2eae0d23789cfa4b034af3d8b7a2d64995a0f02f
+AUX moblock-0.8-fix-nfq_unbind_pf-error.patch 615 RMD160 59734a3e704b12abbaacef0c1e461ba839f4c014 SHA1 b860ae288d315b012266fee4fdfe43645a9174be SHA256 8f21a5f6edb69f6d501ce6395302f86203e3f6f857dd228adfc1919d35165878
+AUX moblock-0.8-makefile.patch 853 RMD160 db5143301e9bead74090d42f9e66936ebc96417d SHA1 119e587f5f50964214c0bfd45ce844e5a95ac41c SHA256 927c6b7da2ef2bbe522f6a530125ee0d6235e052d6f81b1405b6e913f431bbb0
+AUX moblock-0.8-rename-stats-file.patch 2051 RMD160 e7e395ffef153e72640b0b98fbc65ba28652230f SHA1 3917f61cc1cb40ca952e37d088c8eb7de5b4aff2 SHA256 cd63be8f9783ee4254e7eac8524888fc3b240cb8c2f3d4fa3e9d50dc27a4f173
 DIST MoBlock-0.8-i586.tar.bz2 18553 RMD160 2190cfb55977ad23176ddb43e410ee5d9293a518 SHA1 e9e7b47622eb606b6c429fc507fc50d0c037487e SHA256 30d6d56fe72606ffa308fb8e6edd44c2b1806dfa4da8a13bde046964601fd904
-EBUILD moblock-0.8-r1.ebuild 1641 RMD160 6a5501522544402ceeaa2fb9113c6798297b7bee SHA1 8d6004bfbe1f65c48e242db1b77895c7d4802881 SHA256 838f6f7f7f07df32506a85d2bb1eeffdc810c3b37f85bb8c7a069f93bbec875c
-MISC ChangeLog 2277 RMD160 8a71cd8f8e38f5f21f3162065c748822c4063be8 SHA1 6b2255d0a42cacdba679503cec5dd88b8d78ad43 SHA256 5eb70be25232bc72eec390165ced94f5593f366734679e958779bf6fa4f2e134
-MISC metadata.xml 170 RMD160 645927a396fdc21cdeb089fe42c5397332420ea6 SHA1 ac7f48a14fec325926f9ce1be8fbf1f311b4f2e4 SHA256 d797a2ec6f9dc516c9f9c1a758ee87ad3e8c43101b5dc76c2f872d5bd4639b42
+EBUILD moblock-0.8-r2.ebuild 2979 RMD160 5b1de6a9b82c21369e911433662b28b8b7c2500d SHA1 f5fa4140c6ad3edb1f9812799d0e16c5e5207c91 SHA256 2a3451dc2ed9145ebdd0ee6342445cb9929ba19d1332bd95a4078b669f8eb7b2
+MISC ChangeLog 5229 RMD160 8a4099f35d8266cbb8008e24f47cb23b538563ae SHA1 593a8c5457ec30bfbd38252e373d8678551f3a50 SHA256 59802607d113288bd81da3be304718c3f8dc36c22a2671f6f172346f992e4fea
+MISC metadata.xml 438 RMD160 ba8f8160888e20ee14e19b1f03e850ea4f51d580 SHA1 cf9eb35e84f9c5897d3b5a60a2d6a8830128190f SHA256 ea8e7fbe5303388357b94705bc312740b012b5a058f881367066c5223d56936b
diff --git a/net-misc/moblock/files/0.8-r1/moblock-update b/net-misc/moblock/files/0.8-r1/moblock-update
deleted file mode 100644
index eb5415765..000000000
--- a/net-misc/moblock/files/0.8-r1/moblock-update
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/bin/bash
-
-source /etc/conf.d/moblock
-source /etc/init.d/functions.sh
-
-log_file=/var/log/moblock-update.log
-tmp_dir=/tmp/moblock-update.$$ 
-
-typeset -i successful_dl_count=0
-typeset -i failed_dl_count=0
-typeset -i FAIL=0
-
-cleanup() {
-	log_msg "$0 exiting.
-
--------------------------------------------------------------------------------
-
-
-"
-	rm -rf ${tmp_dir}
-}
-
-die() {
-	eerror "Update failed: $@" | tee -a ${log_file}
-	eerror "See /var/log/moblock-update.log for details."
-	cleanup
-	exit 1;
-}
-
-log_msg() {
-	echo -e "$(date): $@" >> ${log_file}
-}
-
-init() {
-	if [ -z "${BLOCKLISTSERVERS}" ]; then
-		eerror "There is no BLOCKLISTSERVERS defined in /etc/conf.d/moblock."
-		eindent
-		eerror "Please set this variable to the list of servers you wish to"
-		eerror "download from."
-		eoutdent
-		
-		FAIL=1
-	fi
-
-	if [ -z "${BLOCKLISTS}" ]; then
-		eerror "There is no BLOCKLISTS defined in /etc/conf.d/moblock."
-		eindent
-		eerror "Please set this variable to the lists you wish to use."
-		eoutdent
-		
-		FAIL=1
-	fi
-
-	if [ -z "${BLOCKLISTFILE}" ]; then
-		eerror "There is no BLOCKLISTFILE defined in /etc/conf.d/moblock."
-		eindent
-		eerror "Please set this variable to the file you wish to output the"
-		eerror "merged block list to."
-		eoutdent
-		
-		FAIL=1
-	fi
-
-	if [ -z "${BLOCKLISTDIR}" ]; then
-		eerror "There is no BLOCKLISTDIR defined in /etc/conf.d/moblock."
-		eindent
-		eerror "Please set this variable to the directory you wish to store"
-		eerror "the downloaded lists in."
-		eoutdent
-		
-		FAIL=1
-	fi
-
-	[ ${FAIL} -eq 0 ] || die "invalid configuration"
-}
-
-# Iterate through servers until we get one to work or they all fail.
-getAFile() {
-	local tmp_file=${tmp_dir}/${1}.wget.log
-	for base_url in ${BLOCKLISTSERVERS}; do
-		log_msg "Attempting to downloading ${1}.${BLOCKLISTSUFFIX} from location ${base_url}"
-		if wget -P ${BLOCKLISTDIR} \
-				-N ${base_url}/${1}.${BLOCKLISTSUFFIX} \
-				-a ${tmp_file}; then
-			rm ${tmp_file}
-			return 0
-		fi
-	done
-
-	log_msg "Failed to download ${1}.${BLOCKLISTSUFFIX}.
-${BAD}wget output ---------->${NORMAL}
-$(cat ${tmp_file})
-${BAD}<---------- end of wget output${NORMAL}"
-	rm ${tmp_file}
-	return 1
-}
-
-getBlocklists() {
-	einfo Downloading lists...
-	eindent
-
-	for i in ${BLOCKLISTS}; do
-		ebegin "Downloading ${i}" | tee -a ${log_file}
-
-		if getAFile $i; then
-			successful_dl_count=${successful_dl_count}+1
-			eend 0 | tee -a ${log_file}
-		else
-			failed_dl_count=${failed_dl_count}+1
-			eend 1 | tee -a ${log_file}
-		fi
-	done
-
-	eoutdent
-
-	if [ ${failed_dl_count} -ne 0 ]; then
-		if [ ${successful_dl_count} -eq 0 ]; then
-			die "All downloads failed"
-		else
-			ewarn "WARNING: ${failed_dl_count} downloads failed!  See /var/log/moblock-update.log" \
-				| tee -a ${log_file}
-			ewarn "for details.  Previous blocklists will be used failed items." \
-				| tee -a ${log_file}
-		fi
-	fi
-}
-
-mergeFiles() {
-	einfo Unpacking and merging lists...
-	eindent
-
-	local new_p2p_file=${tmp_dir}/new.p2p
-
-	for i in ${BLOCKLISTS}; do
-		ebegin Merging ${i} | tee -a ${log_file}
-
-		gunzip -c ${BLOCKLISTDIR}/${i}.${BLOCKLISTSUFFIX} >> ${new_p2p_file} 2>>${log_file} \
-			|| die "Failed to extract list '${i}'"
-
-		eend $? | tee -a ${log_file}
-	done
-
-	mv ${new_p2p_file} ${BLOCKLISTFILE}
-
-	eoutdent
-}
-
-reloadList() {
-	moblock_pid=$(cat /var/run/moblock.pid 2>/dev/null)
-
-	if ps -p ${moblock_pid} > /dev/null 2>&1; then
-		einfo "Reloading block list"
-		kill -s HUP ${moblock_pid}
-		eend $? 
-	fi
-}
-
-main() {
-	mkdir -p ${BLOCKLISTDIR} || die "Failed to create dir ${BLOCKLISTDIR}."
-	mkdir -p ${tmp_dir} || die "Failed to create dir ${tmp_dir}"
-
-	einfo "Updating moblock..." | tee -a ${log_file}
-	eindent
-	log_msg "$0 initiated."
-
-	getBlocklists
-	mergeFiles
-	reloadList | tee -a ${log_file}
-
-	eoutdent
-	if [ ${failed_dl_count} -eq 0 ]; then
-		einfo "MoBlock update completed successfully." | tee -a ${log_file}
-	else
-		ewarn "MoBlock update partially successful." | tee -a ${log_file}
-	fi
-	cleanup
-}
-
-main
-
diff --git a/net-misc/moblock/files/0.8-r1/initd b/net-misc/moblock/files/0.8-r2/init.d
index ce07ae27c..9095fc3c6 100644
--- a/net-misc/moblock/files/0.8-r1/initd
+++ b/net-misc/moblock/files/0.8-r2/init.d
@@ -1,5 +1,5 @@
 #!/sbin/runscript
-# Copyright 1999-2006 Gentoo Foundation
+# Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: $
 
@@ -59,7 +59,29 @@ start() {
 	for PORT in ${WHITE_UDP_FORWARD}; do
 		iptables -I MOBLOCK_FW -p udp --dport ${PORT} -j ACCEPT
 	done
-
+	
+	# IP Blacklisting
+	for IP in ${BLACK_IP_IN}; do
+		iptables -I MOBLOCK_IN --source ${IP} -j DROP
+	done
+	for IP in ${BLACK_IP_OUT}; do
+		iptables -I MOBLOCK_OUT --source ${IP} -j DROP
+	done
+	for IP in ${BLACK_IP_FORWARD}; do
+		iptables -i MOBLOCK_FORWARD --source ${IP} -j DROP
+	done
+ 	
+	# IP whitelisting
+	for IP in ${WHITE_IP_IN}; do
+		iptables -I MOBLOCK_IN --source ${IP} -j RETURN
+	done
+	for IP in ${WHITE_IP_OUT}; do
+		iptables -I MOBLOCK_OUT --destination ${IP} -j RETURN
+	done
+	for IP in ${WHITE_IP_FORWARD}; do
+		iptables -I MOBLOCK_FW --source ${IP} -j RETURN
+		iptables -I MOBLOCK_FW --destination $IP -j RETURN
+	done
 
 	# Loopback traffic fix
 
@@ -98,7 +120,6 @@ cleanup_iptables() {
 }
 
 stop() {
-	
 	ebegin "Stopping MoBlock"
 	start-stop-daemon --stop --pidfile ${PIDFILE}
 	eend ${?}
diff --git a/net-misc/moblock/files/0.8-r2/logrotate b/net-misc/moblock/files/0.8-r2/logrotate
new file mode 100644
index 000000000..6a25a6dd2
--- /dev/null
+++ b/net-misc/moblock/files/0.8-r2/logrotate
@@ -0,0 +1,30 @@
+/var/log/moblock-update.log {
+        rotate 12
+        monthly
+        compress
+        delaycompress
+        missingok
+        notifempty
+}
+
+/var/log/moblock.stats {
+        rotate 12
+        monthly
+        compress
+        delaycompress
+        missingok
+        notifempty
+}
+
+/var/log/moblock.log {
+        rotate 12
+        weekly
+        compress
+        delaycompress
+        missingok
+        notifempty
+        postrotate
+                kill -USR1 `cat /var/run/moblock.pid`
+        endscript
+}
+
diff --git a/net-misc/moblock/files/0.8-r1/moblock-stats b/net-misc/moblock/files/0.8-r2/moblock-stats
index 06a7df1ae..037347f5f 100644
--- a/net-misc/moblock/files/0.8-r1/moblock-stats
+++ b/net-misc/moblock/files/0.8-r2/moblock-stats
@@ -1,11 +1,20 @@
 #!/bin/bash
-
+# Copyright 1999-2009 Gentoo Foundation
+#           2008-2009 Daniel Santos (daniel.santos@pobox.com)
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+#
+# Output statistics from MoBlock daemon.
+#
 # This script is screwy enough that it deserves some documentation.  To get
 # statistics from the moblock daemon, you send it SIGUSR2 (man signal(7) for
 # more info).  This causes moblock to output the statistics to
-# /var/log/MoBlock.stats.  So this suicidal script sends SIGUSR2 to Moblock,
+# /var/log/moblock.stats.  So this suicidal script sends SIGUSR2 to Moblock,
 # scrapes the .stats file and sends SIGINT to it's self when it finds text
-# that indicates the end of the report has been reached.
+# that indicates the end of the report has been reached. tail is started
+# with --pid=$$ so we're sure it dies when we do and read_stat_log will
+# actually terminate normally, after telling it's parent to go away (typical
+# teen).
 #
 # It's screwy, but effective.
 
@@ -13,7 +22,7 @@ source /etc/conf.d/moblock
 source /etc/init.d/functions.sh
 
 moblock_pidfile=/var/run/moblock.pid
-stat_log_name=/var/log/MoBlock.stats
+stat_log_name=/var/log/moblock.stats
 
 die () {
 	eerror "$@"
@@ -26,7 +35,7 @@ read_stat_log() {
 			echo 
 			einfo End of statistics
 			echo
-			kill -s INT $1
+			kill -s SIGINT $1
 			return
 		else
 			echo "$REPLY"
@@ -38,10 +47,10 @@ if [ ! -f "${moblock_pidfile}" ]; then
 	die "MoBlock not running."
 fi
 
-tail --pid=$$ --lines=0 -f < ${stat_log_name} | read_stat_log $$ &
+tail --pid=$$ --lines=0 -f ${stat_log_name} | read_stat_log $$ &
 
-# Make sure tail starts before we send SIGUSR2
-sleep 0.125
+# Try to make sure tail starts before we send SIGUSR2
+sleep 0.5
 echo
 einfo Requesting stats from MoBlock daemon...
 echo
diff --git a/net-misc/moblock/files/0.8-r2/moblock-update b/net-misc/moblock/files/0.8-r2/moblock-update
new file mode 100644
index 000000000..7c2e19517
--- /dev/null
+++ b/net-misc/moblock/files/0.8-r2/moblock-update
@@ -0,0 +1,281 @@
+#!/bin/bash
+# Copyright 1999-2009 Gentoo Foundation
+#           2008-2009 Daniel Santos (daniel.santos@pobox.com)
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+#
+# Update script for moblock.
+#
+# The general contract of this script is that it will attempt to download all
+# blocklists.  If a blocklist fails to download, or download correctly (i.e.,
+# partial dl, etc.), and an older version of the list exists, it will not be
+# overwritten.  If one or more blocklists fail to download, but a previous
+# version of that list is present in the cache, the script will re-compile the
+# master list anyway and return zero.  However, if any of the list specified
+# in BLOCKLISTS are not present (or usable), the script will *not* replace the
+# existing master list, if there is one, and will not attempt to create one if
+# there wasn't one already.
+#
+# This assures that under no condition, the update results in a less secure
+# blocklist (aside from items being removed from one of the updated blocklists
+# themselves).  At the same time, if any of the lists can be updated at all
+# then it will be done.  These rules are especially important since some of
+# the lists seem to be unavailable quite a lot of the time.
+
+source /etc/conf.d/moblock
+source /etc/init.d/functions.sh
+
+log_file=/var/log/moblock-update.log
+tmp_dir=/tmp/moblock-update.$$ 
+
+typeset -i successful_dl_count=0
+typeset -i failed_dl_count=0
+typeset -i FAIL=0
+
+cleanup() {
+	rm -rf ${tmp_dir}
+	log_msg "$0 exiting.
+
+-------------------------------------------------------------------------------
+
+
+"
+}
+
+die() {
+	eend 1
+	eerror "Update failed: $@" | tee -a ${log_file}
+	eerror "Blocklist NOT updated. See /var/log/moblock-update.log for details."
+	cleanup
+	exit 1;
+}
+
+log_msg() {
+	echo -e "$(date): $@" >> ${log_file}
+}
+
+init() {
+	if [ -z "${BLOCKLISTURLS}" ]; then
+		eerror "There is no BLOCKLISTURLS defined in /etc/conf.d/moblock."
+		eindent
+		eerror "Please set this variable to the list of servers you wish to"
+		eerror "download from."
+		eoutdent
+		
+		FAIL=1
+	fi
+
+	if [ -z "${BLOCKLISTS}" ]; then
+		eerror "There is no BLOCKLISTS defined in /etc/conf.d/moblock."
+		eindent
+		eerror "Please set this variable to the lists you wish to use."
+		eoutdent
+		
+		FAIL=1
+	fi
+
+	if [ -z "${BLOCKLISTFILE}" ]; then
+		eerror "There is no BLOCKLISTFILE defined in /etc/conf.d/moblock."
+		eindent
+		eerror "Please set this variable to the file you wish to output the"
+		eerror "merged block list to."
+		eoutdent
+		
+		FAIL=1
+	fi
+
+	if [ -z "${BLOCKLISTDIR}" ]; then
+		eerror "There is no BLOCKLISTDIR defined in /etc/conf.d/moblock."
+		eindent
+		eerror "Please set this variable to the directory you wish to store"
+		eerror "the downloaded lists in."
+		eoutdent
+		
+		FAIL=1
+	fi
+
+	[ ${FAIL} -eq 0 ] || die "invalid configuration"
+}
+
+# Retrieves a single list file.
+#
+# Iterate through servers (url patterns) until we get one to work or they all
+# fail. This function copies existing list files to a temp directory first,
+# then uses wget with the --timestamping (-N) option to attempt download the
+# updated version over the temp copy.  This way, we only download if there is
+# really a newer version of the list file (which --timestamping would do
+# anyway) and, if a download begins and subsequently fails, we never clobber
+# existing list files with incomplete versions (which wget with --timestamping
+# could otherwise do).  The only downside to this approach is that we will
+# stop going through the list of servers when we find the first one that has
+# the file.  If, however, this file is older than a version on a server
+# further down in the list, we will never reach it because we consider a
+# download attempt where wget determined that the existing file is up to date
+# to be a successful attempt.  The only alternative to this is to check every
+# mirror, which just isn't an acceptable practice.
+#
+# In short, this function has the following guarantees:
+# * Files will only be downloaded when there is really a newer version
+#   available.
+# * Existing files are never clobbered until an updated version is completely
+#   and sucessfully downloaded.
+#
+# Returns:
+#   zero on success.
+#   non-zero on (normal) failure.
+#   calls die on catastrophic (unexpected) failure.
+getAFile() {
+	# output from wget is saved to tmp_log, but used only if a download fails
+	local tmp_log=${tmp_dir}/${1}.wget.log
+	# the list file name
+	local fn="${1}.${BLOCKLISTSUFFIX}"
+	local tmp_file="${tmp_dir}/${fn}"
+
+	# copy current list file (if it exists) to temp directory
+	if [ -f "${BLOCKLISTDIR}/${fn}" ]; then
+		cp -p "${BLOCKLISTDIR}/${fn}" "${tmp_dir}/${fn}" || die "cp failed."
+		# IBlocklist.org hack part 1: deal with file names having the "bt_"
+		# prefix appended to them.
+		cp -p "${tmp_dir}/${fn}" "${tmp_dir}/bt_${fn}" || die "cp failed."
+		log_msg "last modified $(stat -c %y ${BLOCKLISTDIR}/${fn})."
+	else
+		log_msg "file missing."
+	fi
+
+
+	for url_pattern in ${BLOCKLISTURLS}; do
+		local url="$(echo "${url_pattern}" |
+			sed "s/BLOCKLIST/${1}/g" |
+			sed "s/SUFFIX/${BLOCKLISTSUFFIX}/g")"
+		log_msg "Trying ${url}"
+
+		# Call wget with minimal failure tollerance so we don't hold up an
+		# update if a server is down, since we'll just proceed to the next one
+		# anyway.
+		if wget ${WGET_EXTRA_OPTIONS} \
+				--directory-prefix=${tmp_dir} \
+				--timestamping \
+				--append-output=${tmp_log} \
+				"${url}"; then
+
+			# IBlocklist.org hack part 2
+			if [ -f "${tmp_dir}/bt_${fn}" ]; then
+				if [    "${tmp_dir}/bt_${fn}" -nt "${tmp_dir}/${fn}" ]; then
+					mv	"${tmp_dir}/bt_${fn}"     "${tmp_dir}/${fn}" || die "mv failed"
+				else
+					rm  "${tmp_dir}/bt_${fn}"
+				fi
+			fi
+
+			# If we got a newer version of the file then move it over,
+			# otherwise, we'll save ourselves the IO
+			if [   "${tmp_dir}/${fn}" -nt "${BLOCKLISTDIR}/${fn}" ]; then
+				mv "${tmp_dir}/${fn}"     "${BLOCKLISTDIR}/${fn}" || die "mv failed"
+				log_msg "updated, new date is $(stat -c %y ${BLOCKLISTDIR}/${fn})."
+				echo -e " updated \c"
+			else
+				echo -e " current \c"
+				log_msg "current"
+			fi
+			rm "${tmp_log}"
+
+			return 0
+		fi
+	done
+
+	log_msg "Failed to download ${fn}.
+${BAD}wget output ---------->${NORMAL}
+$(cat ${tmp_log})
+${BAD}<---------- end of wget output${NORMAL}"
+	rm ${tmp_log}
+	return 1
+}
+
+getFiles() {
+	einfo Downloading lists...
+	eindent
+
+	for i in "$@"; do
+		ebegin "Checking ${i}" | tee -a ${log_file}
+		echo >> ${log_file}
+
+		if getAFile $i; then
+			successful_dl_count=${successful_dl_count}+1
+			eend 0 | tee -a ${log_file}
+		else
+			failed_dl_count=${failed_dl_count}+1
+			eend 1 | tee -a ${log_file}
+		fi
+	done
+
+	eoutdent
+
+	if [ ${failed_dl_count} -ne 0 ]; then
+		if [ ${successful_dl_count} -eq 0 ]; then
+			die "All downloads failed"
+		else
+			ewarn "WARNING: ${failed_dl_count} downloads failed!  See /var/log/moblock-update.log" \
+				| tee -a ${log_file}
+			ewarn "for details.  Previous blocklists will be used failed items." \
+				| tee -a ${log_file}
+		fi
+	fi
+}
+
+mergeFiles() {
+	einfo Unpacking and merging lists...
+	eindent
+
+	local new_p2p_file=${tmp_dir}/new.p2p
+
+	for i in ${BLOCKLISTS}; do
+		ebegin Merging ${i} | tee -a ${log_file}
+
+		gunzip -c ${BLOCKLISTDIR}/${i}.${BLOCKLISTSUFFIX} >> ${new_p2p_file} 2>>${log_file} \
+			|| die "Failed to extract list '${i}'"
+
+		eend $? | tee -a ${log_file}
+	done
+
+	mv ${new_p2p_file} ${BLOCKLISTFILE} || die "mv failed"
+
+	eoutdent
+}
+
+reloadList() {
+	moblock_pid=$(cat /var/run/moblock.pid 2>/dev/null)
+
+	if ps -p ${moblock_pid} > /dev/null 2>&1; then
+		einfo "Reloading block list"
+		# Force writing stats here since SIGHUP will reset them.
+		kill -s USR2 ${moblock_pid}
+		sleep 1
+		kill -s HUP ${moblock_pid}
+		eend $? 
+	fi
+}
+
+main() {
+	mkdir -p ${BLOCKLISTDIR} || die "Failed to create dir ${BLOCKLISTDIR}."
+	mkdir -p ${tmp_dir} || die "Failed to create dir ${tmp_dir}"
+
+	einfo "Updating moblock..." | tee -a ${log_file}
+	eindent
+	log_msg "$0 initiated."
+
+	getFiles ${BLOCKLISTS} ${WHITELISTS}
+	mergeFiles
+	reloadList | tee -a ${log_file}
+
+	eoutdent
+	if [ ${failed_dl_count} -eq 0 ]; then
+		einfo "MoBlock update completed successfully." | tee -a ${log_file}
+	else
+		ewarn "MoBlock update partially successful." | tee -a ${log_file}
+	fi
+	cleanup
+}
+
+main
+
+# vim: set ts=4
diff --git a/net-misc/moblock/files/0.8-r2/moblock.minimal.example b/net-misc/moblock/files/0.8-r2/moblock.minimal.example
new file mode 100644
index 000000000..c3a0bea39
--- /dev/null
+++ b/net-misc/moblock/files/0.8-r2/moblock.minimal.example
@@ -0,0 +1,150 @@
+# /etc/conf.d/moblock.minimal.example: Used by /usr/sbin/moblock{,-stats,-update}
+# This moblock configuration blocks only IP ranges that you should usually
+# NEVER need to communicate with, but does not protect against anti-p2p
+# activity. This is ideal for routers that connect windows machines to the
+# Internet, as it will prevent them from accessing web sites that can harm
+# their poor, pathetically delicate operating systems.
+
+ACTIVATE_CHAINS=1
+WHITE_TCP_IN=""
+WHITE_UDP_IN=""
+WHITE_TCP_OUT=""
+WHITE_UDP_OUT=""
+WHITE_TCP_FORWARD=""
+WHITE_UDP_FORWARD=""
+WHITE_IP_IN="91.186.30.235"         # Gentoo rSync
+WHITE_IP_OUT="91.186.30.235"        # Gentoo rSync
+WHITE_IP_FORWARD="91.186.30.235"    # Gentoo rSync
+BLACK_IP_IN=""
+BLACK_IP_OUT=""
+BLACK_IP_FORWARD=""
+
+TARGET="NFQUEUE"
+
+PIDFILE="/var/run/moblock.pid"
+LOGFILE="/var/log/moblock.log"
+
+# Do not edit WGET_EXTRA_OPTIONS without understanding how the getAFile
+# function in moblock-update works.
+WGET_EXTRA_OPTIONS="--tries=2 --timeout=30"
+
+# Valid values for BLOCKLISTTYPE:
+#     -d    blocklist is an ipfilter.dat file
+#     -n    blocklist is a peerguardian 2.x file (.p2b)
+#     -p    blocklist is a peerguardian file (.p2p)
+BLOCKLISTTYPE="-p"
+BLOCKLISTFILE="/var/db/moblock/guarding.p2p"
+
+# This is where blocklists will be downloaded to when performing updates.
+BLOCKLISTDIR="/var/cache/moblock"
+
+BLOCKLISTSUFFIX="gz"
+BLOCKLISTURLS="
+	http://www.bluetack.co.uk/config/BLOCKLIST.SUFFIX
+	http://www.bluetack.nl/bluetack/BLOCKLIST.SUFFIX
+	http://www.btack.info/bluetack/BLOCKLIST.SUFFIX
+	http://www.bluetack.info/temp/BLOCKLIST.SUFFIX
+	http://list.iblocklist.com/?list=bt_BLOCKLIST
+"
+
+# This mirror is broken, it doesn't return a real HTTP error code when it
+# fails.  If they fix it, we can re-add it to the above list.
+#	http://min.midco.net/jinx/bluetack
+
+# For more information on blocklists, go read
+# http://www.bluetack.co.uk/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Blacklists+FAQ
+
+# Recommended Exclusions (will be downloaded from one of the mirrors)
+WHITELISTS+="exclusions "
+
+##############################################################################
+# The Block Lists
+#
+# Select the lists below that you want to be block by commenting or
+# un-comminging them out.
+##############################################################################
+
+# Ad-Trackers and Bad Porn
+BLOCKLISTS+="ads-trackers-and-bad-pr0n "
+
+# People who have been reported for bad deeds in p2p (having files that
+# contain viruses, etc.) (ex templist)
+#BLOCKLISTS+="badpeers "
+
+# Bogon Addresses List
+BLOCKLISTS+="bogon "
+
+# DShield (http://www.dshield.org)
+BLOCKLISTS+="dshield "
+
+# Educational Institution Ranges
+#BLOCKLISTS+="edu "
+
+# LAN Blacklist 0.* 10.* and 192.168.* Ranges
+#BLOCKLISTS+="fornonlancomputers "
+
+# Stops spam, fakes and worms in the Gnutella net.
+#BLOCKLISTS+="gnutella "
+
+# Hijacked IP address blocks
+BLOCKLISTS+="hijacked "
+
+# IANA Multicast Addresses
+BLOCKLISTS+="iana-multicast "
+
+# IANA Private Addresses
+BLOCKLISTS+="iana-private "
+
+# IANA Reserved Addresses
+BLOCKLISTS+="iana-reserved "
+
+# Level 1
+# * anti-p2p companies / p2p trackers
+# * fake p2p file sources
+# * Government, Military, Science, Research Labs
+# * Bad Education facilities
+#BLOCKLISTS+="level1 "
+
+# Level 2 - Corporations (banks, financial institutions, etc.)
+#BLOCKLISTS+="level2 "
+
+# Level 3
+#BLOCKLISTS+="level3 "
+
+# All known Microsoft Corp and associated IP ranges from around the world.
+#BLOCKLISTS+="Microsoft "
+
+# Suspicious IP's that are under investigation.
+#BLOCKLISTS+="rangetest "
+
+# Webspiders and bots (includes Google, Yahoo!, et. al.)
+#BLOCKLISTS+="spider "
+
+# Spyware, adware, malware and trojans initiated from web sites.
+BLOCKLISTS+="spyware "
+
+# Trojans & port scanners.
+BLOCKLISTS+="trojan "
+
+# Bad Sites that use exploits and forums with a lot of spam.
+BLOCKLISTS+="webexploit-forumspam "
+
+# eMule "Normal" IP Filter - A compilation of the below lists.  Please DO NOT
+# use this in addition to any of the below.  You cannot mix and match .p2p and
+# .dat files anyway.
+# * Microsoft
+# * bogon
+# * fornonlancomputers
+# * hijacked
+# * iana-multicast
+# * iana-private
+# * iana-reserved
+# * level1
+# * level2
+# * badpeers
+#BLOCKLISTS+="nipfilter.dat "
+
+# eMule "Paranoid" IP Filter - A compilation of ALL of the above lists.  DO NOT
+# use this in addition to the above lists as you will just be wasting bandwidth.
+#BLOCKLISTS+="pipfilter.dat "
+
diff --git a/net-misc/moblock/files/0.8-r1/confd b/net-misc/moblock/files/0.8-r2/moblock.normal.example
index 5a701fc52..a9c57d1ce 100644
--- a/net-misc/moblock/files/0.8-r1/confd
+++ b/net-misc/moblock/files/0.8-r2/moblock.normal.example
@@ -1,17 +1,30 @@
+# /etc/conf.d/moblock.normal.example: Used by /usr/sbin/moblock{,-stats,-update}
+# This moblock configuration provides good protection against anit-p2p activity
+# while allowing maximal access to the Internet.
 
 ACTIVATE_CHAINS=1
-WHITE_TCP_IN=""
+WHITE_TCP_IN="ssh"
 WHITE_UDP_IN=""
-WHITE_TCP_OUT=""
+WHITE_TCP_OUT="ftp http https"
 WHITE_UDP_OUT=""
 WHITE_TCP_FORWARD=""
 WHITE_UDP_FORWARD=""
+WHITE_IP_IN="91.186.30.235"         # Gentoo rSync
+WHITE_IP_OUT="91.186.30.235"        # Gentoo rSync
+WHITE_IP_FORWARD="91.186.30.235"    # Gentoo rSync
+BLACK_IP_IN=""
+BLACK_IP_OUT=""
+BLACK_IP_FORWARD=""
 
 TARGET="NFQUEUE"
 
 PIDFILE="/var/run/moblock.pid"
 LOGFILE="/var/log/moblock.log"
 
+# Do not edit WGET_EXTRA_OPTIONS without understanding how the getAFile
+# function in moblock-update works.
+WGET_EXTRA_OPTIONS="--tries=2 --timeout=30"
+
 # Valid values for BLOCKLISTTYPE:
 #     -d    blocklist is an ipfilter.dat file
 #     -n    blocklist is a peerguardian 2.x file (.p2b)
@@ -23,26 +36,39 @@ BLOCKLISTFILE="/var/db/moblock/guarding.p2p"
 BLOCKLISTDIR="/var/cache/moblock"
 
 BLOCKLISTSUFFIX="gz"
-BLOCKLISTSERVERS="
-	http://www.bluetack.co.uk/config
-	http://www.bluetack.nl/bluetack
-	http://www.btack.info/bluetack
-	http://www.bluetack.info/temp
+BLOCKLISTURLS="
+	http://www.bluetack.co.uk/config/BLOCKLIST.SUFFIX
+	http://www.bluetack.nl/bluetack/BLOCKLIST.SUFFIX
+	http://www.btack.info/bluetack/BLOCKLIST.SUFFIX
+	http://www.bluetack.info/temp/BLOCKLIST.SUFFIX
+	http://list.iblocklist.com/?list=bt_BLOCKLIST
 "
-# This mirror is broken, it doesn't return a real HTTP error code when it fails.
+
+# This mirror is broken, it doesn't return a real HTTP error code when it
+# fails.  If they fix it, we can re-add it to the above list.
 #	http://min.midco.net/jinx/bluetack
 
 # For more information on blocklists, go read
 # http://www.bluetack.co.uk/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Blacklists+FAQ
 
-# All known Microsoft Corp and associated IP ranges from around
-# the world.
-BLOCKLISTS+="Microsoft "
+# Recommended Exclusions (will be downloaded from one of the mirrors)
+WHITELISTS+="exclusions "
+
+##############################################################################
+# The Block Lists
+#
+# Select the lists below that you want to be block by commenting or
+# un-comminging them out.
+##############################################################################
 
-# Ad Trackers
+# Ad-Trackers and Bad Porn
 BLOCKLISTS+="ads-trackers-and-bad-pr0n "
 
-# Bogon Addresses
+# People who have been reported for bad deeds in p2p (having files that
+# contain viruses, etc.) (ex templist)
+BLOCKLISTS+="badpeers "
+
+# Bogon Addresses List
 BLOCKLISTS+="bogon "
 
 # DShield (http://www.dshield.org)
@@ -51,13 +77,12 @@ BLOCKLISTS+="dshield "
 # Educational Institution Ranges
 #BLOCKLISTS+="edu "
 
-# Recommended Exclusions (Don't use this yet, moblock-update isn't handling it
-# correctly)
-#BLOCKLISTS+="exclusions "
-
 # LAN Blacklist 0.* 10.* and 192.168.* Ranges
 #BLOCKLISTS+="fornonlancomputers "
 
+# Stops spam, fakes and worms in the Gnutella net.
+#BLOCKLISTS+="gnutella "
+
 # Hijacked IP address blocks
 BLOCKLISTS+="hijacked "
 
@@ -83,6 +108,9 @@ BLOCKLISTS+="level2 "
 # Level 3
 BLOCKLISTS+="level3 "
 
+# All known Microsoft Corp and associated IP ranges from around the world.
+BLOCKLISTS+="Microsoft "
+
 # Suspicious IP's that are under investigation.
 BLOCKLISTS+="rangetest "
 
@@ -92,15 +120,15 @@ BLOCKLISTS+="rangetest "
 # Spyware, adware, malware and trojans initiated from web sites.
 BLOCKLISTS+="spyware "
 
-# People who have been reported for bad deeds in p2p (having files that
-# contain viruses, etc.)
-BLOCKLISTS+="templist "
-
 # Trojans & port scanners.
 BLOCKLISTS+="trojan "
 
+# Bad Sites that use exploits and forums with a lot of spam.
+BLOCKLISTS+="webexploit-forumspam "
+
 # eMule "Normal" IP Filter - A compilation of the below lists.  Please DO NOT
-# use this in addition to any of the below.
+# use this in addition to any of the below.  You cannot mix and match .p2p and
+# .dat files anyway.
 # * Microsoft
 # * bogon
 # * fornonlancomputers
@@ -110,10 +138,10 @@ BLOCKLISTS+="trojan "
 # * iana-reserved
 # * level1
 # * level2
-# * templist
+# * badpeers
 #BLOCKLISTS+="nipfilter.dat "
 
-# eMule "Parinoid" IP Filter - A compilation of ALL of the above lists.  DO NOT
+# eMule "Paranoid" IP Filter - A compilation of ALL of the above lists.  DO NOT
 # use this in addition to the above lists as you will just be wasting bandwidth.
 #BLOCKLISTS+="pipfilter.dat "
 
diff --git a/net-misc/moblock/files/0.8-r2/moblock.paranoid.example b/net-misc/moblock/files/0.8-r2/moblock.paranoid.example
new file mode 100644
index 000000000..789166366
--- /dev/null
+++ b/net-misc/moblock/files/0.8-r2/moblock.paranoid.example
@@ -0,0 +1,149 @@
+# /etc/conf.d/moblock.paranoid.example: Used by /usr/sbin/moblock{,-stats,-update}
+# This moblock configuration provides the most protection, but will also greatly
+# limit what you can access on the Internet, possibly including Gentoo mirrors.
+# Individual blocklists (as opposed to pipfilter.dat) are used to reduce update
+# bandwidth.
+
+ACTIVATE_CHAINS=1
+#WHITE_TCP_IN="ssh"
+WHITE_UDP_IN=""
+#WHITE_TCP_OUT="ftp http https"
+WHITE_UDP_OUT=""
+WHITE_TCP_FORWARD=""
+WHITE_UDP_FORWARD=""
+WHITE_IP_IN="91.186.30.235"         # Gentoo rSync
+WHITE_IP_OUT="91.186.30.235"        # Gentoo rSync
+WHITE_IP_FORWARD="91.186.30.235"    # Gentoo rSync
+BLACK_IP_IN=""
+BLACK_IP_OUT=""
+BLACK_IP_FORWARD=""
+
+TARGET="NFQUEUE"
+
+PIDFILE="/var/run/moblock.pid"
+LOGFILE="/var/log/moblock.log"
+
+# Do not edit WGET_EXTRA_OPTIONS without understanding how the getAFile
+# function in moblock-update works.
+WGET_EXTRA_OPTIONS="--tries=2 --timeout=30"
+
+# Valid values for BLOCKLISTTYPE:
+#     -d    blocklist is an ipfilter.dat file
+#     -n    blocklist is a peerguardian 2.x file (.p2b)
+#     -p    blocklist is a peerguardian file (.p2p)
+BLOCKLISTTYPE="-p"
+BLOCKLISTFILE="/var/db/moblock/guarding.p2p"
+
+# This is where blocklists will be downloaded to when performing updates.
+BLOCKLISTDIR="/var/cache/moblock"
+
+BLOCKLISTSUFFIX="gz"
+BLOCKLISTURLS="
+	http://www.bluetack.co.uk/config/BLOCKLIST.SUFFIX
+	http://www.bluetack.nl/bluetack/BLOCKLIST.SUFFIX
+	http://www.btack.info/bluetack/BLOCKLIST.SUFFIX
+	http://www.bluetack.info/temp/BLOCKLIST.SUFFIX
+	http://list.iblocklist.com/?list=bt_BLOCKLIST
+"
+
+# This mirror is broken, it doesn't return a real HTTP error code when it
+# fails.  If they fix it, we can re-add it to the above list.
+#	http://min.midco.net/jinx/bluetack
+
+# For more information on blocklists, go read
+# http://www.bluetack.co.uk/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Blacklists+FAQ
+
+# Recommended Exclusions (will be downloaded from one of the mirrors)
+WHITELISTS+="exclusions "
+
+##############################################################################
+# The Block Lists
+#
+# Select the lists below that you want to be block by commenting or
+# un-comminging them out.
+##############################################################################
+
+# Ad-Trackers and Bad Porn
+BLOCKLISTS+="ads-trackers-and-bad-pr0n "
+
+# People who have been reported for bad deeds in p2p (having files that
+# contain viruses, etc.) (ex templist)
+BLOCKLISTS+="badpeers "
+
+# Bogon Addresses List
+BLOCKLISTS+="bogon "
+
+# DShield (http://www.dshield.org)
+BLOCKLISTS+="dshield "
+
+# Educational Institution Ranges
+BLOCKLISTS+="edu "
+
+# LAN Blacklist 0.* 10.* and 192.168.* Ranges
+#BLOCKLISTS+="fornonlancomputers "
+
+# Stops spam, fakes and worms in the Gnutella net.
+BLOCKLISTS+="gnutella "
+
+# Hijacked IP address blocks
+BLOCKLISTS+="hijacked "
+
+# IANA Multicast Addresses
+BLOCKLISTS+="iana-multicast "
+
+# IANA Private Addresses
+BLOCKLISTS+="iana-private "
+
+# IANA Reserved Addresses
+BLOCKLISTS+="iana-reserved "
+
+# Level 1
+# * anti-p2p companies / p2p trackers
+# * fake p2p file sources
+# * Government, Military, Science, Research Labs
+# * Bad Education facilities
+BLOCKLISTS+="level1 "
+
+# Level 2 - Corporations (banks, financial institutions, etc.)
+BLOCKLISTS+="level2 "
+
+# Level 3
+BLOCKLISTS+="level3 "
+
+# All known Microsoft Corp and associated IP ranges from around the world.
+BLOCKLISTS+="Microsoft "
+
+# Suspicious IP's that are under investigation.
+BLOCKLISTS+="rangetest "
+
+# Webspiders and bots (includes Google, Yahoo!, et. al.)
+BLOCKLISTS+="spider "
+
+# Spyware, adware, malware and trojans initiated from web sites.
+BLOCKLISTS+="spyware "
+
+# Trojans & port scanners.
+BLOCKLISTS+="trojan "
+
+# Bad Sites that use exploits and forums with a lot of spam.
+BLOCKLISTS+="webexploit-forumspam "
+
+# eMule "Normal" IP Filter - A compilation of the below lists.  Please DO NOT
+# use this in addition to any of the below.  You cannot mix and match .p2p and
+# .dat files anyway.
+# * Microsoft
+# * bogon
+# * fornonlancomputers
+# * hijacked
+# * iana-multicast
+# * iana-private
+# * iana-reserved
+# * level1
+# * level2
+# * badpeers
+#BLOCKLISTS+="nipfilter.dat "
+
+# eMule "Paranoid" IP Filter - A compilation of ALL of the above lists.  DO NOT
+# use this in addition to the above lists as you will just be wasting bandwidth.
+#BLOCKLISTS+="pipfilter.dat "
+
diff --git a/net-misc/moblock/files/moblock-0.8-fix-broken-compile.patch b/net-misc/moblock/files/moblock-0.8-fix-broken-compile.patch
new file mode 100644
index 000000000..ab1085c85
--- /dev/null
+++ b/net-misc/moblock/files/moblock-0.8-fix-broken-compile.patch
@@ -0,0 +1,11 @@
+diff -ru orig/MoBlock-0.8/MoBlock.c new/MoBlock-0.8/MoBlock.c
+--- orig/MoBlock-0.8/MoBlock.c	2009-09-03 13:41:05.216725283 -0500
++++ new/MoBlock-0.8/MoBlock.c	2009-09-03 13:41:17.353386581 -0500
+@@ -24,6 +24,7 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+ #include <unistd.h>
+ #include <netinet/in.h>
+ #include <string.h>
diff --git a/net-misc/moblock/files/moblock-0.8-fix-nfq_unbind_pf-error.patch b/net-misc/moblock/files/moblock-0.8-fix-nfq_unbind_pf-error.patch
new file mode 100644
index 000000000..a7f49d0db
--- /dev/null
+++ b/net-misc/moblock/files/moblock-0.8-fix-nfq_unbind_pf-error.patch
@@ -0,0 +1,21 @@
+diff -ru orig/MoBlock-0.8/MoBlock.c new/MoBlock-0.8/MoBlock.c
+--- orig/MoBlock-0.8/MoBlock.c	2009-09-03 13:37:35.346736734 -0500
++++ new/MoBlock-0.8/MoBlock.c	2009-09-03 13:40:24.963491807 -0500
+@@ -33,6 +33,7 @@
+ #include <sys/socket.h>
+ #include <arpa/inet.h>
+ #include <linux/netfilter_ipv4.h>
++#include <linux/version.h>
+ #include <signal.h>
+ #include <regex.h>
+ 
+@@ -502,7 +503,9 @@
+ 
+ 	if (nfq_unbind_pf(h, AF_INET) < 0) {
+ 		fprintf(logfile, "error during nfq_unbind_pf()\n");
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23)
+ 		exit(-1);
++#endif
+ 	}
+ 
+ 	if (nfq_bind_pf(h, AF_INET) < 0) {
diff --git a/net-misc/moblock/files/moblock-0.8-makefile.patch b/net-misc/moblock/files/moblock-0.8-makefile.patch
index 613dad634..1c1c6f588 100644
--- a/net-misc/moblock/files/moblock-0.8-makefile.patch
+++ b/net-misc/moblock/files/moblock-0.8-makefile.patch
@@ -1,5 +1,5 @@
---- Makefile.orig	2006-08-13 00:55:15.000000000 +0200
-+++ Makefile	2006-08-13 00:55:27.000000000 +0200
+--- orig/MoBlock-0.8/Makefile	2006-03-22 11:44:31.000000000 -0600
++++ new/MoBlock-0.8/Makefile	2009-09-03 13:24:36.766806206 -0500
 @@ -7,9 +7,7 @@
  #QUEUE_LIB=LIBIPQ
  QUEUE_LIB=NFQUEUE
diff --git a/net-misc/moblock/files/moblock-0.8-rename-stats-file.patch b/net-misc/moblock/files/moblock-0.8-rename-stats-file.patch
new file mode 100644
index 000000000..f475deefc
--- /dev/null
+++ b/net-misc/moblock/files/moblock-0.8-rename-stats-file.patch
@@ -0,0 +1,53 @@
+diff -ru orig/MoBlock-0.8/MoBlock.c new/MoBlock-0.8/MoBlock.c
+--- orig/MoBlock-0.8/MoBlock.c	2006-03-22 11:44:31.000000000 -0600
++++ new/MoBlock-0.8/MoBlock.c	2009-09-03 13:30:49.153576912 -0500
+@@ -313,7 +313,7 @@
+ 			reopen_logfile();
+ 			break;
+ 		case SIGUSR2:
+-			fprintf(logfile,"Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
++			fprintf(logfile,"Got SIGUSR2! Dumping stats to /var/log/moblock.stats\n");
+ 			ll_log();
+ 			break;
+ 		case SIGHUP:
+diff -ru orig/MoBlock-0.8/README new/MoBlock-0.8/README
+--- orig/MoBlock-0.8/README	2006-03-22 11:44:31.000000000 -0600
++++ new/MoBlock-0.8/README	2009-09-03 13:24:36.766806206 -0500
+@@ -145,11 +145,11 @@
+ 
+    kill -TERM <MoBlockPid>
+ 
+-   While shutting down it will dump some stats to /var/log/MoBlock.stats
++   While shutting down it will dump some stats to /var/log/moblock.stats
+    To obtain stats about blocked ranges while it's running:
+ 
+    kill -USR1 <MoBlockPid>	# write stats to logfile
+-   kill -USR2 <MoBlockPid>      # write stats to /var/log/MoBlock.stats
++   kill -USR2 <MoBlockPid>      # write stats to /var/log/moblock.stats
+ 
+ ** NEW: to reload the blocklist while MoBlock is running send to it the
+    HUP signal:
+diff -ru orig/MoBlock-0.8/rbt.c new/MoBlock-0.8/rbt.c
+--- orig/MoBlock-0.8/rbt.c	2006-03-22 11:44:31.000000000 -0600
++++ new/MoBlock-0.8/rbt.c	2009-09-03 13:24:36.770138392 -0500
+@@ -144,9 +144,9 @@
+     FILE *fp;
+     time_t tp;
+     
+-    fp=fopen("/var/log/MoBlock.stats","a");
++    fp=fopen("/var/log/moblock.stats","a");
+     if ( fp == NULL ) {
+-        fprintf(stderr,"Error opening stats file /var/log/MoBlock.stats\n");
++        fprintf(stderr,"Error opening stats file /var/log/moblock.stats\n");
+         perror("ll_log");
+         return;
+     }
+@@ -160,7 +160,7 @@
+     }
+     fprintf(fp,"----------------------------------------\n");
+     if ( fclose(fp) != 0 ) {
+-        perror("Error closing stats file /var/log/MoBlock.stats");
++        perror("Error closing stats file /var/log/moblock.stats");
+         return;
+     }
+ }
diff --git a/net-misc/moblock/metadata.xml b/net-misc/moblock/metadata.xml
index 7e3286984..cc3b3f5a5 100644
--- a/net-misc/moblock/metadata.xml
+++ b/net-misc/moblock/metadata.xml
@@ -2,4 +2,9 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <herd>maintainer-wanted</herd>
+  <use>
+    <flag name="logrotate">Use <pkg>app-admin/logrotate</pkg> to rotate log files</flag>
+    <flag name="network-cron">Adds monthly cronjob to update blocklist files</flag>
+    <flag name="paranoid">Use paranoid blocklist file and update daily</flag>
+  </use>
 </pkgmetadata>
diff --git a/net-misc/moblock/moblock-0.8-r1.ebuild b/net-misc/moblock/moblock-0.8-r1.ebuild
deleted file mode 100644
index dba546a92..000000000
--- a/net-misc/moblock/moblock-0.8-r1.ebuild
+++ /dev/null
@@ -1,66 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-inherit eutils toolchain-funcs linux-info
-
-KEYWORDS="~amd64 ~x86"
-
-MY_P=${P/mob/MoB}
-
-DESCRIPTION="Blocks connections from/to hosts listed in a file in peerguardian format using iptables."
-HOMEPAGE="http://moblock.berlios.de/"
-SRC_URI="mirror://berlios/${PN}/${MY_P}-i586.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE=""
-
-DEPEND=">=net-libs/libnetfilter_queue-0.0.11
-		>=net-libs/libnfnetlink-0.0.14
-		net-firewall/iptables"
-RDEPEND="${DEPEND}"
-
-S=${WORKDIR}/${MY_P}
-
-CONFIG_CHECK="NETFILTER NETFILTER_XTABLES NETFILTER_XT_TARGET_NFQUEUE IP_NF_IPTABLES IP_NF_FILTER"
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-	epatch "${FILESDIR}/${P}-makefile.patch"
-}
-
-src_compile() {
-	emake CC=$(tc-getCC) || die "emake failed"
-}
-
-src_install() {
-	dosbin moblock
-	dosbin "${FILESDIR}/${PVR}/moblock-update"
-	dosbin "${FILESDIR}/${PVR}/moblock-stats"
-
-	newconfd "${FILESDIR}/${PVR}/confd" moblock
-	newinitd "${FILESDIR}/${PVR}/initd" moblock
-
-	dodir /var/db/moblock
-	touch "${D}/var/db/moblock/guarding.p2p"
-
-	keepdir /var/cache/moblock
-
-	dodoc Changelog README
-}
-
-pkg_postinst() {
-	elog "Run moblock-update to update your block list."
-	elog "You can set moblock to update daily with the command"
-	elog "  ln -s /usr/sbin/moblock-update /etc/cron.daily/moblock-update"
-	elog "Or weekly with"
-	elog "  ln -s /usr/sbin/moblock-update /etc/cron.weekly/moblock-update"
-}
-
-pkg_postrm() {
-	if ! has_version ${CATEGORY}/${PN} && [[ -d ${ROOT}/var/cache/moblock ]] ; then
-		einfo "Removing leftover cache..."
-		rm -rf "${ROOT}"/var/cache/moblock
-	fi
-}
diff --git a/net-misc/moblock/moblock-0.8-r2.ebuild b/net-misc/moblock/moblock-0.8-r2.ebuild
new file mode 100644
index 000000000..8f74392ca
--- /dev/null
+++ b/net-misc/moblock/moblock-0.8-r2.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils linux-info toolchain-funcs
+
+
+MY_P=MoBlock-${PV}
+
+DESCRIPTION="Blocks connections from/to hosts listed in a file in peerguardian format using iptables"
+HOMEPAGE="http://moblock.berlios.de/"
+SRC_URI="mirror://berlios/${PN}/${MY_P}-i586.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="logrotate network-cron paranoid"
+
+DEPEND="net-libs/libnetfilter_queue
+		net-libs/libnfnetlink"
+RDEPEND="${DEPEND}
+		net-firewall/iptables"
+
+S=${WORKDIR}/${MY_P}
+
+CONFIG_CHECK="NETFILTER NETFILTER_XTABLES NETFILTER_XT_TARGET_NFQUEUE
+		IP_NF_IPTABLES IP_NF_FILTER NETFILTER_XT_MATCH_STATE"
+
+src_unpack() {
+	unpack ${A}
+	epatch "${FILESDIR}/${P}-makefile.patch"
+	epatch "${FILESDIR}/${P}-rename-stats-file.patch"
+	epatch "${FILESDIR}/${P}-fix-nfq_unbind_pf-error.patch"
+	epatch "${FILESDIR}/${P}-fix-broken-compile.patch"
+}
+
+src_compile() {
+	cd "${S}" || die
+	emake CC=$(tc-getCC) || die "emake failed"
+}
+
+src_install() {
+	dosbin moblock || die
+
+	dosbin "${FILESDIR}/${PVR}/moblock-update" || die
+	dosbin "${FILESDIR}/${PVR}/moblock-stats" || die
+
+	newinitd "${FILESDIR}/${PVR}/init.d" moblock || die
+	doconfd "${FILESDIR}/${PVR}/moblock.paranoid.example" || die
+	doconfd "${FILESDIR}/${PVR}/moblock.normal.example" || die
+	doconfd "${FILESDIR}/${PVR}/moblock.minimal.example" || die
+	if use paranoid; then
+		newconfd "${FILESDIR}/${PVR}/moblock.paranoid.example" moblock || die
+	else
+		newconfd "${FILESDIR}/${PVR}/moblock.normal.example" moblock || die
+	fi
+
+	dodir /var/db/moblock || die
+	touch "${D}/var/db/moblock/guarding.p2p" || die
+
+	keepdir /var/cache/moblock || die
+
+	if use network-cron; then
+		if use paranoid; then
+			dosym /usr/sbin/moblock-update /etc/cron.daily/moblock-update || die
+		else
+			dosym /usr/sbin/moblock-update /etc/cron.weekly/moblock-update || die
+		fi
+	fi
+
+	if use logrotate; then
+		insinto /etc/logrotate.d || die
+		newins "${FILESDIR}/${PVR}/logrotate" moblock || die
+	fi
+
+	dodoc Changelog README || die
+}
+
+pkg_postinst() {
+	if use network-cron; then
+		local cron_interval="$(use paranoid && echo daily || echo weekly)";
+		elog "The script /usr/sbin/moblock-update will be run ${cron_interval} to update your"
+		elog "blocklists.  You can change this by moving or removing the symlink"
+		elog "/etc/cron.${cron_interval}/moblock-update or re-installing MoBlock without the"
+		elog "network-cron USE flag."
+	else
+		elog "Run moblock-update to update your block list.  To have this happen"
+		elog "automatically, re-install enabling the network-cron USE flag."
+	fi
+	elog ""
+	elog "You can view or change your blocklist(s) and other options by editing"
+	elog "/etc/conf.d/moblock."
+}
+
+pkg_postrm() {
+	if ! has_version ${CATEGORY}/${PN} && [[ -d ${ROOT}/var/cache/moblock ]] ; then
+		elog "Removing leftover cache..."
+		rm -rf "${ROOT}/var/cache/moblock" ||
+			ewarn "Failed to remove ${ROOT}/var/cache/moblock"
+	fi
+}
author	Daniel Santos (javamonger) <daniel.santos@pobox.com>	2009-09-03 20:36:13 +0000
committer	Daniel Santos (javamonger) <daniel.santos@pobox.com>	2009-09-03 20:36:13 +0000
commit	ef51b06d347126567d696c3e2c90b27377213787 (patch)
tree	6fdac896dc97f1fbd3ca8229a41ea4a802d75296
parent	media-radio/ibp: tested on amd64 (diff)
download	sunrise-ef51b06d347126567d696c3e2c90b27377213787.tar.gz sunrise-ef51b06d347126567d696c3e2c90b27377213787.tar.bz2 sunrise-ef51b06d347126567d696c3e2c90b27377213787.zip