You are here: Home / Debian GNU/Linux / System / Security / Install the Peer 2 Peer privacy protection PeerGuardian on Debian

Install the Peer 2 Peer privacy protection PeerGuardian on Debian

by Pierre-Yves Landuré last modified Nov 11, 2017 09:45

PeerGuardian is a Peer 2 Peer firewall that block bad peers. This tool is strongly recommended if you are a BitTorrent or aMule user.

This howto is tested on :

  • Debian 6.0 Squeeze


Setup the system release information tool to detect the Debian version, and GnuPG to fetch repository encryption public key :

command apt-get install lsb-release gnupg

Detect your distribution name :

DEBIAN_VERSION="$(command lsb_release -cs)"

Add the software repository to your apt settings :

echo "# Moblock for ${DEBIAN_VERSION}
deb ${DEBIAN_VERSION} main
deb-src ${DEBIAN_VERSION} main" \
    > '/etc/apt/sources.list.d/moblock.list'

Add the repository encryption key :

command gpg --keyserver --recv-keys C0145138
command gpg --export --armor C0145138 | command apt-key add -

Update the available packages list :

command apt-get update

Install the software :

DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd

Update the blockcontrol settings :

echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd

# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.

# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.

# Instead or additionally to the blocklists that are specified in this file,
# you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl).
# All blocklists in that directory (except those which end in "~" or have a "."
# prefix) are used by pgld. They may be in any supported format and have to be
# either unpacked or gzipped. Note that these manually installed blocklists are
# neither updated automatically, nore does IP_REMOVE work for them.

# Do a "pglcmd reload" (or "restart" or "update") when you have edited
# this file.

#' \
     > '/etc/pgl/blocklists.list'

Detect ports used for vsFTPd passive mode:

if [ -e '/etc/vsftpd.conf' ]; then
MIN_PORT=$(command grep "^pasv_min_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
MAX_PORT=$(command grep "^pasv_max_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
if [ -n "${MIN_PORT}" -a -n "${MAX_PORT}" ]; then

Disable blockcontrol for HTTP, HTTPS, FTP and SSH ports :

command echo "WHITE_TCP_OUT=\"http https ssh ftp ${FTP_PASSIVE}\"
WHITE_TCP_IN=\"http https ssh ftp ${FTP_PASSIVE}\"" \ >> '/etc/pgl/pglcmd.conf'

White list configuration

Add your usual torrent trackers to the PeerGuardian host white list. For example, add openbittorrent tracker:


Fetch the tracker IP, and add it to allow.p2p file :

HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \
        | command head -n 1 \
        | command sed -e 's/[^(]*(\([^)]*\).*/\1/')"
echo "${HOSTNAME}:${HOST_IPV4}-" \
    >> '/etc/pgl/allow.p2p'

Reload the configuration :

/etc/init.d/pgl restart