Install the Peer 2 Peer privacy protection PeerGuardian on Debian
PeerGuardian is a Peer 2 Peer firewall that block bad peers. This tool is strongly recommended if you are a BitTorrent or aMule user.
This howto is tested on :
- Debian 6.0 Squeeze
Setup
Setup the system release information tool to detect the Debian version, and GnuPG to fetch repository encryption public key :
command apt-get install lsb-release gnupg
Detect your distribution name :
DEBIAN_VERSION="$(command lsb_release -cs)"
Add the software repository to your apt settings :
echo "# Moblock for ${DEBIAN_VERSION} deb http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main deb-src http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main" \ > '/etc/apt/sources.list.d/moblock.list'
Add the repository encryption key :
command gpg --keyserver wwwkeys.pgp.net --recv-keys C0145138 command gpg --export --armor C0145138 | command apt-key add -
Update the available packages list :
command apt-get update
Install the software :
DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd
Update the blockcontrol settings :
echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd # Place one URL per line for every blocklist. # Any line which starts with a # (hash) is a comment and is ignored. # Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed # information about some available blocklists. # Instead or additionally to the blocklists that are specified in this file, # you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl). # All blocklists in that directory (except those which end in "~" or have a "." # prefix) are used by pgld. They may be in any supported format and have to be # either unpacked or gzipped. Note that these manually installed blocklists are # neither updated automatically, nore does IP_REMOVE work for them. # Do a "pglcmd reload" (or "restart" or "update") when you have edited # this file. # list.iblocklist.com/lists/atma/atma list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n list.iblocklist.com/lists/bluetack/bad-peers list.iblocklist.com/lists/bluetack/bogon list.iblocklist.com/lists/bluetack/dshield list.iblocklist.com/lists/bluetack/edu # list.iblocklist.com/lists/bluetack/for-non-lan-computers # list.iblocklist.com/lists/bluetack/forum-spam list.iblocklist.com/lists/bluetack/hijacked # list.iblocklist.com/lists/bluetack/iana-multicast # list.iblocklist.com/lists/bluetack/iana-private # list.iblocklist.com/lists/bluetack/iana-reserved list.iblocklist.com/lists/bluetack/level-1 list.iblocklist.com/lists/bluetack/level-2 # list.iblocklist.com/lists/bluetack/level-3 list.iblocklist.com/lists/bluetack/microsoft list.iblocklist.com/lists/bluetack/proxy list.iblocklist.com/lists/bluetack/range-test list.iblocklist.com/lists/bluetack/spider list.iblocklist.com/lists/bluetack/spyware list.iblocklist.com/lists/bluetack/web-exploit list.iblocklist.com/lists/bluetack/webexploit-forumspam # list.iblocklist.com/lists/cidr-report/bogon list.iblocklist.com/lists/dchubad/faker list.iblocklist.com/lists/dchubad/hacker list.iblocklist.com/lists/dchubad/pedophiles list.iblocklist.com/lists/dchubad/spammer # list.iblocklist.com/lists/nexus23/ipfilterx list.iblocklist.com/lists/peerblock/rapidshare # list.iblocklist.com/lists/spamhaus/drop list.iblocklist.com/lists/tbg/bogon list.iblocklist.com/lists/tbg/business-isps # list.iblocklist.com/lists/tbg/educational-institutions list.iblocklist.com/lists/tbg/general-corporate-ranges list.iblocklist.com/lists/tbg/hijacked list.iblocklist.com/lists/tbg/primary-threats list.iblocklist.com/lists/tbg/search-engines' \ > '/etc/pgl/blocklists.list'
Detect ports used for vsFTPd passive mode:
FTP_PASSIVE=""
if [ -e '/etc/vsftpd.conf' ]; then
MIN_PORT=$(command grep "^pasv_min_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
MAX_PORT=$(command grep "^pasv_max_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
if [ -n "${MIN_PORT}" -a -n "${MAX_PORT}" ]; then
FTP_PASSIVE="${MIN_PORT}:${MAX_PORT}"
fi
fi
Disable blockcontrol for HTTP, HTTPS, FTP and SSH ports :
command echo "WHITE_TCP_OUT=\"http https ssh ftp ${FTP_PASSIVE}\"
WHITE_TCP_IN=\"http https ssh ftp ${FTP_PASSIVE}\"" \ >> '/etc/pgl/pglcmd.conf'
White list configuration
Add your usual torrent trackers to the PeerGuardian host white list. For example, add openbittorrent tracker:
HOSTNAME="tracker.openbittorrent.com"
Fetch the tracker IP, and add it to allow.p2p file :
HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \ | command head -n 1 \ | command sed -e 's/[^(]*(\([^)]*\).*/\1/')" echo "${HOSTNAME}:${HOST_IPV4}-255.255.255.255" \ >> '/etc/pgl/allow.p2p'
Reload the configuration :
/etc/init.d/pgl restart
Thanks
- Thanks to MoBlock developers.
- Thanks to PeerGuardian Linux developers.