You are here: Home / Debian GNU/Linux / System / Security / Install the Peer 2 Peer privacy protection PeerGuardian on Debian

Install the Peer 2 Peer privacy protection PeerGuardian on Debian

by Pierre-Yves Landuré last modified Nov 11, 2017 09:45

PeerGuardian is a Peer 2 Peer firewall that block bad peers. This tool is strongly recommended if you are a BitTorrent or aMule user.

This howto is tested on :

  • Debian 6.0 Squeeze

Setup

Setup the system release information tool to detect the Debian version, and GnuPG to fetch repository encryption public key :

command apt-get install lsb-release gnupg

Detect your distribution name :

DEBIAN_VERSION="$(command lsb_release -cs)"

Add the software repository to your apt settings :

echo "# Moblock for ${DEBIAN_VERSION}
deb http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main
deb-src http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main" \
    > '/etc/apt/sources.list.d/moblock.list'

Add the repository encryption key :

command gpg --keyserver wwwkeys.pgp.net --recv-keys C0145138
command gpg --export --armor C0145138 | command apt-key add -

Update the available packages list :

command apt-get update

Install the software :

DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd

Update the blockcontrol settings :

echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd

# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.

# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.

# Instead or additionally to the blocklists that are specified in this file,
# you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl).
# All blocklists in that directory (except those which end in "~" or have a "."
# prefix) are used by pgld. They may be in any supported format and have to be
# either unpacked or gzipped. Note that these manually installed blocklists are
# neither updated automatically, nore does IP_REMOVE work for them.

# Do a "pglcmd reload" (or "restart" or "update") when you have edited
# this file.

# list.iblocklist.com/lists/atma/atma
list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n
list.iblocklist.com/lists/bluetack/bad-peers
list.iblocklist.com/lists/bluetack/bogon
list.iblocklist.com/lists/bluetack/dshield
list.iblocklist.com/lists/bluetack/edu
# list.iblocklist.com/lists/bluetack/for-non-lan-computers
# list.iblocklist.com/lists/bluetack/forum-spam
list.iblocklist.com/lists/bluetack/hijacked
# list.iblocklist.com/lists/bluetack/iana-multicast
# list.iblocklist.com/lists/bluetack/iana-private
# list.iblocklist.com/lists/bluetack/iana-reserved
list.iblocklist.com/lists/bluetack/level-1
list.iblocklist.com/lists/bluetack/level-2
# list.iblocklist.com/lists/bluetack/level-3
list.iblocklist.com/lists/bluetack/microsoft
list.iblocklist.com/lists/bluetack/proxy
list.iblocklist.com/lists/bluetack/range-test
list.iblocklist.com/lists/bluetack/spider
list.iblocklist.com/lists/bluetack/spyware
list.iblocklist.com/lists/bluetack/web-exploit
list.iblocklist.com/lists/bluetack/webexploit-forumspam
# list.iblocklist.com/lists/cidr-report/bogon
list.iblocklist.com/lists/dchubad/faker
list.iblocklist.com/lists/dchubad/hacker
list.iblocklist.com/lists/dchubad/pedophiles
list.iblocklist.com/lists/dchubad/spammer
# list.iblocklist.com/lists/nexus23/ipfilterx
list.iblocklist.com/lists/peerblock/rapidshare
# list.iblocklist.com/lists/spamhaus/drop
list.iblocklist.com/lists/tbg/bogon
list.iblocklist.com/lists/tbg/business-isps
# list.iblocklist.com/lists/tbg/educational-institutions
list.iblocklist.com/lists/tbg/general-corporate-ranges
list.iblocklist.com/lists/tbg/hijacked
list.iblocklist.com/lists/tbg/primary-threats
list.iblocklist.com/lists/tbg/search-engines' \
     > '/etc/pgl/blocklists.list'

Detect ports used for vsFTPd passive mode:

FTP_PASSIVE=""
if [ -e '/etc/vsftpd.conf' ]; then
MIN_PORT=$(command grep "^pasv_min_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
MAX_PORT=$(command grep "^pasv_max_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
if [ -n "${MIN_PORT}" -a -n "${MAX_PORT}" ]; then
FTP_PASSIVE="${MIN_PORT}:${MAX_PORT}"
fi
fi

Disable blockcontrol for HTTP, HTTPS, FTP and SSH ports :

command echo "WHITE_TCP_OUT=\"http https ssh ftp ${FTP_PASSIVE}\"
WHITE_TCP_IN=\"http https ssh ftp ${FTP_PASSIVE}\"" \ >> '/etc/pgl/pglcmd.conf'

White list configuration

Add your usual torrent trackers to the PeerGuardian host white list. For example, add openbittorrent tracker:

HOSTNAME="tracker.openbittorrent.com"

Fetch the tracker IP, and add it to allow.p2p file :

HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \
        | command head -n 1 \
        | command sed -e 's/[^(]*(\([^)]*\).*/\1/')"
echo "${HOSTNAME}:${HOST_IPV4}-255.255.255.255" \
    >> '/etc/pgl/allow.p2p'

Reload the configuration :

/etc/init.d/pgl restart

Thanks