Install the Peer 2 Peer privacy protection PeerGuardian on Debian
by
Pierre-Yves Landuré
—
last modified
Nov 11, 2017 09:45
PeerGuardian is a Peer 2 Peer firewall that block bad peers. This tool is strongly recommended if you are a BitTorrent or aMule user.
This howto is tested on :
- Debian 6.0 Squeeze
Setup
Setup the system release information tool to detect the Debian version, and GnuPG to fetch repository encryption public key :
command apt-get install lsb-release gnupg
Detect your distribution name :
DEBIAN_VERSION="$(command lsb_release -cs)"
Add the software repository to your apt settings :
echo "# Moblock for ${DEBIAN_VERSION}
deb http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main
deb-src http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main" \
> '/etc/apt/sources.list.d/moblock.list'
Add the repository encryption key :
command gpg --keyserver wwwkeys.pgp.net --recv-keys C0145138 command gpg --export --armor C0145138 | command apt-key add -
Update the available packages list :
command apt-get update
Install the software :
DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd
Update the blockcontrol settings :
echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd
# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.
# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.
# Instead or additionally to the blocklists that are specified in this file,
# you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl).
# All blocklists in that directory (except those which end in "~" or have a "."
# prefix) are used by pgld. They may be in any supported format and have to be
# either unpacked or gzipped. Note that these manually installed blocklists are
# neither updated automatically, nore does IP_REMOVE work for them.
# Do a "pglcmd reload" (or "restart" or "update") when you have edited
# this file.
# list.iblocklist.com/lists/atma/atma
list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n
list.iblocklist.com/lists/bluetack/bad-peers
list.iblocklist.com/lists/bluetack/bogon
list.iblocklist.com/lists/bluetack/dshield
list.iblocklist.com/lists/bluetack/edu
# list.iblocklist.com/lists/bluetack/for-non-lan-computers
# list.iblocklist.com/lists/bluetack/forum-spam
list.iblocklist.com/lists/bluetack/hijacked
# list.iblocklist.com/lists/bluetack/iana-multicast
# list.iblocklist.com/lists/bluetack/iana-private
# list.iblocklist.com/lists/bluetack/iana-reserved
list.iblocklist.com/lists/bluetack/level-1
list.iblocklist.com/lists/bluetack/level-2
# list.iblocklist.com/lists/bluetack/level-3
list.iblocklist.com/lists/bluetack/microsoft
list.iblocklist.com/lists/bluetack/proxy
list.iblocklist.com/lists/bluetack/range-test
list.iblocklist.com/lists/bluetack/spider
list.iblocklist.com/lists/bluetack/spyware
list.iblocklist.com/lists/bluetack/web-exploit
list.iblocklist.com/lists/bluetack/webexploit-forumspam
# list.iblocklist.com/lists/cidr-report/bogon
list.iblocklist.com/lists/dchubad/faker
list.iblocklist.com/lists/dchubad/hacker
list.iblocklist.com/lists/dchubad/pedophiles
list.iblocklist.com/lists/dchubad/spammer
# list.iblocklist.com/lists/nexus23/ipfilterx
list.iblocklist.com/lists/peerblock/rapidshare
# list.iblocklist.com/lists/spamhaus/drop
list.iblocklist.com/lists/tbg/bogon
list.iblocklist.com/lists/tbg/business-isps
# list.iblocklist.com/lists/tbg/educational-institutions
list.iblocklist.com/lists/tbg/general-corporate-ranges
list.iblocklist.com/lists/tbg/hijacked
list.iblocklist.com/lists/tbg/primary-threats
list.iblocklist.com/lists/tbg/search-engines' \
> '/etc/pgl/blocklists.list'
Detect ports used for vsFTPd passive mode:
FTP_PASSIVE=""
if [ -e '/etc/vsftpd.conf' ]; then
MIN_PORT=$(command grep "^pasv_min_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
MAX_PORT=$(command grep "^pasv_max_port=" '/etc/vsftpd.conf' | command cut --delimiter="=" --fields=2)
if [ -n "${MIN_PORT}" -a -n "${MAX_PORT}" ]; then
FTP_PASSIVE="${MIN_PORT}:${MAX_PORT}"
fi
fi
Disable blockcontrol for HTTP, HTTPS, FTP and SSH ports :
command echo "WHITE_TCP_OUT=\"http https ssh ftp ${FTP_PASSIVE}\"
WHITE_TCP_IN=\"http https ssh ftp ${FTP_PASSIVE}\"" \
>> '/etc/pgl/pglcmd.conf'
White list configuration
Add your usual torrent trackers to the PeerGuardian host white list. For example, add openbittorrent tracker:
HOSTNAME="tracker.openbittorrent.com"
Fetch the tracker IP, and add it to allow.p2p file :
HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \
| command head -n 1 \
| command sed -e 's/[^(]*(\([^)]*\).*/\1/')"
echo "${HOSTNAME}:${HOST_IPV4}-255.255.255.255" \
>> '/etc/pgl/allow.p2p'
Reload the configuration :
/etc/init.d/pgl restart
Thanks
- Thanks to MoBlock developers.
- Thanks to PeerGuardian Linux developers.