PeerGuardian is a firewall for Peer to Peer software (i.e. BitTorrent) blocking bad peers.

This howto is tested on:

  • Debian 10.0 Buster

This howto is tested with these versions of the software:

  • 2.3.1

Requirements

This howto recommends :

Installation

Detect if sudo is available (“command” is used if not):

cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Install the software’s requirements:

${cmdProxy} apt install 'gnupg'

Setup the software repository:

${cmdProxy} tee '/etc/apt/sources.list.d/moblock-deb.list' \
    <<< '# Moblock & PeerGuardian for Debian Stretch and newer.
deb http://moblock-deb.sourceforge.net/debian stretch main
deb-src http://moblock-deb.sourceforge.net/debian stretch main'

Fetch the repository signing key:

${cmdProxy} apt-key adv --keyserver 'hkp://keyserver.ubuntu.com:80' \
    --recv-keys 'C0145138'

Update the list of available packages:

${cmdProxy} apt update

Install the software:

DEBIAN_FRONTEND='noninteractive' ${cmdProxy} apt install 'pgld' 'pglcmd'

Configuration

Install a completer block lists configuration:

${cmdProxy} wget --quiet --output-document='/etc/pgl/blocklists.list' \
    'https://raw.githubusercontent.com/biapy/howto.biapy.com/master/torrent/blocklists.list'

Detect the ports used by vsFTPd passive mode, if needed:

ftpPassiveRange=""
if [ -e '/etc/vsftpd.conf' ]; then
  minPort=$(command grep '^pasv_min_port=' '/etc/vsftpd.conf' \
    | command cut --delimiter="=" --fields=2)
  maxPort=$(command grep '^pasv_max_port=' '/etc/vsftpd.conf' \
    | command cut --delimiter="=" --fields=2)
  [[ -n "${minPort}" -a -n "${maxPort}" ]] && ftpPassiveRange="${minPort}:${maxPort}"
fi

Disable blockcontrol for HTTP, HTTPS and SSH (and FTP passive) ports:

${cmdProxy} tee -a '/etc/pgl/pglcmd.conf' \
  <<< "WHITE_TCP_OUT=\"http https ssh ftp ${ftpPassiveRange}\"
WHITE_TCP_IN=\"http https ssh ftp ${ftpPassiveRange}\""

Reload the PGL settings:

${cmdProxy} systemctl reload 'pgl'

White list management

Install the tool :

${cmdProxy} wget "https://raw.githubusercontent.com/biapy/howto.biapy.com/master/torrent/pgl-tools" \
    --quiet --no-check-certificate --output-document="/usr/local/bin/pgl-tools"

Declare the downloaded file as executable:

${cmdProxy} chmod +x "/usr/local/bin/pgl-tools"

Automatic updates

Configure biapy-updater automatic updates to check for new versions of the software:

${cmdProxy} tee -a '/etc/biapy-updater.conf' <<< 'pgl-tools'

Usage

Add a Torrent tracker to the PGL’s white list (here for openbittorrent):

${cmdProxy} pgl-tools --add 'tracker.openbittorrent.com'

A line for the added whitelisted host is added in “/etc/pgl/allow.p2p”.

Reload the PGL settings:

${cmdProxy} systemctl reload 'pgl'

Thanks

Categories: Security

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.