PeerGuardian is a firewall for Peer to Peer software (i.e. BitTorrent) blocking bad peers.

This howto is tested on:

  • Debian 10.0 Buster

This howto is tested with these versions of the software:

  • 2.3.1


This howto recommends :


Detect if sudo is available (“command” is used if not):

command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Install the software’s requirements:

${cmdProxy} apt install 'gnupg'

Setup the software repository:

${cmdProxy} tee '/etc/apt/sources.list.d/moblock-deb.list' \
    <<< '# Moblock & PeerGuardian for Debian Stretch and newer.
deb stretch main
deb-src stretch main'

Fetch the repository signing key:

${cmdProxy} apt-key adv --keyserver 'hkp://' \
    --recv-keys 'C0145138'

Update the list of available packages:

${cmdProxy} apt update

Install the software:

callChain=("DEBIAN_FRONTEND=noninteractive" "${cmdProxy}")
test "${cmdProxy}"='sudo' && callChain=('sudo' "DEBIAN_FRONTEND=noninteractive")
${callChain[@]} apt install 'pgld' 'pglcmd'


Install a completer block lists configuration:

${cmdProxy} wget --quiet --output-document='/etc/pgl/blocklists.list' \

Detect the ports used by vsFTPd passive mode, if needed:

if [ -e '/etc/vsftpd.conf' ]; then
  minPort=$(command grep '^pasv_min_port=' '/etc/vsftpd.conf' \
    | command cut --delimiter="=" --fields=2)
  maxPort=$(command grep '^pasv_max_port=' '/etc/vsftpd.conf' \
    | command cut --delimiter="=" --fields=2)
  [[ -n "${minPort}" -a -n "${maxPort}" ]] && ftpPassiveRange="${minPort}:${maxPort}"

Disable blockcontrol for HTTP, HTTPS and SSH (and FTP passive) ports:

${cmdProxy} tee -a '/etc/pgl/pglcmd.conf' \
  <<< "WHITE_TCP_OUT=\"http https ssh ftp ${ftpPassiveRange}\"
WHITE_TCP_IN=\"http https ssh ftp ${ftpPassiveRange}\""

Reload the PGL settings:

${cmdProxy} systemctl reload 'pgl'

White list management

Install the tool :

${cmdProxy} wget "" \
    --quiet --no-check-certificate --output-document="/usr/local/bin/pgl-tools"

Declare the downloaded file as executable:

${cmdProxy} chmod +x "/usr/local/bin/pgl-tools"

Automatic updates

Configure biapy-updater automatic updates to check for new versions of the software:

${cmdProxy} tee -a '/etc/biapy-updater.conf' <<< 'pgl-tools'


Add a Torrent tracker to the PGL’s white list (here for openbittorrent):

${cmdProxy} pgl-tools --add ''

A line for the added whitelisted host is added in “/etc/pgl/allow.p2p”.

Reload the PGL settings:

${cmdProxy} systemctl reload 'pgl'


Categories: Security


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.