06.16.12
by

PeerGuardian Linux

pgld

Pgld is an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy. It uses a file in PeerGuardian format (guarding.p2p) or an ipfilter.dat.

The new PeerGuardian Linux is the official successor and based on the MoBlock fork NFBlock, blockcontrol and mobloquer.

Packages for pgl are available for

Ubuntu 11.10 (“Oneiric Ocelot”)
Ubuntu 11.04 (“Natty Narwhal”)
Ubuntu 10.10 (“Maverick Meerkat”)
Ubuntu 10.04 (“Lucid Lynx”)
The latter 3 also provide moblock, blockcontrol and mobloquer packages.

Install the packages

Add the ppa to your system’s Software Sources

sudo add-apt-repository ppa:jre-phoenix/ppa

Run this command (on command line) to update the list of available packages:

sudo apt-get update

Install the packages

1.  Via Synaptic Package Manager

pgld pglcmd pgl-gui

2.  Or via apt-get

sudo apt-get install pgld pglcmd pgl-gui

Configuration and Usage

pgld features include:

  1. start and stop pgld (including handling of the iptables rules if desired)
  2. update the specified blocklists from online sources
  3. use local blocklists
  4. modify the blocklist and whitelist IPs and ports
  5. The logfiles are rotated daily.

In the default configuration pgld starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/pgl/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/pgl/pglcmd.conf. This is important especially if pgld blocks sites that it should not block. A list of all available configuration options is in /usr/lib/pgl/pglcmd.defaults (Don’t edit the latter file, but put your changes in /etc/pgl/pglcmd.conf.)

Start pgld

sudo pglcmd start

Stop pgld

sudo pglcmd stop

Restart pgld

sudo pglcmd restart

Rebuild Blocklist


sudo pglcmd reload

pgld is then reloaded

Update Blocklists

sudo pglcmd update

* Updating blocklists and reloading PeerGuardian Linux pgld

pgld Status

sudo pglcmd status

Current IPv4 iptables rules (this may take a while):

Chain INPUT (policy ACCEPT 910K packets, 83M bytes)
pkts bytes target prot opt in out source destination
4418 877K pgl_in all — * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 pgl_fwd all — * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14

Chain OUTPUT (policy ACCEPT 2530K packets, 3252M bytes)
pkts bytes target prot opt in out source destination
29636 2880K pgl_out all — * * 0.0.0.0/0 0.0.0.0/0 state NEW mark match !0x14

Chain pgl_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all — * * 192.168.1.0/24 192.168.1.0/24
0 0 RETURN all — * * 0.0.0.0/0 192.168.1.1
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa
0 0 NFQUEUE all — * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92

Chain pgl_in (1 references)
pkts bytes target prot opt in out source destination
4389 875K RETURN all — * * 192.168.1.0/24 0.0.0.0/0
15 900 RETURN all — lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa
0 0 RETURN all — * * 192.168.0.0/24 0.0.0.0/0
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:989
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:990
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
14 1092 NFQUEUE all — * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92

Chain pgl_out (1 references)
pkts bytes target prot opt in out source destination
4111 738K RETURN all — * * 0.0.0.0/0 192.168.1.0/24
0 0 RETURN all — * * 0.0.0.0/0 192.168.1.1
135 42640 RETURN all — * lo 0.0.0.0/0 0.0.0.0/0
2058 235K REJECT all — * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa reject-with icmp-port-unreachable
0 0 RETURN all — * * 0.0.0.0/0 192.168.0.0/24
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:989
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:990
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
21 1260 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
102 6120 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
23209 1856K NFQUEUE all — * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92

Please check if the above printed iptables rules are correct!

* pgld is running
PID: 17777 CMD: /usr/sbin/pgld -s -l /var/log/pgl/pgld.log -d -p /var/run/pgld.pid -q 92 -r 10 -a 20 /var/lib/pgl/master_blocklist.p2p

* pglcmd.wd is running
PID: 17786 CMD: /bin/sh /usr/sbin/pglcmd.wd

user@user:~$

It receives the iptables settings and the status of the pgld daemon.

Test MoBlock

sudo pglcmd test

Testing PeerGuardian Linux:
CAUTION: This is just a simple test to check if PeerGuardian Linux blocks
outgoing connections. For this, an IP from the blocklist will be pinged. Then
the test checks if this IP appears in /var/log/pgl/pgld.log.
pgld marks packets to be blocked. This means you have to make sure that the
marked packets are also blocked later (with appropriate iptables rules). If you
are using the default configuration and pgld is started after other firewalls
this will be the case.
This test does not check if you have sane iptables rules. Therefore success
doesn’t imply that everything is working as you expect it.

Also have a look at “pglcmd status”.

Trying to ping 1.232.49.255 from /var/lib/pgl/master_blocklist.p2p …
pgld marked the IP to be blocked and the IP did not answer.
Test succeeded.
user@user:~$

This can be done interactively (this command will show you the log in real-time).

tail -f /var/log/pgl/pgld.log

Search in the blocklists

sudo pgld search PATTERN

Search for a pattern in your blocklists. This helps you to find out, which blocklist is responsible for a certain block.

The configuration files are in /etc/pgl/.

Frequently Asked Questions (FAQ)

I cannot connect to the internet any more!
pgld may block your complete LAN, including your router, gateway and/or DNS server. Normally this traffic is whitelisted automatically as long as you keep the default setting WHITE_LOCAL=”1″. But if you have problems follow these instructions:

You have to whitelist your LAN. If you don’t know your local IP check it with “sudo ip addr”. It’s the value after “inet” of the interface that you use for networking. For wired connections this might be “eth0”, for wireless connections “wlan0”.

Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then you need to whitelist this range for incoming and outgoing connections.

Edit /etc/blockcontrol/blockcontrol.conf (in Kubuntu, replace gksu with kdesu)

gksu gedit /etc/pgl/pglcmd.conf

and add these lines:

WHITE_IP_IN=”192.168.0.0/24″
WHITE_IP_OUT=”192.168.0.0/24″

Do a

sudo pglcmd restart

when you have changed these settings.

Some applications cannot connect to the internet any more!
There are several possibilities to solve your problems:

Use less or other blocklists
Whitelist IPs
Whitelist ports
Advanced whitelisting
For each possibility you can learn how to do it in another question here on the page. But now, which is the best solution for you?

Generally you should first decide on the correct set of blocklists. The default setting is quite paranoid, so you may choose less blocklists.

Now, if you need to allow (whitelist) certain traffic, it depends on the application that has problems: If the application only needs to connect to one or a few servers, with fixed IPs, then you should whitelist IPs. There are also some allow lists (e.g. for some games) e.g. on iblocklist.com.

But if you want to connect to many other computers, where you don’t know the IP, or where the IPs may be even changing frequently, then you should do port whitelisting. Per default moblock whitelists the outgoing http (80) and https (443) ports, in order to allow an easier websurfing. Keep in mind that malicious hosts may abuse these ports for their own purposes.

pgld closed the port for my torrent client. How do I open it again?
Don’t do that! Why did you install pgld? Probably to check your torrent client’s traffic. Right!? So you must not open that port. Otherwise you could just uninstall pgld, the effect would be nearly the same.

pgld does not close ports. It checks all traffic for certain IPs. So on the same port some traffic from good IPs is allowed, and some from bad IPs is blocked. So you could just ignore the “closed port” warning.

What happens on your side is, that your torrent client tells an testhost to try to connect to you. Now, probably this testhost is in the blocklist, so it gets blocked.

Solution 1:Only choose those blocklists that you really want to use.

Solution 2: Check the logfile in pgl-gui when you do the port check in azureus. Some IP should get blocked then. Just allow this IP.

How do I find out which IP or port was blocked?
To learn, what gets blocked I recommend that you use pgl-gui. There you see live every blocked IP and you can whitelist it directly.

Or you follow the logfile live

tail -f /var/log/pgl/pgld.log

There you can see which IP gets blocked.

There is more but I’ll add it later.  Also I pulled this from https://help.ubuntu.com/community/MoBlock that was written by https://launchpad.net/~jre-phoenix

Related articles

2 thoughts on “PeerGuardian Linux

Leave a comment