Difference between revisions of "PeerGuardian Linux"

From ArchWiki
Jump to: navigation, search
(Created page with "Category:Networking (English) Category:Security (English) ''PeerGuardian Linux'' (pgl) is a privacy oriented firewall application. It blocks connections to and from host...")
 
m (Better use of wiki templates)
Line 4: Line 4:
 
''PeerGuardian Linux'' (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges). ''pgl'' is based on the Linux kernel netfilter framework and iptables.
 
''PeerGuardian Linux'' (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges). ''pgl'' is based on the Linux kernel netfilter framework and iptables.
  
{{Note|WARNING: ''pgl'' may block your complete network/internet access! Using too many
+
{{Warning|''pgl'' may block your complete network/internet access! Using too many
 
and/or inappropriate lists may seriously degrade your internet service.}}
 
and/or inappropriate lists may seriously degrade your internet service.}}
  
Line 18: Line 18:
 
The most important aspect that you'll want to change as soon as possible are the preconfigured block lists. The default lists in {{filename|/etc/pgl/blocklists.list}} block many potentially legitimate IP address, so use your best judgment and the information available at [http://www.iblocklist.com/ I-Blocklist] to make your choice.
 
The most important aspect that you'll want to change as soon as possible are the preconfigured block lists. The default lists in {{filename|/etc/pgl/blocklists.list}} block many potentially legitimate IP address, so use your best judgment and the information available at [http://www.iblocklist.com/ I-Blocklist] to make your choice.
  
If you install ''pgl'' on a workstation, it is recommended to disable the filtering of HTTP connections. To do that, copy the following in {{filename|/etc/pgl/pglcmd.conf}}:
+
If you install ''pgl'' on a workstation, it is recommended to disable the filtering of HTTP connections. Sipmly add the following to {{filename|/etc/pgl/pglcmd.conf}}:
  
<code>WHITE_TCP_OUT="http https"</code>
+
{{File|/etc/pgl/pglcmd.conf|<nowiki>WHITE_TCP_OUT="http https"</nowiki>}}
  
 
Also, depending on the lists you use, some program might not be able to reach the outside world. For instance, if you use MSN for instant messaging, you'll need to add port 1863 to the white list:
 
Also, depending on the lists you use, some program might not be able to reach the outside world. For instance, if you use MSN for instant messaging, you'll need to add port 1863 to the white list:
  
<code>WHITE_TCP_OUT="http https 1863"</code>
+
{{File|/etc/pgl/pglcmd.conf|<nowiki>WHITE_TCP_OUT="http https 1863"</nowiki>}}
  
 
Conversely, you could white list all the ports except the ones used by the program you are trying to restrain. The following example only use the block lists to stop incoming traffic on ports 53 (DNS) and 80 (HTTP):
 
Conversely, you could white list all the ports except the ones used by the program you are trying to restrain. The following example only use the block lists to stop incoming traffic on ports 53 (DNS) and 80 (HTTP):
  
<code>WHITE_TCP_IN="0:79 81:65535"<br>
+
{{File|/etc/pgl/pglcmd.conf|<nowiki>WHITE_TCP_IN="0:79 81:65535"
WHITE_UDP_IN="0:52 54:65535"</code>
+
WHITE_UDP_IN="0:52 54:65535"</nowiki>}}
  
 
= Starting up =
 
= Starting up =
Line 35: Line 35:
 
Once you are comfortable with the configuration of both the daemon and the lists, type in:
 
Once you are comfortable with the configuration of both the daemon and the lists, type in:
  
<code># rc.d start pgl</code>
+
{{Cli|# rc.d start pgl}}
  
 
To make sure that ''pgl'' works as intended, issue this command:
 
To make sure that ''pgl'' works as intended, issue this command:
  
<code># pglcmd test</code>
+
{{Cli|# pglcmd test}}
  
 
Should you want ''pgl'' to run automatically, just add “pgl” to your {{filename|/etc/rc.conf/}} DAEMONS array.
 
Should you want ''pgl'' to run automatically, just add “pgl” to your {{filename|/etc/rc.conf/}} DAEMONS array.

Revision as of 10:28, 28 October 2011


PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges). pgl is based on the Linux kernel netfilter framework and iptables.

Warning: pgl may block your complete network/internet access! Using too many and/or inappropriate lists may seriously degrade your internet service.

Installation

There are two AUR packages to choose from: pgl-cli includes only the daemon and CLI tools, while pgl comes complete with a GUI (written using Qt).

Configuration

All the configuration files are located in Template:Filename:

The most important aspect that you'll want to change as soon as possible are the preconfigured block lists. The default lists in Template:Filename block many potentially legitimate IP address, so use your best judgment and the information available at I-Blocklist to make your choice.

If you install pgl on a workstation, it is recommended to disable the filtering of HTTP connections. Sipmly add the following to Template:Filename:

Template:File

Also, depending on the lists you use, some program might not be able to reach the outside world. For instance, if you use MSN for instant messaging, you'll need to add port 1863 to the white list:

Template:File

Conversely, you could white list all the ports except the ones used by the program you are trying to restrain. The following example only use the block lists to stop incoming traffic on ports 53 (DNS) and 80 (HTTP):

Template:File

Starting up

Once you are comfortable with the configuration of both the daemon and the lists, type in:

Template:Cli

To make sure that pgl works as intended, issue this command:

Template:Cli

Should you want pgl to run automatically, just add “pgl” to your Template:Filename DAEMONS array.