# HowTo PeerGuardian for Linux an alternative to Linblock

## gsurbey

There are many reasons to block access to and from certain IPs no matter if you are working from a corporate or home network this kind of internet blocking should be just as prevalent and suggested as basic firewall configurations are nowadays. IP blocking has many similar pros and cons as compared to the basic firewall configuration however it extends the safety net. Also, as with any firewall, IP blocking should not be looked upon as an all encompassing security solution. IP blocking could give you added protection from the MPAA, RIAA, adware, pop-ups sites, and government entities just to name a few and all this is customizable using specific blocking lists. www.bluetack.co.uk is a trusted organization to get IP blocking lists from.  There are also ways to do IP blocking within an app such as mldonkey and many of the like.  You can find block lists in that format on http://www2.openmedia.info:8080/p23.html.  However in terms of centralization of block lists and in terms of much lower overall CPU usage using the linux kernels built in iptables is a much better option.

These two programs are GNU GPL and they both use Perl Net::IP and the linux kernel's iptables:

PeerGuardian for Linux

Linblock

You will need the Perl Net::IP class library installed, type the following to check if you have it:

```
perl -MNet::IP -e 1
```

If that yielded:

```
Can't locate Net/IP.pm in @INC (@INC contains: /etc/perl /usr/lib/perl5/site_perl/5.8.5/i686-linux /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.2/i686-linux /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.4/i686-linux /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i686-linux /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.5/i686-linux /usr/lib/perl5/5.8.5 /usr/local/lib/site_perl /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.2/i686-linux /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.4/i686-linux .).

BEGIN failed--compilation aborted.
```

Then you will need to fetch and install that class library.  Since I could not find a package to emerge from portage to fulfill this requirement I used the command:

```
perl -MCPAN -e 'install Net::IP'
```

CPAN is much like a portage for Perl libraries; it goes out and finds all the dependencies and such and installs everything needed to get that class library installed. If this is your first time using CPAN then you'll be presented with a configuration dialog to which you can pretty much safely answer all the prompts with the default values (just press ENTER).

You will also need to turn on iptables in your kernel.  Assuming you're using 2.6 you go to Device Drivers  ---> Networking support  ---> Networking options  ---> and enable Network packet filtering.  Then go into Network packet filtering  ---> IP: Netfilter Configuration  ---> and enable IP tables support.   From there I enabled IP range match support, address type match support, and Packet filtering.  You'll also need the userspace tools "emerge  net-firewall/iptables"

I like PeerGuardian for Linux better than Linblock at the moment because it seems to be more actively developed, improved, and easier to use.  After downloading version 0.3 I did an "emerge x11-misc/xdialog" to get nice GUI installation and configuration dialogs to appear.  From there I just followed the instructions; nice and simple.

Two error messages should come up the first time you run the script:

```
iptables: No chain/target/match by that name

iptables: Table does not exist (do you need to insmod?)
```

 The script's iptables import process should take a while and a lot of CPU usage depending on how big your block list is.  It took easily more than 1 hour with full CPU usage on my AMD64 for the full block list (a 10 MB iptables-restore file).  BTW the full block list is bad in my opinion because by default it blocks my website hosted on lunarpages and it blocks the the Gentoo forums.  Maybe just one or two block lists with a little editing would be good enough.

Once that's done one could then type:

```
/etc/init.d/iptables save

rc-update add iptables default
```

Learn more about iptables at this thread https://forums.gentoo.org/viewtopic-t-159133.html

There is also a Gentoo script out there for easy firewall configuration http://www.gentoo.org/proj/en/dynfw.xml

----------

## gsurbey

I just found out that there is a Gentoo CPAN tool called g-cpan so instead of doing the line above:

```
perl -MCPAN -e 'install Net::IP'
```

You would instead  install perl modules the Gentoo by using app-portage/g-cpan to automatically generate and install ebuilds for portage by using your $PORTDIR_OVERLAY:

```
emerge g-cpan

g-cpan -i Net::IP
```

To clean up later it's a simple

```
emerge -C Net::IP
```

----------

## gsurbey

The Internet Storm Center has an interesting top 20 ip block list http://isc.sans.org/

----------

