# Inexperienced Gentoo user with torrent question.

## Mr. Hibba

Hi all, 

  I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent? 

Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still... 

Thanks all!

----------

## d2_racing

It's not inside the portage tree at least.

So, right now you cannot install it via emerge, but you may find this program inside an overlay somewhere.

----------

## Mr. Hibba

 *d2_racing wrote:*   

> It's not inside the portage tree at least.
> 
> So, right now you cannot install it via emerge, but you may find this program inside an overlay somewhere.

 

Thanks. I was mainly wondering if it was really needed or not if I am to use torrents on Gentoo. I already have a firewall in our router as well as some rules set in iptables (No inbound FTP or SSH, nor ping. Don't know if I set any more.)

----------

## zyko

Some Bittorrent clients offer interal blocklisting support, for example net-p2p/deluge.

----------

## d2_racing

Can you post your iptables rules, because you may block torrents ports without knowing it.

----------

## Mr. Hibba

Not sure how to post my iptables rules, but I'll try:

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

DROP       tcp  --  anywhere             anywhere            tcp dpt:ftp 

DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh 

DROP       icmp --  anywhere             anywhere            icmp echo-request 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination   

That's all I have set.  

I guess my main question is if ip-blocking is really needed or not, though. Is it probably overkill and I am paranoid? (Eh, I'm probably paranoid either way...). 

And Zyko, thanks for the tip about BitTorrent clients with built-in blocklisting. For now, though, I kinda want to stick with rtorrent.

----------

## d2_racing

If you are a parano, try my parano iptables : http://gentoo-quebec.org/wiki/index.php/Utilisation_de_Iptables_pour_un_seul_ordinateur_mode_parano

----------

## keet

 *d2_racing wrote:*   

> If you are a parano, try my parano iptables : http://gentoo-quebec.org/wiki/index.php/Utilisation_de_Iptables_pour_un_seul_ordinateur_mode_parano

 

I tried it, and rather like it.  Do you have an English version of that page?  I felt like translating it into English -- I haven't finished yet, but if you particularly want an English version, I could type it for you.

----------

## d2_racing

Yeah why not, I don't have much time nowadays, so basically I write doc with my native language, it's faster for my brain  :Razz: 

----------

## Mr. Hibba

Hey all, thank you all for your replies. I found out that PeerGuardian didn't quite do what I wanted it to, so that solves that problem. 

Also, thank you for posting that link for IPtables. I don't really know much about IPtables/networking yet, so I haven't tried the guide yet. Thinking about it, but I don't know what the rules do. 

Mr. Hibba.

----------

## d2_racing

No problem  :Razz: 

----------

## darkphader

 *Mr. Hibba wrote:*   

> I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent? 
> 
> Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still... 

 

I like having a blocklist, and I like rtorrent (it's by far the fastest client I've used). Since rtorrent has no blocklist capability I use a Bluetack blocklist on my firewall. First attempt was disappointing as the list is so expansive that it blocked normal web, etc. access to many sites (microsoft.com, openbsd.org, etc.). So I needed to figure out a way to block only rtorrent and not the rest of my traffic or traffic from my other systems (server, ps3, phone, nook, etc.). I use OpenBSD with PF as a standalone firewall/router but I'm sure Linux, etc. would work just as well.

Here's the script I run:

```
#!/bin/bash

ssh myname@myfirewall 'sudo /usr/local/bin/loadtorrentrules'

sudo /sbin/ip addr add 192.168.1.99/24 broadcast 192.168.1.255 dev eth0

/usr/bin/rtorrent

ssh myname@myfirewall 'sudo /usr/local/bin/unloadtorrentrules'

sudo /sbin/ip addr del 192.168.1.99/24 broadcast 192.168.1.255 dev eth0
```

This script does the following:Tell my firewall to load the anchor ruleset that, among other things, blocks access to the blocklist addresses to and from 192.168.1.99.

Add the secondary address 192.168.1.99 to my network device (different from my dhcp reserved primary address - same subnet).

Start rtorrent.

When rtorrent is closed unload the anchor ruleset, flush the blocklist table, and kill the associated states.

Remove the secondary IP address from my network device.

Of course there are tables, scripts (to load/unload), etc. on the firewall to accomplish those directives and sudoers needs to be properly setup on both systems. I use public key encryption with keychain for security and to eliminate the need for passwords (passphrase is entered on first shell startup).

Also the .rtorrent.rc file contains:

```
bind = 192.168.1.99
```

This way rtorrent only binds to the secondary address.

Convoluted or elegant? You be the judge.

Chris

----------

## Mr. Hibba

 *darkphader wrote:*   

>  *Mr. Hibba wrote:*   I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent? 
> 
> Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still...  
> 
> I like having a blocklist, and I like rtorrent (it's by far the fastest client I've used). Since rtorrent has no blocklist capability I use a Bluetack blocklist on my firewall. First attempt was disappointing as the list is so expansive that it blocked normal web, etc. access to many sites (microsoft.com, openbsd.org, etc.). So I needed to figure out a way to block only rtorrent and not the rest of my traffic or traffic from my other systems (server, ps3, phone, nook, etc.). I use OpenBSD with PF as a standalone firewall/router but I'm sure Linux, etc. would work just as well.
> ...

 

Thanks for the info!  This sounds good, but may be a bit much for me. I don't know alot about what rules to set. 

Mr. Hibba.

----------

