Recent changes to support-requests

#42 Error loading master_blocklist.p2p (broken support for local blocklists in pglgui)

2013-04-28T19:00:16Z

Just an update/correction
pgld has and had builtin support for gz packed lists.
I now extended pglcmd's support for gz, 7z and zip packed blocklists to local blocklists, too.

Still, pglgui doesn't handle local blocklists correctly. I updated the pgl/TODO for that.

#42 Error loading master_blocklist.p2p (broken support for local blocklists in pglgui)

2013-04-28T13:06:48Z

summary: Error loading master_blocklist.p2p --> Error loading master_blocklist.p2p (broken support for local blocklists in pglgui)
status: pending --> accepted
assigned_to: jre-phoenix --> Carlos

#44 Allow HTTP?

2013-03-07T13:31:30Z

Ooops! I tottaly forgot, whitelisting the secured connections! :-(
Seems like, this was all about.
Let me test it for a while and if the problem persists, I'll be back.

THANKS AGAIN!!! :-)
G.

#44 Allow HTTP?

2013-03-06T20:56:20Z

Nevermind, I hope you choose not to give up.

I assume there is traffic on another port blocked. Please check pgld.log ("tail -f /var/log/pgl/pgld.log" or in pglgui.) There you see in real time whenever an IP is blocked. And you see on which port it was blocked (e.g. for an outgoing http connectin you would see:
[YOUR IP] [SOME PORT NUMBER] [DESTINATION IP] [80] [OUTGOING]
--> you need to whitelist WHITE_TCP_OUT=80 (what you have already done, of course)

Most probably it might be a secure connection on port 443.

Incoming and forward connections should not be necessary to be whitelisted.

#44 Allow HTTP?

2013-03-06T01:48:32Z

Update:
Well, I don't know!
Sometimes works (the 80 port whitelisting), sometimes not.
I have whitelisted all 80 port tcp traffic (incoming, outgoing, forwarding).
I can see it, at "Whitelist" window and also from root konsole with "pglcmd status".
Despite that, sometimes firefox can connect, sometimes not (and I have to disable pgl in order to see a webpage).

And this behavior changes (from permitting or prohibiting the connection to a webpage server), without any intervation from me (and without any changes at status).
It's just a random phenomenon.
Also sorry for bothering you again! :-(
I give up! I just don't know what's happening! :-)
G.

#44 Allow HTTP?

2013-03-02T00:22:38Z

Oh, I didn't noticed it! :-)

Everything is working OK!
Indeed, I can see the RETURN tcp dpt:80.
Every change from the gui, corectly works and properly indicating at status tables.

I'm not sure what went wrong at first place, but right now everything seems to working properly.
THANKS!!! :-)

#44 Allow HTTP?

2013-02-26T23:02:40Z

ad PS1)
With pglgui you don't need to restart, just "Apply".

ad PS2)
Once a NEW connection is established (during whitelisting), all later RELATED or ESTABLISHED connections will be automatically allowed. Perhaps that's the reason. Not sure though.

To debug your issues please check the output of "sudo pglcmd status": there is an iptables rule for every whitelisting. Tell me if you need help interpreting these. A change of the whitelist setting triggers an immediate adjustment of the iptables rules. E.g. a removal of the outwards TCP whitelisting for http (port 80) triggers a removal of the following iptables rule in the iptables chain "pgl_out":
XXX XXX RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

Please check with this if whitelisting works as supposed.

#44 Allow HTTP?

2013-02-20T19:17:57Z

MANY THANKS jre-phoenix for your help!!! :-)

I was thinking to add a feature request, for this task (as peerguardian had at past at windows and ipblock at linux), but you convinced me that is a dangerous option.
Still usefull though, if you have azureus (or any other client) running at the background and you need just a couple of minutes to open firefox (or any other browser) eg. to check your mails.

PS1: I added the http port whitelisting -> Apply -> Restart (with the required pwds) and nothing happened.

I disabled peerguardian and reenabled in order to accept the whitelisting.

PS2: Having the tbg/search-engines list enabled, was blocking google search and gmail.
After whitelisting the 80 port, I accessed again both.
After disabling the 80 whitelisting, I still have access to both two (always with tbg/search-engines enabled.
Strange!

THANKS AGAIN!!! :-)
Giorgos.

#44 Allow HTTP?

2013-02-19T17:28:04Z

status: open --> closed
assigned_to: jre-phoenix
priority: 8 --> 5

#44 Allow HTTP?

2013-02-19T17:27:26Z

You really should first mess with blocklists ;-P

Set them up to your personal needs.

I don't recommend to whitelist ports. Why? If you whitelist/allow a port (e.g. port 80 for http), a malicious host may just listen on this port and thus you will be unprotected. (Yes, although port 80 is reserved for http/websurfing, everybody is free to (mis-)use it for its own purposes).

Thus having said, the option that you asked for, is
WHITE_TCP_OUT="80"
in /etc/pgl/pglcmd.conf. After setting it, you have to do a "pglcmd restart" once.

Alternatively, use the GUI:
pglgui
- Configure
- Whitelist
- Add ("+")
- Type "80" or "http", make sure "Port", "Outgoing" and "TCP" are checked
- OK
- Eventually give your root or user password