Looking for the latest version? Download README (2.0 kB)
Name Modified Size Downloads / Week Status
Parent folder
README 2012-06-12 7.7 kB 0
pgl-2.2.0.tar.gz 2012-06-12 584.8 kB 0
Totals: 2 Items   592.5 kB
README for pgl Fri Aug 12 19:00:06 CEST 2011 ================================================================================ Table of Contents: 1.) Description 2.) Features pglcmd 3.) Usage pglcmd 4.) Options pglcmd 5.) Configuration pglcmd 6.) pglgui See also pgl/README for installation instruction and requirements. ================================================================================ 1.) Description: PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge blocklists (thousands or millions of IP ranges). pgl is based on the Linux kernel netfilter framework and iptables. You can get it at http://sourceforge.net/projects/peerguardian/ WARNING: pgl may block your complete network/internet access! Using too many and/or inappropriate lists may seriously degrade your internet service. pgl starts automatically at system boot per default. Some preconfigured blocklists are used and will be updated once a day. These blocklists may block much more than what you want. This may result in a strongly limited network availability - including your own LAN, gateway and DNS server, many webpages, services like eMail, instant messaging or the "weather applet" and your machine's accessibility from the internet. There are many configuration options to prevent this. Per default pglcmd already takes care of allowing (whitelisting) LAN traffic, DNS server and loopback device. If you are on a public LAN, you probably want to disable this feature. WARNING: Users with firewall (iptables rules) pgl does not conflict with other firewalls (iptables rules) as long as you make sure the following three conditions hold: - pgl marks non-matched (IP is not in the blocklist) packets. (The marking feature is on per default in pglcmd.) - Other firewalls do not mark packets. - pgl is started after other firewalls. If other firewalls are started/reloaded after pgl, then you need to restart pgl again. You will be fine, if the iptables rules which send traffic to the iptables chains (pgl_in, pgl_out and pgl_fwd) stand before all other iptables rules which ACCEPT traffic. To help you achieve this, pglcmd.wd restarts pgl if it detects any problems. But it's still recommended to restart pgl manually, whenever another application changed the iptables setup. Technical note: pgld checks traffic (packets) that is sent to the iptables NFQUEUE target. If the necessary netfilter support is not built in the kernel directly, pglcmd will load the necessary kernel modules. If they are not available, pgld can not be started. If a packet matches the blocklist, then pgld DROPs it directly. If configured pgld MARKs the packet instead. Per default the MARKing feature is on if you use pglcmd. So blocked packets get the MARK "10", which is shown as "0xa" by iptables. If a packet doesn't match the blocklist, then pgld ACCEPTs it directly. If configured pgld MARKs the packet instead. Per default the MARKing feature is on if you use pglcmd. So allowed packets get the MARK "20", which is shown as "0x14" by iptables. A MARKed packet repeats the hook function (NF_REPEAT). So it is sent back to the head of the iptables chain again. This means it enters the chain INPUT, OUTPUT or FORWARD again, but this time bearing a MARK. Then further iptables rules that match the MARK decide what happens with the packets. Per default pglcmd sets iptables rules to REJECT outgoing packets, and to DROP incoming and forwarded packets, if they were "marked block". If they were "marked allow", pglcmd's iptables setup just ignores them, so other iptables rules decide what happens to them. It is strongly recommended to use the MARKing feature, because this allows to integrate pgl with other firewalls. A packet may only bear one mark, so there mustn't be any other applications or iptables rules that mark packets. Otherwise the setup will not work and the packet will loop forever. ================================================================================ 2.) Features pglcmd: - Start and stop pgl. Or let init do this automatically. - Update your blocklists from online sources. Or let cron do this automatically. Backups will be used if a problem occurs. Additionally you may use your local blocklists. - Examine your selected blocklists by searching the single blocklists for keywords. - Remove lines by keyword from the blocklists. - Handle your iptables rules: use a default setup, easily allow all traffic on specific ports and use an allow list, or add your own sophisticated iptables rules. - Allow all LAN traffic and the DNS server automatically. If you are on a public LAN, you probably want to disable this feature. - Check the status and test the IP block daemon. - A watchdog monitors pgl and restarts it if necessary. - Detects if kernel modules are needed and loads them if necessary. - Set verbosity and logging options. - Provides LSB 3.1 compatible init script. - Daily rotation of the logfiles. ================================================================================ 3.) Usage pglcmd: pglcmd OPTION pglcmd search PATTERN ================================================================================ 4.) Options pglcmd: start inserts iptables rules, starts pgld and the watchdog. If the blocklist configuration changed, rebuilds the master blocklist. stop deletes iptables rules and stops pgld. start_wd starts the watchdog. stop_wd stops the watchdog. restart restarts pgld. reload rebuilds the master blocklist and reloads pgld if it is running. update updates the blocklists, rebuilds the master blocklist and reloads pgld if it is running. force-restart like restart, but forces to rebuild blocklist force-reload like reload, but forces to rebuild blocklist force-update like update, but forces to download blocklists again status gives the iptables settings and the status of pgld and the watchdog. test does a simple test to check if pgl is working (pings a random IP from the blocklist, checks if this IP was logged in the logfile, and if the IP answered). search outputs the occurences of a keyword and the names of the single blocklists. stats reports pgld's statistics. reset_stats resets pgld's statistics. show_config shows the current configuration settings. Note for blocklist operations: When the master blocklist is built, missing single blocklists are downloaded. If any blocklist fails to download, and if there is no old version available, the operation aborts. If a downloaded blocklist fails to extract, it is deleted and the operation aborts. ================================================================================ 5.) Configuration pglcmd: Remote blocklists are configured in BLOCKLISTS_LIST (/etc/pgl/blocklists.list). Local blocklists are placed in LOCAL_BLOCKLIST_DIR (/etc/pgl/blocklists.local/). Most things are done in pglcmd.conf (/etc/pgl/pglcmd.conf). Refer to pglcmd.defaults (/usr/lib/pgl/pglcmd.defaults) for the complete set of possible configuration variables with comments. The allow list for IP ranges is allow.p2p (/etc/pgl/allow.p2p). Per default, the allowlist is used for incoming and outgoing connections. If desired different allow lists for incoming, outgoing and forward connections may be used. ================================================================================ 6.) pglgui pglgui works on top of pgld and pglcmd. It requires dbus. Start it with "pglgui --tray" to dock it directly in the system tray. The pglgui configuration is in ~/.config/pgl/pglgui.conf
Source: README, updated 2012-06-12

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Windows
Mac
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies
X

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks