[SOLVED] Peerguardian is blocking everything (plus, how to add Peerguardian's filters to Deluge)

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

[SOLVED] Peerguardian is blocking everything (plus, how to add Peerguardian's filters to Deluge)

Post by BrunoMiranda »

Hi guys!

Recently Peerguardian started blocking everything.
This even includes name resolution. Well this brings me a lot of related problems, and only today I've realized it was Peerguardian doing this.

I was using the terminal version, pglcmd. I could not find a GUI for Mint 20.x, until today.

I've googled around and found some info here:
https://sourceforge.net/p/peerguardian/ ... t-any-more

Following some procedures, I've make apt purge the program and then reinstall it.
It wasn't straight forward because it is not on the repos, but I was able to find a link with the .debs and this includes a GUI:
https://tchekbo.wordpress.com/2021/05/1 ... ock-linux/

I would say this is working (well, at least it starts!), but it still blocks everything and I can only ping 127.0.0.1. Same as it was before.

I've done troubleshooting and I've noticed that the WHITE_LOCAL="1" is present in /usr/lib/x86_64-linux-gnu/pgl/pglcmd.defaults but it's not working.

The same troubleshooting guide tells I should whitelist my LAN in /etc/pgl/pglcmd.conf.

The thing is, my sudo ip addr is outputting a subnet mask other than a pure class, and this is where I need your help because it's been some years I've been off networking...

So according to the output:

Code: Select all

sudo ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether b4:a9:fc:c3:dd:59 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 80:30:49:ed:44:19 brd ff:ff:ff:ff:ff:ff
    inet 10.22.76.236/15 brd 10.23.255.255 scope global dynamic noprefixroute wlp2s0
       valid_lft 312sec preferred_lft 312sec
    inet6 fe80::4d96:ac21:ac29:30f6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
I've added this to my /etc/pgl/pglcmd.conf:

Code: Select all

WHITE_IP_IN="10.22.76.236/15"
WHITE_IP_OUT="10.22.76.236/15"
The output of peerguardian's status (after starting it) is:
TLDR: * pgld is not running
* pglcmd.wd is running

Code: Select all

pglcmd status
Current IPv4 iptables rules (this may take a while):

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   260 pgl_in     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ! ctstate RELATED,ESTABLISHED mark match ! 0x14
  12M 9355M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  12M 9355M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  112 41478 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   52 31240 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   52 31240 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   52 31240 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 pgl_fwd    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ! ctstate RELATED,ESTABLISHED mark match ! 0x14
  125 48025 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  125 48025 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   509 pgl_out    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ! ctstate RELATED,ESTABLISHED mark match ! 0x14
6583K  578M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6583K  578M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
36971 6376K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
36971 6376K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
36971 6376K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
36971 6376K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain pgl_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            127.0.0.53          
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0xa
    0     0 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            NFQUEUE num 92

Chain pgl_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   260 RETURN     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0xa
    0     0 RETURN     all  --  *      *       10.22.0.0/15         0.0.0.0/0           
    0     0 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            NFQUEUE num 92

Chain pgl_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   260 RETURN     all  --  *      *       0.0.0.0/0            127.0.0.53          
    0     0 RETURN     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0xa reject-with icmp-port-unreachable
    0     0 RETURN     all  --  *      *       0.0.0.0/0            10.22.0.0/15        
    4   249 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            NFQUEUE num 92

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   234 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
   21  6880 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
   36  3124 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   24 14995 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  125 48025 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
65896 6532K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  12M 9348M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  908 36320 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
  908 36320 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    1   328 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
  713  149K ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  574  104K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
   27  3456 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
  112 41478 ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
66261 6564K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
6480K  565M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
36972 6376K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  738 29520 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
   81  3240 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   22 26410 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
  631  113K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
   60 10238 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
   60 10238 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
12330  740K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
24302 5615K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:42000
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:42000
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5001

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5001

Current IPv6 iptables rules (this may take a while):

Chain INPUT (policy DROP 39 packets, 7137 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1381  161K ufw6-before-logging-input  all      *      *       ::/0                 ::/0                
 1381  161K ufw6-before-input  all      *      *       ::/0                 ::/0                
   39  7137 ufw6-after-input  all      *      *       ::/0                 ::/0                
   39  7137 ufw6-after-logging-input  all      *      *       ::/0                 ::/0                
   39  7137 ufw6-reject-input  all      *      *       ::/0                 ::/0                
   39  7137 ufw6-track-input  all      *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw6-before-logging-forward  all      *      *       ::/0                 ::/0                
    0     0 ufw6-before-forward  all      *      *       ::/0                 ::/0                
    0     0 ufw6-after-forward  all      *      *       ::/0                 ::/0                
    0     0 ufw6-after-logging-forward  all      *      *       ::/0                 ::/0                
    0     0 ufw6-reject-forward  all      *      *       ::/0                 ::/0                
    0     0 ufw6-track-forward  all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 134 packets, 14204 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1882  218K ufw6-before-logging-output  all      *      *       ::/0                 ::/0                
 1882  218K ufw6-before-output  all      *      *       ::/0                 ::/0                
  649  107K ufw6-after-output  all      *      *       ::/0                 ::/0                
  649  107K ufw6-after-logging-output  all      *      *       ::/0                 ::/0                
  649  107K ufw6-reject-output  all      *      *       ::/0                 ::/0                
  649  107K ufw6-track-output  all      *      *       ::/0                 ::/0                

Chain ufw6-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:137
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:138
    0     0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:139
    0     0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:445
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:547

Chain ufw6-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   17  3111 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ufw6-user-forward  all      *      *       ::/0                 ::/0                

Chain ufw6-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    6   444 ACCEPT     all      lo     *       ::/0                 ::/0                
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ufw6-logging-deny  all      *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 DROP       all      *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
  847 64372 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 144
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 145
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 146
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 147
    0     0 ACCEPT     udp      *      *       fe80::/10            fe80::/10            udp spt:547 dpt:546
  489 88839 ACCEPT     udp      *      *       ::/0                 ff02::fb             udp dpt:5353
    0     0 ACCEPT     udp      *      *       ::/0                 ff02::f              udp dpt:1900
   39  7137 ufw6-user-input  all      *      *       ::/0                 ::/0                

Chain ufw6-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    6   444 ACCEPT     all      *      lo      ::/0                 ::/0                
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
  139  6880 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
   44  3168 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
 1044 99824 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
  649  107K ufw6-user-output  all      *      *       ::/0                 ::/0                

Chain ufw6-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      *      *       ::/0                 ::/0                 ctstate INVALID limit: avg 3/min burst 10
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-input (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                

Chain ufw6-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 ctstate NEW
  515 93107 ACCEPT     udp      *      *       ::/0                 ::/0                 ctstate NEW

Chain ufw6-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:42000
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:42000
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:5001

Chain ufw6-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all      *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                

Chain ufw6-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:5001

Please check if the above printed iptables rules are correct!

 * pgld is not running
 * pglcmd.wd is running
PID: 138835    CMD: /bin/sh /usr/sbin/pglcmd.wd
So, in all this, what am I missing or doing wrong?
Am I configuring the wrong interface? (I'm using WiFi)
Did I get the subnetting mask wrong?
Or... ?

Thank you very much for any kind help!
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 3 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Bye for now,
Bruno


(Always backup before you screw up :)
Top
User avatar
smurphos
Level 18
Level 18
Posts: 8498
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:
Contact smurphos

Re: Peerguardian is blocking everything

Post by smurphos »

Do you mind me asking why you are using it still? - it's abandoned software.

If your use case is using blocklists for torrenting - then I'm fairly sure all the linux torrent clients have inbuilt support for loading and implementing blocklists these days - transmission certainly has.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Top
User avatar
donten
Level 4
Level 4
Posts: 244
Joined: Mon Apr 06, 2020 2:16 pm

Re: Peerguardian is blocking everything

Post by donten »

viewtopic.php?p=2111867#p2111867

Here is a post of mine showing how to install PGLinux ...
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: Peerguardian is blocking everything

Post by BrunoMiranda »

@smurphos and @donten, thanks for replying.

Yes, I use Peerguardian for torrenting.

Yes I know it has been abandoned, but I'm already used to the simple terminal version, and the blocklists keep on being updated, or am I wrong?

I wasn't aware that torrent clients can use blocklists, thanks for this valuable hint, @smurphos!
I had a 1st look and Deluge can use them, yes.
But for what I've understood, I have to feed them manually and it does not seem that they can be automatically or easily manually updated. And this is not practical.
At least pglcmd and its GUI are easily updated (IF the blocklists are being updated!). Or have them also been abandoned?

@donten, thanks for your tutorial. I might already have stepped on it in the past as I already have that PPA on my system. But curiously Synaptic was not listing any Peerguardian packages... Weird! I have to check this better.

I'll purge and reinstall Peerguardian using your tutorial because I'm already used to it, meanwhile I'll dig better how can I feed and update its blocklists into Deluge.

I'll update this thread when I have more news.

Meanwhile, if anyone knows about feeding and updating blocklists into Deluge, please let me know. Kindly appreciate it!
Bye for now,
Bruno


(Always backup before you screw up :)
Top
User avatar
donten
Level 4
Level 4
Posts: 244
Joined: Mon Apr 06, 2020 2:16 pm

Re: Peerguardian is blocking everything

Post by donten »

Don't have it start at boot until you are set up correctly, by the way!
Top
User avatar
donten
Level 4
Level 4
Posts: 244
Joined: Mon Apr 06, 2020 2:16 pm

Re: Peerguardian is blocking everything

Post by donten »

As for blocklists, I use just one for both torrenting and security: https://p2pblocklist.wordpress.com/

It's a subscription service, but its not expensive. Deluge and qBittorrent can both use blocklists...If you look thru their configuration area, you will see where to input the path to the list that you have downloaded to your machine.
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: Peerguardian is blocking everything

Post by BrunoMiranda »

OK, quick update.

Purging and reinstalling peerguardian by using @donten's PPA and procedure brings be back to the same place.
Installation seems fine but as soon as it starts name resolution gets screwed up.
And sudo pglcmd status returns (among other things)
* pgld is not running

So there's some other thing going on.
Bye for now,
Bruno


(Always backup before you screw up :)
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: Peerguardian is blocking everything

Post by BrunoMiranda »

donten wrote: Tue Feb 22, 2022 7:06 pm As for blocklists, I use just one for both torrenting and security: https://p2pblocklist.wordpress.com/

It's a subscription service, but its not expensive. Deluge and qBittorrent can both use blocklists...If you look thru their configuration area, you will see where to input the path to the list that you have downloaded to your machine.
Thanks for the hints, @donten.

So Deluge cannot update its blocklists, right?
But Peerguardian can, right?

Since I torrent very seldom, it seems my best option would be to manually update Peerguardian's lists, and have a script to copy them into Deluge, or see if it works with some symbolic link.
Bye for now,
Bruno


(Always backup before you screw up :)
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: Peerguardian is blocking everything

Post by BrunoMiranda »

Well, new updates.

Peerguardian started working!
I've realized it has automatically captured an inbound whitelist IP range that was not quite the one that sudo ip addr outputted but it is "near" (for an IP). I've added that same IP to the output whitelist. Not sure if this is the thing that made it work (regarding pgld), I doubt it, but now it is starting and running and name resolution is working.

Honestly I don't know what made it work, but meh, I had a teacher that used to say "I.T. is not an exact science..." (he was a Physicist) :lol:
Anyways, I'm marking this as solved.

Regarding my question, I confirm that Peerguardian's blocklists are being actively updated.

I've tried to import Peerguardian's blocklists into Deluge and I've got it working!
I've found them in /var/lib/pgl/master_blocklist.p2p (a 15MB text file), but that folder is not accessible by normal users. Also, Deluge needs the file to be called ipfilter.dat.
So I've copied it to ~/.config/deluge/plugins/ and told Deluge to fetch it in file:///~/.config/deluge/plugins/ipfilter.dat.

So now I'm adding a cronjob to copy the master block list to Deluge every once in a while.

Note: Peerguardian's Master Blocklist is only updated after you start peerguardian.
If you only update it but do not start it, the filter lists will be updated but not the Master Blocklist.
So, in practice:

Code: Select all

sudo pglcmd start
sudo pglcmd update
sudo pglcmd stop
And then you can copy and rename the Master Blocklist file to Deluge's folder.

DONE!

Thanks for your help, my dudes!
Last edited by BrunoMiranda on Mon Mar 14, 2022 2:29 am, edited 1 time in total.
Bye for now,
Bruno


(Always backup before you screw up :)
Top
User avatar
smurphos
Level 18
Level 18
Posts: 8498
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:
Contact smurphos

Re: Peerguardian is blocking everything

Post by smurphos »

donten wrote: Tue Feb 22, 2022 7:06 pm As for blocklists, I use just one for both torrenting and security: https://p2pblocklist.wordpress.com/

It's a subscription service, but its not expensive. Deluge and qBittorrent can both use blocklists...If you look thru their configuration area, you will see where to input the path to the list that you have downloaded to your machine.
I use transimission - I just put my personalised iblocklist link (also have a cheap annual subscription) into transmission and it updates automatically.

Image
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: [SOLVED] Peerguardian is blocking everything (plus, how to add Peerguardian's filters to Deluge)

Post by BrunoMiranda »

Just adding a little shared note to self that might be useful in the case where, like it happened to me, pglcmd refuses to start.
The solution is simple (if this is the problem): /var/log is full. Just get some free space there and it should be starting now.
Bye for now,
Bruno


(Always backup before you screw up :)
Top
User avatar
donten
Level 4
Level 4
Posts: 244
Joined: Mon Apr 06, 2020 2:16 pm

Re: [SOLVED] Peerguardian is blocking everything (plus, how to add Peerguardian's filters to Deluge)

Post by donten »

Very good! Perseverance furthers, once again!
Top
BrunoMiranda
Level 4
Level 4
Posts: 359
Joined: Thu Jun 24, 2010 2:22 pm

Re: [SOLVED] Peerguardian is blocking everything (plus, how to add Peerguardian's filters to Deluge)

Post by BrunoMiranda »

Well, the problem returned and I was able to pinpoint a solution, so why not share it here?

Also, this forum can act as a good notebook for solutions and procedures. I keep them in a Recovery/Procedures folder, and sometimes bookmarked on the browser, but what if I'm away and have a similar problem? Logging in here and heading to My Topics is a pretty cool way of having access to the info without carrying a whole library or laptop or SD card along, plus having to keep on updating all the info... Hurray for the omnipresent secretary, Claudia, the Cloud! :mrgreen:
Bye for now,
Bruno


(Always backup before you screw up :)
Top
Locked

Return to “Networking”