Installing and using Peerguardian on PCLinuxOS 2007

Installation and first use

Privacy is a big issue in the online world. Big money is made selling our personal information. For those who frequently download using Peer-to-Peer programs, Peerguardian might be a good addition to their system.

Peerguardian runs in the background of your system and is silently blocking a large range of IPs that have been known to do evil things, for instance, IPs from government organisations trying to monitor downloading behaviour, spyware trackers, etc. Whenever your computer tries to make any connection to one of these blacklisted IP's, Peerguardian will prevent it and protect your computer. I consider it a must-have for every computer using P2P applications.

Peerguardian is not (yet) available through the 2007 repositories, so we'll have to download the source code from the main website.

Save this somewhere on your harddrive and unpack the source where you want to compile it (e.g.: ~/src/pglinux).

I know a lot of you will probably say something like, "Source code?? I've never done that! HELP!!" Trust me, it's not that difficult and I will guide you through the process.

First start Synaptic, locate the 'iptables', the 'iptables-devel', the 'ipset' and the 'gcc-c++' packages and install them. You'll need them to compile Peerguardian.

Now go back to your source directory and open a terminal window. Type './configure' and type the enter key. You'll see a long list being made of things getting checked. This process will check to see that everything is ok and will create the configuration files needed for the compile.

Finally the list will stop running, stating "It's ok to start your make now", do so by entering the 'make' command. Again there will be a lot of gibberish in the terminal window, but if it completes you'll have a freshly built peerguardnf-binary at the ready. As root, copy this binairy to /usr/bin using the command 'cp -a ./peerguardnf /usr/bin'. (Some people may say that 'make install' is a better solution for installing the binary. That is absolutely correct, but for some reason, it doesn't work. And the package is no longer being maintained,so we'll stick to copying it instead.)

Starting Peerguardian

There are two ways of starting Peerguardian, either automatically by a script which will do all the work for you, or by doing things by hand, leaving more room for configuration.

If you want to do it automatically with a script, you're lucky because I've provided one for you. It updates the lists of blocked IP's from (level 1&2 blocklists) and tells you when Peerguardian has loaded successfully (or not). You can download this script at In order for the script to work, you have to make it executable. Do so by typing the command 'chmod a+x ./start_peerguardian' in the directory that contains the script. Now you can just start Peerguardian by double-clicking the script. If you wish to check whether all is going well, you might want to take a look inside the logfile. It'll be located under ~/.pglinux/pglog.txt

If you want to start Peerguadian manually, here's how.

Pick up some blocklists from In the top right corner there is a link 'blocklists' which will lead you to the download page. As you can see, the IPs have been split up under several categories, e.g.: Spyware, Level1, Addons, etc... The Level1 blocklist is the most important one, it contains the largest list with bad IP's everyone ought to have blocked. The others are optional.

You can download one by clicking on it and agreeing to the license. Save the *.zip file to a location of your choice. Unzip it, and you'll find a regular textfile inside. This is useful, because if you download multiple blocklists, you can just paste one underneath. Remember the location of the textfile, since you need it to start Peerguardian.

Now it's time to start Peerguadian itself...

First load the ip_queue module by typing 'modprobe ip_queue'. It's needed to run Peerguardian.

As an example I'll take my regular command to start Peerguardian (note: peerguardnf must be run as root. If you type 'peerguardnf --help' you'll get a full list of options. I'll use just a few of them in this tutorial.):

$peerguardnf -d -l /home/rick/.pglinux/pglog /home/rick/.pglinux/level1.txt

  • '-d' will start the program in daemon mode, it will run as a background application allowing you to close the terminal windows
  • '-l /home/user/pglinux/pglog' will write all ouput/errors to a logfile for later analysis
  • '/home/user/pglinux/level1.txt' is the path to the blocklist peerguardian will read 'bad IPs' from

If the loading was successful, the log will read something like this:

  • Reading blocklist
  • detected ASCII blocklist
  • Entering daemon mode
  • Blocking 140336 ranges (735355236 IP addresses)

Congratulations, you've just started Peerguardian for the first time! If you want to stop it again, open Ksysguard and kill peerguardnf.