Package Details: pgl-cli 2.3.1-1

Git Clone URL: https://aur.archlinux.org/pgl-cli.git (read-only, click to copy)
Package Base: pgl-cli
Description: A privacy oriented firewall application (Daemon & CLI).
Upstream URL: http://sourceforge.net/projects/peerguardian/
Licenses: GPL3
Conflicts: pgl, pgl-git
Provides: pgl
Submitter: Gilrain
Maintainer: Gilrain
Last Packager: Gilrain
Votes: 26
Popularity: 0.000000
First Submitted: 2011-08-25 13:04
Last Updated: 2016-01-14 14:34

Required by (0)

Sources (1)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 Next › Last »

Anonymous comment on 2012-01-28 18:52

Hello Gilran

I'm new to Archlinux and I'm trying to install gpl-cli using PKGBUILD. The machine is a fresh install, with only sshd, samba and bind installed using pacman.

I ran the install process, updated the lists fine (gplcmd update) - now when I try to start the daemon with:

[root@doom ~]# rc.d start pgl
Starting PeerGuardian Linux: pgld failed!

in /var/log/errors.log

Jan 28 19:48:39 doom pgld: ERROR: Connection Error (Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory)
Jan 28 19:48:39 doom pgld: ERROR: dbconn is NULL.
Jan 28 19:48:39 doom pgld: ERROR: Cannot initialize D-Bus

dbus is installed:

[root@doom ~]# pacman -Ss dbus
core/dbus-core 1.4.16-1 [installed]
Freedesktop.org message bus system
extra/dbus 1.4.16-1 [installed]
Freedesktop.org message bus system
extra/dbus-glib 0.98-1 [installed]
GLib bindings for DBUS

Any ideas on how to solve this? Thanks in advance.
Fabio.

graysky commented on 2011-11-19 14:41

@Gilran - thanks for the quick support! I updated the file per your instruction

WHITE_TCP_OUT="http https ntp"
WHITE_TCP_IN="55311" # ssh
WHITE_IP_OUT="192.168.0.0/24"
WHITE_IP_IN="192.168.0.0/24"

The odd thing is the deprecated net-tools package has been and is currently installed.

# which ifconfig
/sbin/ifconfig

Gilrain commented on 2011-11-19 14:03

Eureka! I've found the culprit. pgl uses "ifconfig" to list network interfaces and since Arch dropped it in favour of "ip", WHITE_LOCAL="1" doesn't work as expected. The author is aware of the problem as seen in the TODO file ;-)
In the meantime either use the WHITE_IP_* settings or install the deprecated "net-tools" package.

Gilrain commented on 2011-11-19 13:39

After going through my iptables rules (# iptables --list) I can see that WHITE_LOCAL="1" (enabled by default) doesn't create a specific rule for my LAN. I'll investigate further...

@graysky: The following is needed to allow IPv4 traffic on your LAN:
WHITE_IP_OUT="192.168.0.0/24"
#WHITE_IP_IN="192.168.0.0/24" # uncomment only if the computer hosts services like SSH, HTTP, SAMBA, etc.

As for my server conf file, it white lists every incoming ports except one which is filtered by the block lists:
WHITE_TCP_IN="0:79 81:65535"

While this allows outgoing connections to various servers potentially in the lists:
WHITE_TCP_OUT="ntp http https http-alt"
WHITE_UDP_OUT="domain"

graysky commented on 2011-11-19 12:01

Thanks Gilrain!

Maggie is right, this is the same behavior on my system. I start pgl manually when needed. Does this happen to you to Gilrain?
Gilrain - please post your /etc/pgl/pglcmd.conf

Here is mine that doesn't auto whitelist:

WHITE_TCP_OUT="http https"
WHITE_IP_IN="192.168.0.2"

Where 192.168.0.2 is my workstation.

Gilrain commented on 2011-11-19 08:02

@graysky: pids are in /var/run; /run is for early programs like udev. /run/daemon simply maintains a list of running daemon for the rc.d program. I'll try to adapt the init script to add this functionality.
@maggie: Do you start the pgl daemon after setting up the network? e.g. DAEMONS=(... network @pgl ...). If so you might want to take a look at the # Whitelist IPs # section in /usr/lib/pgl/pglcmd.defaults and submit a bug report on sourceforge.

graysky commented on 2011-11-18 12:45

@Gilrain - just realized that you need to Arch-ize the init script for pgl. It needs to place a pid file in /run/daemons, no?

maggie commented on 2011-11-13 12:10

Something is wrong with this package's feature that whitelists all LAN traffic. I looked in the config file and it is setup to do this, but ssh traffic to the machine on my lan from another machine on my lan is blocked when pgl is running.

graysky commented on 2011-10-31 12:35

Nice, thanks!

Gilrain commented on 2011-10-28 10:13

@graysky: All lists could potentially prevent access to online resources. If you feel that something should be changed in the default configuration, please contact the author.
For this reason and to follow on @maggie's comment, I created https://wiki.archlinux.org/index.php/PeerGuardian_Linux where you can find information on how best to configure pgl.