Phoenix Labs - View Single Post - repackaging pg for debian

First: Nice package, one step nearer to the goal to get the best from PG 1.5. As I see you used parts from an old script from me. Have you also checked these newer versions, they're more flexible and easier in handling the different blocklists to download. But at least you gave me a wonderful inspiration for my script to comply better to formal rules. And the most important thing: The blocking seems to works.

etc/cron.daily/peerguardnf
Unfortunately the daily update doesn't work because your test if there is a connection to the internet always gives a negative result here. But pinging www.sourceforge.net manually works here, so it's a problem in your script.

etc/PG.conf

Code:

# Please edit below if you wish not to block certain ports with
# were in the format 80,25,x,x; or leave it blank if you don't wish
# to use this feature.
# jabber: 5222, 5223
# icq: 5190
# irc: 6667
# msn: 1863
# imaps: 993
# pop3: 110
# https: 443
PORTS_NOT_TO_BLOCK=80,5222,5223,5190,6667,1863, 993, 110, 443;

I wouldn't unblock that many ports in a package for the public.

etc/init.d/peerguardnf

Code:

DAEMON_ARGS="-d -l /var/log/peerguardnf.log -c /etc/PG.conf -m"

You start the webserver. That's ok, but it's also a small security risk.

/var/log/peerguardnf.log
I agree the naming with PG/peerguardnf/peerguardian is messed up. But I'd recommend to use /var/log/PG.log since otherwise JFM's Gambas GUI doesn't work.

usr/sbin
Unnecessary that you create this folder.

usr/share/doc/peerguardnf/NEWS
Still refers to methlabs.org

usr/share/doc/peerguardnf/ipcopinstall.txt:

Code:

to install for ipcop:

copy over peerguardnf to your ipcop box
copy over the blocklist to your ipcop box

login to your ipcop box and move peerguardnf to the /usr/bin directory. Now
go to the directory with the blocklist in it and type:

peerguardnf -d -m -l /var/log/PG.log -h <blocklistfile>

where <blocklistfile> is the name of your blocklist.

Are you sure your advise is right? See the other threads in this forum about the iptables-problems!
Some minutes later: I think I take that back, at least before I think about it again. Did you change the code from PG? Because there's also a QUEUE in the FORWARD rule.
What else did you change in the code?

Keep up the work!
jre


03-02-2006, 11:04 AM	#2
jre Senior Member Join Date: Sep 2005 Posts: 588	Re: repackaging pg for debian First: Nice package, one step nearer to the goal to get the best from PG 1.5. As I see you used parts from an old script from me. Have you also checked these newer versions, they're more flexible and easier in handling the different blocklists to download. But at least you gave me a wonderful inspiration for my script to comply better to formal rules. And the most important thing: The blocking seems to works. etc/cron.daily/peerguardnf Unfortunately the daily update doesn't work because your test if there is a connection to the internet always gives a negative result here. But pinging www.sourceforge.net manually works here, so it's a problem in your script. etc/PG.conf Code: # Please edit below if you wish not to block certain ports with # were in the format 80,25,x,x; or leave it blank if you don't wish # to use this feature. # jabber: 5222, 5223 # icq: 5190 # irc: 6667 # msn: 1863 # imaps: 993 # pop3: 110 # https: 443 PORTS_NOT_TO_BLOCK=80,5222,5223,5190,6667,1863, 993, 110, 443; I wouldn't unblock that many ports in a package for the public. etc/init.d/peerguardnf Code: DAEMON_ARGS="-d -l /var/log/peerguardnf.log -c /etc/PG.conf -m" You start the webserver. That's ok, but it's also a small security risk. /var/log/peerguardnf.log I agree the naming with PG/peerguardnf/peerguardian is messed up. But I'd recommend to use /var/log/PG.log since otherwise JFM's Gambas GUI doesn't work. usr/sbin Unnecessary that you create this folder. usr/share/doc/peerguardnf/NEWS Still refers to methlabs.org usr/share/doc/peerguardnf/ipcopinstall.txt: Code: to install for ipcop: copy over peerguardnf to your ipcop box copy over the blocklist to your ipcop box login to your ipcop box and move peerguardnf to the /usr/bin directory. Now go to the directory with the blocklist in it and type: peerguardnf -d -m -l /var/log/PG.log -h <blocklistfile> where <blocklistfile> is the name of your blocklist. Are you sure your advise is right? See the other threads in this forum about the iptables-problems! Some minutes later: I think I take that back, at least before I think about it again. Did you change the code from PG? Because there's also a QUEUE in the FORWARD rule. What else did you change in the code? Keep up the work! jre