Peerprotect

Introduction
Oftentimes it is desirable to block specific IP's, especially when using bittorrent. For windows, peerguardian is available to perform this task, however there is currently no ubiquitous program to do this in Linux. Conveniently most of the tools to accomplish are already available on Linux, so with a little help, Linux users can get the same privacy that windows users get. This script will automatically download peerguardian's blacklist files and add them to iptables as a rule to block.

Usage
Download the script, (here I named it peerprotect.sh, but the name doesn't really matter). I put the script in a bin directory in my directory, since only root can modify iptables anyway:  and then added  to root user's path:

To make this path change permanent just add the above command to your bashrc file:. To actually run the file you must first make it executable;

Modify the ports at the head of the file to the ports you use to torrent/share, so for instance I use 2700-2710, which is the default for ctorrent. You can also change where you store your blacklist cache, here I used.

While you are reading the script, you should (as a rule, with anything from the internet) look over it and try to understand what it is going to do.


 * When you are ready to update the blacklist (which must be done before you can start blacklisting bad IP's) run with the update command,


 * When you are ready to start the blacklist and port forwarding for torrents, run with the start command,


 * When you are done torrenting, run with the stop command:

and you should see something like this (with the number of packets on the specified ports increasing with time). Chain INPUT (policy DROP 489 packets, 45905 bytes) pkts bytes target    prot opt in     out     source               destination 2420 187K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 22 3522 ACCEPT     all  --  any    any     192.168.1.0/24       anywhere 0    0 ACCEPT     all  --  !eth0  any     anywhere             anywhere 92 8545 p2pfilter  udp  --  any    any     anywhere             anywhere            udp dpts:2700:2710 310 18708 p2pfilter tcp  --  any    any     anywhere             anywhere            tcp dpts:2700:2710 0    0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:www 2  160 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh 0    0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ftp 489 45905 LOG       all  --  any    any     anywhere             anywhere            LOG level warning
 * To check that the script worked and that it is blacklisting stuff properly, run the script with start and then type:

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target    prot opt in     out     source               destination 0    0 ACCEPT     all  --  !eth0  any     anywhere             anywhere 0    0 ACCEPT     all  --  eth0   any     anywhere             anywhere            state RELATED,ESTABLISHED 0    0 LOG        all  --  any    any     anywhere             anywhere            LOG level warning

Chain OUTPUT (policy ACCEPT 47 packets, 6679 bytes) pkts bytes target    prot opt in     out     source               destination 1523 238K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 8  480 p2pfilter  tcp  --  any    any     anywhere             anywhere 33 3614 p2pfilter  udp  --  any    any     anywhere             anywhere

Chain p2pfilter (4 references) pkts bytes target    prot opt in     out     source               destination 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.18.162.102-4.18.162.102 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.36.44.3-4.36.44.3 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.38.98.140-4.38.98.140 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.53.2.12-4.53.2.15 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.65.105.109-4.65.105.109 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.71.209.0-4.71.209.63 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.79.208.56-4.79.208.59 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 4.79.209.0-4.79.209.63 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.5.0.0-8.5.1.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.8.14.0-8.8.14.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.8.178.0-8.8.178.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.11.1.0-8.11.1.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.12.152.0-8.12.152.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 8.15.231.0-8.15.231.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.3.249.0-12.3.249.255 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.14.172.204-12.14.172.204 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.21.127.106-12.21.127.106 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.25.215.184-12.25.215.191 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.29.97.96-12.29.97.111 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.30.241.70-12.30.241.70 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.30.241.74-12.30.241.74 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.30.241.106-12.30.241.106 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.36.78.54-12.36.78.54 0    0 DROP       all  --  any    any     anywhere             anywhere            source IP range 12.37.77.144-12.37.77.151