linux poison RSS
linux poison Email

IP Filtering Program Similar to PeerGuardian for Linux - iplist

iplist is a Linux application for blocking connections to and from a specified range of hosts using the netfilter netlink-queue library. Iplist is an open source IP filtering program similar to PeerGuardian  for Linux.

Some typical reasons for using iplist are:
    * to protect your privacy
    * to ban a large number of unwanted clients
    * to block whole countries or networks
    * to block spam- and ad-servers
    * for parental control
    * network monitoring

Packets are filtered in the chains specified in IPTABLES_CHAIN_*. For each attempt to establish a new connection iplist looks at the source / destination address of the packet and decides based on the IPs in the lists whether to reject the connection (tcp-reset or icmp-port-unreachable) or to send it back to iptables to be handled by the rest of the iptables configuration. Packets in the INPUT chain are dropped by default. Nice side effects of rejecting packets rather than dropping are that there are no annoying timeouts if you try to access a blocked IP and it's hard to find out if the host which uses IPblock is online or uses a packet filter.

OpenSuSe user can use "1-click" installer to install iplist - here

After the installation if you want to open ipblock go to Applications > System >  Internet > ipblock. Once it opens you should see similar to the following screen

The default choice for lists is similar to peerguardian.

    * level1.gz - Anti-P2P organizations and known government addresses
    * ads-trackers-and-bad-pr0n.gz - Advertising and data tracker servers
    * spyware.gz - Malicious spyware and adware servers
    * edu.gz - Educational institutions and universities
    * bogon.gz - Spoofed IP-addresses

Custom p2p or dat lists can easily be added. Note that lists can optionally be compressed with gzip.These lists are maintained here

There are many more setting that you can do in "setting" tab.


Justin Davis said...

I agree, but I'm not so sure about what you said at the beginning. Where are you getting your information? I'm not disagreeing, but I'm just wondering how you came to that conclusion.

Justin Davis
Author does not represent the legal position of the darpa challenge 2009 and expresses opinion only.

DevOps said...

I got this information from -

If you think iplist doesn't work in the way it is mentioned, please let us all know about your findings.

I would be extremely delighted to publish your finds.

Anonymous said...

I installed iplist after reading your article but the GUI never came up. It asks for root password but nothing happens after that. I am using opensuse. Can you help ?

Anonymous said...

I installed iplist on openSUSE 11.1 x32_64 using the one click installer. So far it seems to be working. I need to do some additional testing when using a web or socks proxy to see if it works on those too.

Post a Comment

Related Posts with Thumbnails