[Tutorial] How to block harmful IP ranges with P2PFire

[anon]

As you may know, it's always good to have an IP filter with an up-to-date blocklist to avoid taking risks when P2Ping, with the RIAA and anti-P2P organizations like MediaDefender and BayTSP around. Here's a tutorial about how to protect yourself from these dangers. In it we'll cover how to block harmful IP ranges using the P2PFire program, because it is free and open-source, doesn't slow down your connection like PeerGuardian if you haven't applied the TCP/IP half-open connections patch, and uses less than 6MB of RAM and 1% of CPU under heavy traffic. Note that it only works under Windows 2000, XP and 2003.

1. Get P2PFire. Its official site is p2pfire.sf.net. But it is only available in Spanish there; so I've made an English translation you can find at http://www.sb-innovation.de/showthread.php?t=3652
   
   
2. Get an updated blocklist, it can be in guarding.p2p or ipfilter.dat format. Some places where you can do this are:
   
   
   • http://www.emule-security.org/
   • https://www.iblocklist.com/lists
   
   
   If you know about other up-to-date lists, please tell me. As of May 2018, I only know these two.
   
   
3. Open the P2PFire archive, and extract its contents to a new folder.
   
   
4. Open that folder and extract (or copy) the blocklist you downloaded in step 2 inside. You should now have a file called guarding.p2p or ipfilter.dat along P2PFire.exe and P2PFire.sys. If your blocklist is called something else, rename it accordingly.
   
   
5. Run P2PFire.exe. The program's main window should appear. If in the log (right side) everything looks good, for example:
   
   
   Code:

   P2PFire 1.4.beta x86 (hybrid)
   (C) 2004 - 2006 ModMa Technologies
   
   System running on administrator account with all privileges.
   P2PFire.sys load: OK
   
   Detected driver: Windows NT x86 (Win32)
   
   Config sent to driver: OK
   ...
   
   Blacklist filter transfer: OK - xxxx filters
   Filter start: OK
   
   Internal driver link: OK
   Automatic filter index: ON
   Processor clock speed: yyyy MHz

   The program is up, running and ready to block IP ranges. To test it, you can ping an IP that's in your blocklist:
   
   • Go to Start -> Run... -> type cmd and press Enter.
   • In the command prompt window, type ping [blacklisted IP here] and press Enter.
   
   You should get a "destination host unreachable" message every time, and entries in P2PFire's log window. This means it's working.
   
   
6. You may want to go to Options -> Configuration, and set things to suit your taste:
   
   
   
   
   Explanation:
   
   
   
   • Minimize to Taskbar on startup
     Minimizes the program to a taskbar button when it is first started.
     
     
   • Minimize to taskbar on close
     Minimizes the program to a tray icon when you click the close button.
     
     
   • Flash traybar on event
     Shows a flashing yellow "!" tray icon on events.
     
     
   • Reduced logs (recommended)
     Shortens events in the main window to just one line of text. I recommend you turn this on, or else your log will fill up very quickly.
     
     
   • Process driver's internal log
     Shows some kind of debug info in the log area.
     
     
   • Allow connections to ports 80 and 443
     Lets you connect to blacklisted IPs, but only on said ports. Can be useful if a web server you need to access is blocked by your blocklist.
     
     
   • Allow FTP connections
     Lets you connect to a blacklisted IP, but only to port 21 (FTP). Can also be combined with the option above.
     
     
   • Block NetBios
     Blocks the NetBios protocol in ports 135, 137, 138, 139 and 445 for both inbound and outbound connections. Don't enable this if you're in a LAN sharing resources.
     
     
   • Filter optimizer
     Cleans up your blocklists by removing repeated entries and overlapping ranges every time P2PFire is run.
     
     
   • Discard IANA ranges in ipfilter.dat
     IP ranges flagged as IANA in ipfilter.dat blocklists will be ignored.
     
     
   • Protocols you DON'T want P2PFire to filter: (doesn't affect NetBios) [TCP, UDP, ICMP, Others]
     Won't filter connections to blacklisted hosts that use these protocols. It's not recommended to enable any of these.

Tips:

• To temporarily stop filtering without closing the program, go to Options -> Stop filtering. You can then resume it with "Start filtering".
• Unless you want to know everything about every blocked connection, it's a lot better to enable reduced logs.
• If you could visit some Web sites before but not now (because they're in the blocklist), yet don't want to remove them from your list to avoid opening a gap in your protection, you can enable the "Allow connections to ports 80 and 443" option.
• If you tick "Minimize to Taskbar on startup" and make a shortcut in your Startup folder to start P2PFire minimized (see http://www.sb-innovation.de/showthread.php?p=41519), you can silently open the program along Windows: it'll go straight to a notification area icon as soon as its filtering engine starts running.

If you see a typo, broken link or anything wrong in this post, or have a suggestion, problem with the program, etc., please post here.

[Aurion]

What a Handy TuT anon,Ive never used p2pFire before but im gonna use this simple manual for effecient experience of this great tool

[anon]

what have you been using to block bad IPs so far?

[Aurion]

no never used a tool to block bad IPs since Im on a fixed IP that changes barely only when I restart my router,tho I dont think I get any bad ones

[anon]

tho I dont think I get any bad ones

LOL no, i think you got me wrong. blocking bad Ips isn't about what address YOU have, but about not making contact with other harmful (antip2p organizations' and the such) ones!

i recommend you get P2PF and a blocklist r8 now

[Options]

I tried PG but im using vista and they says PG does not work well with vista. will try this P2Pfire soon. Is it in english? or only spanish? because you said you only finish tranlating abt 70%

btw, nice TuT anon

[anon]

The original version is in spanish, but I have translated it to english (the "beta" translation is like 80% done, because weird things happen if I touch the strings associated to global stats).

I don't know if it works in Vista, please try...

[Aurion]

LOL no, i think you got me wrong. blocking bad Ips isn't about what address YOU have, but about not making contact with other harmful (antip2p organizations' and the such) ones!

i recommend you get P2PF and a blocklist r8 now

LOL I totally misunderstood that tool,anyway thanks alot buddy for confirming,in that case yeah I guess I will install it

[Logitech]

@anon PG doesn't slow down my download speed and I don't have downloaded any kind of patch.

@Options I run PG on a 32-bits Vista for over 2 months now and I didn't have a single problem with it.

Will test later if p2pfire works on Vista.

~Logitech

[anon]

@anon PG doesn't slow down my download speed and I don't have downloaded any kind of patch.

I guess it depends on how many IPs PG is blocking, but its developers confirm this (possible) network slowdown in the FAQ:

PeerGuardian is slowing down my connection!

This occurs because of the way PeerGuardian blocks packets, not connections. A work around is being developed, but until it is available you may want to apply the lvlord.de patch.

----------

Will test later if p2pfire works on Vista.

Thanks

[Logitech]

Sorry anon I can't get it to work on 32-bit vista.
I got both files and renamed them correctly and put them in the main folder.
This is the error that I get.

Filter start: ERROR, CODE: DRV_ERROR_IO (-9)
A fatal error occured: line 390, file .\FireObj.cpp
- Filtering engine stopped -Stop filtering: OK

I don't know if you have compiled it, but it looks like the error is in FireObj.cpp on line 390.
If you have translated p2pfire by changing the source code maybe you have renamed something wrong.

Will now test if the spanisch version works.

Edit:

Spanish version doesn't work either on vista keep getting the same error but then in Spanish.
The program is last updated 2006-12-10 20:47 so they have probably not even tested it on vista.

[zatoicchi]

Sorry anon I can't get it to work on 32-bit vista.
I got both files and renamed them correctly and put them in the main folder.
This is the error that I get.

mostly like if it's not a vista compatible software it would not work at all

[Logitech]

Yea most of the time if they don't have tested it on vista it wont work at all, but then I think what did they do that vista can't even work with xp only apps.

[anon]

Sorry anon I can't get it to work on 32-bit vista.

I don't know if you have compiled it, but it looks like the error is in FireObj.cpp on line 390.
If you have translated p2pfire by changing the source code maybe you have renamed something wrong.

No, I carefully used a Hex-editor... since spanish is a "long" language almost every string was possible to be translated without space issues ; that was better to avoid having problems like what you mentioned...

[Options]

thANKS anon....such a nice Tut...it is good in some ways since it only requires small amount of memory, not like PG2