Clarifying some "countries" in location groups

Hi,

just to add an IPFire-specific detail here: Special networks mentioned above (anonymous proxies, satellite and anycast networks) are treated different by libloc than the IPFire GUI might suggest: They keep their country, but are flagged to indicate them being special:

[root@maverick ~]# location lookup 109.70.100.134
109.70.100.134:
  Network                 : 109.70.100.0/24
  Country                 : Austria
  Autonomous System       : AS208323 - Foundation for Applied Privacy
  Anonymous Proxy         : yes

To illustrate the difference, this is what a “normal” lookup result looks like:

[root@maverick ~]# location lookup 194.95.245.140
194.95.245.140:
  Network                 : 194.94.0.0/15
  Country                 : Germany
  Autonomous System       : AS680 - Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.

However, if you create firewall rules using the special A{1,3} groups, they do not overlap with their countries:

[root@maverick ~]# location list-networks-by-flags --anonymous-proxy | grep 109.70.100.0/24
109.70.100.0/24
[root@maverick ~]# location list-networks-by-cc AT | grep 109.70.100.0/24
[root@maverick ~]# 

So, as you suggested, they are all mutually exclusive.

Glad to see this is useful. :slight_smile:

Well, I am glad to hear that as well. For the sake of completeness, some IPFire users currently suffer from a combination of bugs related to libloc and xt_geoip - please refer to this post for further information.

So, it’s not all fine and completely seamless, but we are working on it. :slight_smile:

Thanks, and best regards,
Peter Müller

1 Like