Hi,
just to add an IPFire-specific detail here: Special networks mentioned above (anonymous proxies, satellite and anycast networks) are treated different by libloc
than the IPFire GUI might suggest: They keep their country, but are flagged to indicate them being special:
[root@maverick ~]# location lookup 109.70.100.134
109.70.100.134:
Network : 109.70.100.0/24
Country : Austria
Autonomous System : AS208323 - Foundation for Applied Privacy
Anonymous Proxy : yes
To illustrate the difference, this is what a “normal” lookup result looks like:
[root@maverick ~]# location lookup 194.95.245.140
194.95.245.140:
Network : 194.94.0.0/15
Country : Germany
Autonomous System : AS680 - Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
However, if you create firewall rules using the special A{1,3} groups, they do not overlap with their countries:
[root@maverick ~]# location list-networks-by-flags --anonymous-proxy | grep 109.70.100.0/24
109.70.100.0/24
[root@maverick ~]# location list-networks-by-cc AT | grep 109.70.100.0/24
[root@maverick ~]#
So, as you suggested, they are all mutually exclusive.
Glad to see this is useful.
Well, I am glad to hear that as well. For the sake of completeness, some IPFire users currently suffer from a combination of bugs related to libloc
and xt_geoip
- please refer to this post for further information.
So, it’s not all fine and completely seamless, but we are working on it.
Thanks, and best regards,
Peter Müller