Hello,
I’m very happy about the new Location Filter - I have just one question:
I currently need to unblock complete U.S. because the server behind IPfire needs to be accessed by 2 Amazon server which have an IP from the U.S. range
Is there a way to block complete U.S. but allow just those two server from Amazon??
Thanks a lot
Wolfgang
Hi @wolfgang
Welcome to the IPFire Community.
Reading the Wiki entry on Location Block it indicates that it is there just to reduce noise in the logs. It is not a security thing. It also only applies to incoming connections.
The default Firewall input rules are for packets to be blocked unless you create a rule to allow some specific IP’s to pass, such as your amazon servers.
So unblocking the whole US increases the noise in the logs but you need to do that to be able to allow the Amazon Servers to get through to the firewall proper where you then allow the two amazon servers through with a rule.
It is a trade off between the noise in the logs and allowing access from specific servers in that country.
Hi Adolf,
thanks for your reply. I understood already that the location block functionality just reduces the noise in the logs and it works perfectly for me.
This is a useful functionality because having the noise from all countries makes your logs unusable.
I have to check if the IP 18.184.9.* is now really located in the US because I find on the internet that it is located in Germany (I just checked with the old version 151).
I will keep you updated.
Hi Wolfgang,
Sorry I didn’t have better news for you.
The other problem with organisations like google and amazon is that they often use anycast addresses so the country may not always be the same each time you use it.
That may be what you are seeing with your location being found in Germany, or not.
There is still the same issue. My question now - is there a possibility on the commandline to check the Ip database? E.g. a possibility to request for a certain IP in which country it is located according to the tool used in Ipfire?
From the command line:
location lookup ‘ip address’
Thanks - that was perfect.
Still I do not understand why I get
[root@FW-Aldis bin]# location lookup 18.184.X.X
18.184.X.X:
Network : 18.184.0.0/15
Country : United States of America
Autonomous System : AS16509
But with tools on the net I always get a location in Germany:
Geolocation data from IP2Location (Product: DB6, updated on 2021-1-1)
| IP Address | Country | Region | City |
|---|---|---|---|
| 18.184.0.0 | Germany 
|
Hessen | Frankfurt am Main |
| ISP | Organization | Latitude | Longitude |
| A100 ROW GmbH | Not Available | 50.1155 | 8.6842 |
Geolocation data from ipinfo.io (Product: API, real-time)
| IP Address | Country | Region | City |
|---|---|---|---|
| 18.184.0.0 | Germany
|
Hesse | Frankfurt am Main |
| ISP | Organization | Latitude | Longitude |
| Amazon.com, Inc. | A100 ROW GmbH (amazon.com) | 50.1155 | 8.6842 |
Geolocation data from DB-IP (Product: Full, 2021-1-1)
| IP Address | Country | Region | City |
|---|---|---|---|
| 18.184.0.0 | Germany
|
Hesse | Frankfurt am Main |
| ISP | Organization | Latitude | Longitude |
| Amazon Technologies Inc. | A100 ROW GmbH | 50.1109 | 8.68213 |
Geolocation data from IPGeolocation.io (Product: API, real-time)
| IP Address | Country | Region | City |
|---|---|---|---|
| 18.184.0.0 | Germany
|
Hesse | Frankfurt |
| ISP | Organization | Latitude | Longitude |
| Amazon Technologies Inc. (EC2) | Amazon Technologies Inc. | 50.11208 | 8.68341 |
Geolocation data from ipdata.co (Product: API, real-time)
| IP Address | Country | Region | City |
|---|---|---|---|
| 18.184.0.0 | Germany
|
Hesse | Frankfurt am Main |
Hm - I just wonder why location block tells US as the location but other services on the net provide, according to my opinion, the correct address. The server at Amazon were chosen to get a European IP address (should be hosted in Europe).
Even if those addresses are anycast addresses some services on the net give the right location but location block gives the wrong location. Is it a limitation or a bug in the location block?