No more access to ipfire - Core 150 | Location-Filter

[root@router ~]# location lookup
Network :
Country : European Union

[root@router ~]# location lookup
Network :
Country : European Union


What does the 10 IP address range have to do with EU?
still are used in the Internet and are reserved for private networks.
Even that should only work on the red interface of the location filter would make sense to me.

There some false entries in the location database.
This was stated in another thread here in the community.
To circumvent this just do not block EU.

@roberto many thanks, you saved my day!!!
by the way only turning off EU did not work for my ipfire,
had to turn off location filter to regain access to web interface and internet.

same here no internet this morning i will check turn off location filter.

P. S: I’ve never blocked EU but it also doesn’t work. My Ranges are on red and on green.

Without Geblock all works well.

Have you restarted the firewall?

Just my €0.02 as I got it working again with core150 here the steps taken as described in the bugtracker

  • if not already done, disable location-block, methods in this thread
  • upgrade, restart, login on shell
  • run ‘location update’, take note that the version it gets is from tuesday at least
  • restart
  • enable location-block
  • reload rules
  • should be working again, if not login on shell, disable using above methods and wait patiently for final fix?

These steps worked for me, and I block all but two countries.

Same here, problem is in AU (Australia) networks:
LocBlock AU Problem

After disabling AU (by serial commandline!) box is up again.

doesn’t work for me. My database is from this morning after update location and then it doesn’t work .
also without EU.

What works is Locationfilter turn off completly.

that could be a hint. Just My 2 Cents. Turn off locationfilter until it is fixed completly.

yes, two times but no result.
Had to turn off location filter

How can i turn off this *** over the commandline? Any hints?

@zonediver look here

Interesting, my Box seems to work normally for the last two days…

On the location, I get results for EU and AU:

[root@geoipblock ~]# location list-networks-by-cc EU | grep ‘’
[root@geoipblock ~]# location list-networks-by-cc AU | grep ‘’

Thanks for your help - was able to bring back the GUI and deactivated this GeoBlock**** :+1: :smile:

an other way is using elinks via console login to webinterface turn off locationfilter and reboot.

Hi all,

first, thanks to everybody who reported this and helping other community members experiencing the same problem.

Technically, the root cause for this is a combination of two bugs:

  1. The xt_geoip kernel module we continue to use after migrating from the GeoIP database to libloc consumes a list of networks, not a tree, hence causing mismatches in case of overlapping networks.
  2. In order to generate as accurate results for AFRINIC, APNIC and RIPE as we can, we have changed the generation script of the location database on Monday night, becoming effective Tuesday morning. Unfortunately, some of those RIRs publish networks such as, which are currently garbage and of no use.
    We filtered out anything that is not globally routable as such (e. g., but those large networks covering other RFC 1918 IP space ( and slipped through. Because of (1), xt_geoip interprets them as a match for a large chunk of the IPv4 address space, causing the outage you observed.

To prevent this topic to be scattered across several threads, I am now going to close duplicates - please post your question here so we can all easily keep track of it.

The technical/development aspect of this issue is tracked at bug #12499.

We will keep you updated (it is probably going to be a long night for us :expressionless: ), in the meanwhile, please stay patient and - just to have it mentioned - avoid the temptation of ranting at us - it won’t bring you the fix faster. :slight_smile:

Thanks, and best regards,
Peter Müller


Whoever insults you (developer) is not to be helped. Ipfire is a very good project and product which I have been using for years and appreciate very much. Anyone who does not appreciate the product and its stability is welcome to turn to another product.

The ipfire team does a professional job and you can’t be praised enough.



Thanks for the explanation and now I know why it works for me, I use for all my internal networking needs, so the updated database works for my case :sweat_smile: I watched it like a hawk for the last three days :nerd_face:

And I wholeheartedly agree with Pablo78, I have IPFire boxes at every single of my small business customers and they work exceptionally well. This is a glitch for a small use case, I really like the new location filter, it rivals or is better than commercial offers (unifi looking at you…)

1 Like


a fix for the location filter has been developed by @ms the other day and will be released with Core Update 151.

However, this does not solve the glitches while creating the database and exporting it on an IPFire system for xt_geoip; we are still working on those parts of the issue.

Thanks, and best regards,
Peter Müller


Why does a (wrong) rule of in the Location Block module, block access to IPFire from the INSIDE Green net?
I just thought that the Location Block examines and blocks traffic from Red to the firewall?

1 Like


yes, that’s what I thought as well. :expressionless: But man proposes, God disposes; due to a bug, the location filter has been active on any interface, thus causing the interference.

The commit mentioned above now restricts it to work on red0 only.

@ms: That should work for ppp0 (dial-up connections) as well, since the traffic appears on red0 for those systems, too - or am I missing something?

Thanks, and best regards,
Peter Müller

1 Like

I did commit this code to my 150 release. This is not doing its job. It is still blocking my segment. Only by allowing AU and EU i regain access to my host.