From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Hostile Networks
Date: Sat, 04 Jun 2022 08:55:31 +0000 [thread overview]
Message-ID: <92647647-c938-1101-ff4e-9f73705d97f3@ipfire.org> (raw)
In-Reply-To: <t7f47g$b61$1@tuscan3.grantura.co.uk>
[-- Attachment #1: Type: text/plain, Size: 2370 bytes --]
Hello Rob,
thanks for your reply.
> Hi Peter,
>
> Thank you for your explanation.
>
> On Saturday 04 June 2022 08:56 Peter Müller wrote:
>
>> Hello Rob,
>>
>>> Is it possible to list the 'Hostile Networks' from the core 167 database?
>>
>> yes, you need to run this command on your IPFire machine:
>>
>> $ location list-networks-by-flags --drop
>>
> Yes that works a treat. Presumably if I enable A[1-3] in the web interface
> those will be included as well as XD.
No, that's a misunderstanding: All of the A1, A2, A3, and XD country codes
are distinct to each other, and map back to different distinct flags in libloc.
$ location list-networks-by-flags --anonymous-proxy
will give you all networks covered by the A1 country code in the web interface.
$ location list-networks-by-flags --satellite-provider
will do so for satellite providers (A2), and
$ location list-networks-by-flags --anycast
gives you all networks being used in anycast or alike setups (A3), where we
technically cannot really assign a country code to them.
While there are some minor intersections (for example, some networks are flagged
as both being used for anonymous proxying, and being hostile), the output of
these commands do not interfere with each other, and are completely independent
from any settings made in the web interface.
Apologies for this rather confusing implementation. Perspectively (i.e. for
IPFire 3.x), we plan to get rid of A1, A2, A3, and XD, and only use their
correspondent flags, to keep things consistent.
Hope to have clarified things somewhat for you. :-)
Thanks, and best regards,
Peter Müller
>
>> Depending on your use-case, you might want to have only IPv4 or IPv6
>> networks displayed. This is possible via:
>>
>> $ location list-networks-by-flags --family=ipv4 --drop
>>
>> Similar to A[1-3], the country code XD was introduced as a workaround for
>> IPFire's web interface, and is not directly usable in conjunction with
>> libloc, but rather via the "list-networks-by-flags" command.
>>
>> Please refer to https://man-pages.ipfire.org/libloc/location.html for
>> libloc's full current manpage.
>>
> I had read the manpage but I didn't grasp the significance of list-networks-
> by-flags.
>
>> Thanks, and best regards,
>> Peter Müller
>
> Regards
>
> Rob
next prev parent reply other threads:[~2022-06-04 8:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 12:39 Rob Brewer
2022-06-04 7:56 ` Peter Müller
2022-06-04 8:13 ` Rob Brewer
2022-06-04 8:55 ` Peter Müller [this message]
2022-06-04 12:41 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92647647-c938-1101-ff4e-9f73705d97f3@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox