From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Hostile Networks Date: Sat, 04 Jun 2022 08:55:31 +0000 Message-ID: <92647647-c938-1101-ff4e-9f73705d97f3@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2583707620648049702==" List-Id: --===============2583707620648049702== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Rob, thanks for your reply. > Hi Peter, >=20 > Thank you for your explanation. >=20 > On Saturday 04 June 2022 08:56 Peter M=C3=BCller wrote: >=20 >> Hello Rob, >> >>> Is it possible to list the 'Hostile Networks' from the core 167 database? >> >> yes, you need to run this command on your IPFire machine: >> >> $ location list-networks-by-flags --drop >> > Yes that works a treat. Presumably if I enable A[1-3] in the web interface = > those will be included as well as XD. No, that's a misunderstanding: All of the A1, A2, A3, and XD country codes are distinct to each other, and map back to different distinct flags in liblo= c. $ location list-networks-by-flags --anonymous-proxy will give you all networks covered by the A1 country code in the web interfac= e. $ location list-networks-by-flags --satellite-provider will do so for satellite providers (A2), and $ location list-networks-by-flags --anycast gives you all networks being used in anycast or alike setups (A3), where we technically cannot really assign a country code to them. While there are some minor intersections (for example, some networks are flag= ged as both being used for anonymous proxying, and being hostile), the output of these commands do not interfere with each other, and are completely independe= nt from any settings made in the web interface. Apologies for this rather confusing implementation. Perspectively (i.e. for IPFire 3.x), we plan to get rid of A1, A2, A3, and XD, and only use their correspondent flags, to keep things consistent. Hope to have clarified things somewhat for you. :-) Thanks, and best regards, Peter M=C3=BCller >=20 >> Depending on your use-case, you might want to have only IPv4 or IPv6 >> networks displayed. This is possible via: >> >> $ location list-networks-by-flags --family=3Dipv4 --drop >> >> Similar to A[1-3], the country code XD was introduced as a workaround for >> IPFire's web interface, and is not directly usable in conjunction with >> libloc, but rather via the "list-networks-by-flags" command. >> >> Please refer to https://man-pages.ipfire.org/libloc/location.html for >> libloc's full current manpage. >> > I had read the manpage but I didn't grasp the significance of list-networks- > by-flags. >=20 >> Thanks, and best regards, >> Peter M=C3=BCller >=20 > Regards >=20 > Rob --===============2583707620648049702==--