Hostile Networks

Hostile Networks

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 266 bytes --]

Hi All,

Is it possible to list the 'Hostile Networks' from the core 167 database?

Running 'location list-countries' fails to find 'XD' and attempting to list 
the networks with 'location list-networks-by-cc XD' gives the error "Could 
not create country" ?



Rob

Re: Hostile Networks

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 707 bytes --]

Hello Rob,

> Is it possible to list the 'Hostile Networks' from the core 167 database?

yes, you need to run this command on your IPFire machine:

$ location list-networks-by-flags --drop

Depending on your use-case, you might want to have only IPv4 or IPv6 networks
displayed. This is possible via:

$ location list-networks-by-flags --family=ipv4 --drop

Similar to A[1-3], the country code XD was introduced as a workaround for
IPFire's web interface, and is not directly usable in conjunction with libloc,
but rather via the "list-networks-by-flags" command.

Please refer to https://man-pages.ipfire.org/libloc/location.html for libloc's
full current manpage.

Thanks, and best regards,
Peter Müller

Re: Hostile Networks

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 1064 bytes --]

Hi Peter,

Thank you for your explanation.

On Saturday 04 June 2022 08:56 Peter Müller wrote:

> Hello Rob,
> 
>> Is it possible to list the 'Hostile Networks' from the core 167 database?
> 
> yes, you need to run this command on your IPFire machine:
> 
> $ location list-networks-by-flags --drop
> 
Yes that works a treat. Presumably if I enable A[1-3] in the web interface 
those will be included as well as XD.

> Depending on your use-case, you might want to have only IPv4 or IPv6
> networks displayed. This is possible via:
> 
> $ location list-networks-by-flags --family=ipv4 --drop
> 
> Similar to A[1-3], the country code XD was introduced as a workaround for
> IPFire's web interface, and is not directly usable in conjunction with
> libloc, but rather via the "list-networks-by-flags" command.
> 
> Please refer to https://man-pages.ipfire.org/libloc/location.html for
> libloc's full current manpage.
> 
I had read the manpage but I didn't grasp the significance of list-networks-
by-flags.

> Thanks, and best regards,
> Peter Müller

Regards

Rob

Re: Hostile Networks

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 2370 bytes --]

Hello Rob,

thanks for your reply.

> Hi Peter,
> 
> Thank you for your explanation.
> 
> On Saturday 04 June 2022 08:56 Peter Müller wrote:
> 
>> Hello Rob,
>>
>>> Is it possible to list the 'Hostile Networks' from the core 167 database?
>>
>> yes, you need to run this command on your IPFire machine:
>>
>> $ location list-networks-by-flags --drop
>>
> Yes that works a treat. Presumably if I enable A[1-3] in the web interface 
> those will be included as well as XD.

No, that's a misunderstanding: All of the A1, A2, A3, and XD country codes
are distinct to each other, and map back to different distinct flags in libloc.

$ location list-networks-by-flags --anonymous-proxy

will give you all networks covered by the A1 country code in the web interface.

$ location list-networks-by-flags --satellite-provider

will do so for satellite providers (A2), and

$ location list-networks-by-flags --anycast

gives you all networks being used in anycast or alike setups (A3), where we
technically cannot really assign a country code to them.

While there are some minor intersections (for example, some networks are flagged
as both being used for anonymous proxying, and being hostile), the output of
these commands do not interfere with each other, and are completely independent
from any settings made in the web interface.

Apologies for this rather confusing implementation. Perspectively (i.e. for
IPFire 3.x), we plan to get rid of A1, A2, A3, and XD, and only use their
correspondent flags, to keep things consistent.

Hope to have clarified things somewhat for you. :-)

Thanks, and best regards,
Peter Müller


> 
>> Depending on your use-case, you might want to have only IPv4 or IPv6
>> networks displayed. This is possible via:
>>
>> $ location list-networks-by-flags --family=ipv4 --drop
>>
>> Similar to A[1-3], the country code XD was introduced as a workaround for
>> IPFire's web interface, and is not directly usable in conjunction with
>> libloc, but rather via the "list-networks-by-flags" command.
>>
>> Please refer to https://man-pages.ipfire.org/libloc/location.html for
>> libloc's full current manpage.
>>
> I had read the manpage but I didn't grasp the significance of list-networks-
> by-flags.
> 
>> Thanks, and best regards,
>> Peter Müller
> 
> Regards
> 
> Rob

Re: Hostile Networks

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 2588 bytes --]

Hi Peter,

On Saturday 04 June 2022 09:55 Peter Müller wrote:

> Hello Rob,
> 
> thanks for your reply.
> 
>> Hi Peter,
>> 
>> Thank you for your explanation.
>> 
>> On Saturday 04 June 2022 08:56 Peter Müller wrote:
>> 
>>> Hello Rob,
>>>
>>>> Is it possible to list the 'Hostile Networks' from the core 167
>>>> database?
>>>
>>> yes, you need to run this command on your IPFire machine:
>>>
>>> $ location list-networks-by-flags --drop
>>>
>> Yes that works a treat. Presumably if I enable A[1-3] in the web
>> interface those will be included as well as XD.
> 
> No, that's a misunderstanding: All of the A1, A2, A3, and XD country codes
> are distinct to each other, and map back to different distinct flags in
> libloc.
> 
> $ location list-networks-by-flags --anonymous-proxy
> 
> will give you all networks covered by the A1 country code in the web
> interface.
> 
> $ location list-networks-by-flags --satellite-provider
> 
> will do so for satellite providers (A2), and
> 
> $ location list-networks-by-flags --anycast
> 
> gives you all networks being used in anycast or alike setups (A3), where
> we technically cannot really assign a country code to them.
> 
> While there are some minor intersections (for example, some networks are
> flagged as both being used for anonymous proxying, and being hostile), the
> output of these commands do not interfere with each other, and are
> completely independent from any settings made in the web interface.
> 
> Apologies for this rather confusing implementation. Perspectively (i.e.
> for IPFire 3.x), we plan to get rid of A1, A2, A3, and XD, and only use
> their correspondent flags, to keep things consistent.
> 
> Hope to have clarified things somewhat for you. :-)
> 
> Thanks, and best regards,
> Peter Müller
> 
Ah OK, I now understand. I hadn't associated the special country codes with 
the flags.


Kind Regards

Rob

> 
>> 
>>> Depending on your use-case, you might want to have only IPv4 or IPv6
>>> networks displayed. This is possible via:
>>>
>>> $ location list-networks-by-flags --family=ipv4 --drop
>>>
>>> Similar to A[1-3], the country code XD was introduced as a workaround
>>> for IPFire's web interface, and is not directly usable in conjunction
>>> with libloc, but rather via the "list-networks-by-flags" command.
>>>
>>> Please refer to https://man-pages.ipfire.org/libloc/location.html for
>>> libloc's full current manpage.
>>>
>> I had read the manpage but I didn't grasp the significance of
>> list-networks- by-flags.
>> 
>>> Thanks, and best regards,
>>> Peter Müller
>> 
>> Regards
>> 
>> Rob