From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rob Brewer To: development@lists.ipfire.org Subject: Re: Hostile Networks Date: Sat, 04 Jun 2022 13:41:02 +0100 Message-ID: In-Reply-To: <92647647-c938-1101-ff4e-9f73705d97f3@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5575948540413010455==" List-Id: --===============5575948540413010455== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi Peter, On Saturday 04 June 2022 09:55 Peter Müller wrote: > Hello Rob, > > thanks for your reply. > >> Hi Peter, >> >> Thank you for your explanation. >> >> On Saturday 04 June 2022 08:56 Peter Müller wrote: >> >>> Hello Rob, >>> >>>> Is it possible to list the 'Hostile Networks' from the core 167 >>>> database? >>> >>> yes, you need to run this command on your IPFire machine: >>> >>> $ location list-networks-by-flags --drop >>> >> Yes that works a treat. Presumably if I enable A[1-3] in the web >> interface those will be included as well as XD. > > No, that's a misunderstanding: All of the A1, A2, A3, and XD country codes > are distinct to each other, and map back to different distinct flags in > libloc. > > $ location list-networks-by-flags --anonymous-proxy > > will give you all networks covered by the A1 country code in the web > interface. > > $ location list-networks-by-flags --satellite-provider > > will do so for satellite providers (A2), and > > $ location list-networks-by-flags --anycast > > gives you all networks being used in anycast or alike setups (A3), where > we technically cannot really assign a country code to them. > > While there are some minor intersections (for example, some networks are > flagged as both being used for anonymous proxying, and being hostile), the > output of these commands do not interfere with each other, and are > completely independent from any settings made in the web interface. > > Apologies for this rather confusing implementation. Perspectively (i.e. > for IPFire 3.x), we plan to get rid of A1, A2, A3, and XD, and only use > their correspondent flags, to keep things consistent. > > Hope to have clarified things somewhat for you. :-) > > Thanks, and best regards, > Peter Müller > Ah OK, I now understand. I hadn't associated the special country codes with the flags. Kind Regards Rob > >> >>> Depending on your use-case, you might want to have only IPv4 or IPv6 >>> networks displayed. This is possible via: >>> >>> $ location list-networks-by-flags --family=ipv4 --drop >>> >>> Similar to A[1-3], the country code XD was introduced as a workaround >>> for IPFire's web interface, and is not directly usable in conjunction >>> with libloc, but rather via the "list-networks-by-flags" command. >>> >>> Please refer to https://man-pages.ipfire.org/libloc/location.html for >>> libloc's full current manpage. >>> >> I had read the manpage but I didn't grasp the significance of >> list-networks- by-flags. >> >>> Thanks, and best regards, >>> Peter Müller >> >> Regards >> >> Rob --===============5575948540413010455==--