Hey, 3.235.139.152!

You are visiting from United States of America

Show Me More

What is IPFire Location?

IPFire Location can be used in firewalls or other threat detection software, load-balancers, online shops, websites, analytics & reporting tools and more to detect the originating country by IP address. We are proud that our software is faster than others by maintaining a smaller memory footprint which puts it first in performance.

Our daily updated database does not only have information about the originating country of all IPv6 and IPv4 addresses. It identifies the Autonomous System (AS) these IP addresses belong to, as well and more...

libloc is the C/C++ library that fires our location services and runs on *nix, Mac OS X and more. Integration into existing software is very easy and bindings for languages like Python and Perl are available.

Threat Detection

Location information is crucial to identify where an attacker is coming from.
Analyze your traffic for malicious autonomous systems and block the straight away with IPFire.

Load-Balancing

Redirect your users to the nearest data center to given them a better user experience with faster websites and faster downloads.

Online Visitors

Comply with legal requirements and show visitors the correct information depending on the country they are visiting from.

Open Source

libloc is free software and relies on support from the community. You can support us by helping to improve our database or with your donation.

Who Is Using IPFire Location?

Related News from the IPFire Blog

I hope everyone is doing well during lockdown. For those of you, who have some spare time, we would be glad if you could help us testing the next version of IPFire. It comes with many exciting changes...

Location Database

The location database has received significant updates that improve its accuracy. This was possible by importing more data into it and correlating it with existing data from other sources.

We have also improved performance of loading data from the database into the kernel for firewall rules which removes a class of issues where IP addresses could have matched more than one country.

Many weeks have been invested into this to optimise the database import and export algorithms to provide this functionality even on hardware that is weak on processor power and/or memory.

An Improved Intrusion Prevention System

suricata, the software the IPFire IPS is based on, has been updated to version 6.0.0. Besides stability and performance fixes it brings support for new protocols like HTTP/2, MQTT and RFB. The protocol handling for SSH and the ASN.1 parser have been improved due to being re-implemented in Rust.

Fingerprinting of TLS connections has been added to get more insight into encrypted connections.

Edit: This change has introduced some regressions and has been removed from this Core Update.

WPA3 - Making WiFi Safe Again

WPA3 is the new upcoming standard to protect wireless connections and is now supported in IPFire. It can be enabled together with WPA2 so that you can support any devices that do not support WPA3, yet.

WiFi can also be made more secure by optionally enable Management Frame Protection which hardens the network against any attackers that try to de-authenticate stations and therefore denial-of-service your network.

Another Intel Security Vulnerability

We have of course spent a lot of our valuable development time on this month's security issues created by Intel. As you might have heard from the news, it is possible to profile instructions and extrapolate information through measuring the power consumption of the processor when that instruction is being executed.

We consider this not exploitable on IPFire, because we do not allow running any third-party code, but are of course shipping fixes in form of a patched Linux kernel based on 4.14.212 and updated microcode where available for all affected processors (version 20201118).

Misc.

  • The most recent OpenSSL security vulnerability CVE-2020-1971 has been patched by updating the package to version 1.1.1i
  • Safe Search now allows excluding YouTube
  • The zone configuration page now highlights network devices that are assigned to a zone. This change improves usability and avoids any mistakes
  • IPsec tunnels are now showing correctly when they are established or not. A programming error could show connected tunnels as "connecting..." before.
  • The log summary no longer shows useless entries for clients that have renewed their DHCP lease and the iptables summary has been removed, since it does not produce any useful output
  • The IP address information page is now showing the Autonomous System for each IP address
  • Some cosmetic improvements for the web user interface have been implemented by Matthias Fischer.
  • On systems with insufficient memory, some pages of the web user interface could not be loaded when they were using the new location library. Thanks to Bernhard Bitsch for reporting this problem.
  • DDNS: Support for DuckDNS has been reinstated after a significant API change
  • Updated packages: bash 5.0.18, curl 7.73.0, file 5.39, go 1.15.4, knot 3.0.2, libhtp 0.5.63, openvpn 2.5.0, pcengines-firmware 4.12.0.6, strongswan 5.9.1, suricata 6.0.0, tzdata 2020d, usb_modeswitch 2.6.1, usb_modeswitch_data 20191128

Add-ons

  • Updated packages: amazon-ssm-agent 3.0.356.0, aws-cli 1.18.188, ghostscript 9.53.3, libseccomp 2.4.4, lynis 3.0.1, python-botocore 1.19.28, python-urllib3, spectre-meltdown-checker 0.44, transmission 3.00, vdr 2.4.4
  • Tor has been updated to version 0.4.4.6 and is now using the new location database for showing the relay country. It is also now possible to define a list of exit nodes to use and to select certain countries to use for guard nodes.
  • amavis and spamassassin have been dropped because they have been unused and unmaintained for a long time
  • git has been fixed so that all features implemented in Perl can be used again.
  • The apcupsd package now correctly backups and restores its configuration

Please help us testing this upcoming release of IPFire to find any newly introduced bugs. If you find any, please report them to our bug tracker.

If you would like to help, but cannot help testing this release, you can help us with a donation.

Read More