You are visiting from United States of America

Show Me More

What is IPFire Location?

IPFire Location can be used in firewalls or other threat detection software, load-balancers, online shops, websites, analytics & reporting tools and more to detect the originating country by IP address. We are proud that our software is faster than others by maintaining a smaller memory footprint which puts it first in performance.

Our daily updated database does not only have information about the originating country of all IPv6 and IPv4 addresses. It identifies the Autonomous System (AS) these IP addresses belong to, as well and more...

libloc is the C/C++ library that fires our location services and runs on *nix, Mac OS X and more. Integration into existing software is very easy and bindings for languages like Python and Perl are available.

Threat Detection

Location information is crucial to identify where an attacker is coming from.
Analyze your traffic for malicious autonomous systems and block the straight away with IPFire.


Redirect your users to the nearest data center to given them a better user experience with faster websites and faster downloads.

Online Visitors

Comply with legal requirements and show visitors the correct information depending on the country they are visiting from.

Open Source

libloc is free software and relies on support from the community. You can support us by helping to improve our database or with your donation.

Who Is Using IPFire Location?

Related News from the IPFire Blog

A little but later than scheduled, it is finally here: IPFire 2.27 - Core Update 164 - coming with a vastly improved firewall engine, a new kernel under the hood, and of course with various security and bug fixes.

Before we talk in detail about what is new, I would like to ask you for your support. IPFire is a small team of people and like many of our open source friends, we’ve taken a hit this year and would like to ask you to help us out. Please follow the link below where your donation can help fund our continued development: https://www.ipfire.org/donate.

A New Kernel For IPFire

This update brings a new kernel for IPFire which is based on Linux 5.15. It comes with a large number of bug fixes, security fixes, and hardware support improvements. It brings improved performance for cryptographic operations on aarch64 and enables virtualisation support on this architecture, too.

Together with this new kernel, we are shipping the latest version of Intel's microcodes for various x86 processors fixing INTEL-SA-00528 and INTEL-SA-00532.

This release also patches the "Dirty Pipe" vulnerability (CVE-2022-0847), which has been discovered by Max Kellermann and allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

Improved Firewall Capabilities

This update brings a couple of improvements for IPFire's firewall engine.

  • Dropping any hostile traffic: Our IPFire Location Database contains a list of networks that are considered "hostile" - a network nobody under any circumstance wants to communicate with at all like bullet-proof internet service providers or stolen/hijacked address space. This is enabled by default on new installations, but left disabled in this update. We strongly recommend for everyone to enable this on the Firewall Options page. Read more in a special post.
  • A better source routing validation is being performed: The firewall will now reject any packets from systems that it cannot reach according to its own routing table.
  • Packets that are not recognised by the connection tracking (because they might belong to an invalid connection) are now being logged to help with any debugging.
  • Extra logging has also been added for any spoofing attempts on the RED interface. If IPFire receives a packet with its own source IP address, this will be logged as a spoofing attempt.
  • Users will be able to monitor any firewall hits from spoofing in the graphs as well
  • In order to run a Tor relay whilst using the IPFire Location filter, any connections belonging to Tor will from now on not be checking the Location filter


  • IPFire now hashes any passwords for system accounts using the YESCRYPT which is substantially stronger than the formerly used SHA512 (#12762)
  • URL Filter: The Shalla Secure Services and MESD blacklists have been removed, since they both have ceased service
  • Support for virtualisation on aarch64 with libvirt and KVM has been added
  • Pakfire is showing its status better on the web interface while installing updates or packages
  • Updated packages: expat 2.4.2, freetype 2.11.1, gdbm 1.20, hdparm 9.63, kmod 29, libxml2 2.9.12, libxslt 1.1.34, libusb 1.0.25, LVM2 2.02.188, pciutils 3.7.0, PCRE 2 10.39, perl-libwww 6.60, poppler-data 0.4.11, python3-setuptools 58.0.4, shadow 4.11.1, squid 5.4.1, tcl 8.6.12, zstd 1.5.1


  • A new package qemu-ga with QEMU's Guest Agent has been added. We recommend installing this on any system that runs in a virtualised KVM environment in order to integrate the system better with the hypervisor
  • Updated packages: ClamAV 0.104.2, dnsdist 1.7.0, libvirt 7.10.0, monit 5.30.0
Read More