From patchwork Sun Oct 10 17:13:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4779 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4HS7n63Qjmz3wbT for ; Sun, 10 Oct 2021 17:13:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4HS7n44t3Cz29D; Sun, 10 Oct 2021 17:13:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4HS7n42mVpz2xgV; Sun, 10 Oct 2021 17:13:44 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4HS7n24ZH6z2xMX for ; Sun, 10 Oct 2021 17:13:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4HS7n139bdz142 for ; Sun, 10 Oct 2021 17:13:41 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1633886022; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FFQlZ/9Kk8jKrCETbKgk09Z4jM33gArTx8dOzbp+e5k=; b=53ffAcNdDZVAcUC3dYGTAIJXzLiaUvipffP1DPSOlwCrY5uR9TgKHT30kR+DXPh5BDxwmw qaa9m7+QxZy4L+Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1633886022; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FFQlZ/9Kk8jKrCETbKgk09Z4jM33gArTx8dOzbp+e5k=; b=U+HsCQhwStWaeGAuQiwlZ2F8foTTkTVlo3dql2t5AX+ulO8NaRJYW2Kse9TDxQOTud3tfa YmTyESynSi9m0M1JH0jbjWFiyLufHCArB7DcwWMy1sg7yWOzWZNcsJyvuAFcMUbkte2PxW zwmrsUUW8WZHnljeJDNckNRJgaVttYSuEnnVhWo1CdN7iAdRZYsPTdryVplJaixtH8Pykx 4vVOA4ooxsk5hFZRgau8Ulmoe502BB1CG9wwHDzxcKcw45tLVMr6YN30A97lhVYLRi9Wzy CTKngbCjG9Yg4qkvtZxJIvMkEc73eDYucW61KUuoUtNPkeGr9XwYHMs2X777ow== To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] location-functions.pl: Recognise XD / LOC_NETWORK_FLAG_DROP Message-ID: Date: Sun, 10 Oct 2021 19:13:38 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This enables creating firewall rules using the special country code "XD" for hostile networks safe to drop and ipinfo.cgi to display a meaningful text for IP addresses having this flag set. At the moment, the "LOC_NETWORK_FLAG_DROP" is not yet populated, but will be in the future (as soon as libloc 0.9.9 is released and running in production). Signed-off-by: Peter Müller Reviewed-by: Michael Tremer --- config/cfgroot/location-functions.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/cfgroot/location-functions.pl b/config/cfgroot/location-functions.pl index fb97eb589..4d44ce24d 100644 --- a/config/cfgroot/location-functions.pl +++ b/config/cfgroot/location-functions.pl @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -29,6 +29,7 @@ my %not_iso_3166_location = ( "A1" => "Anonymous Proxy", "A2" => "Satellite Provider", "A3" => "Worldwide Anycast Instance", + "XD" => "Hostile networks safe to drop", ); # Hash which contains possible network flags and their mapped location codes. @@ -36,10 +37,11 @@ my %network_flags = ( "LOC_NETWORK_FLAG_ANONYMOUS_PROXY" => "A1", "LOC_NETWORK_FLAG_SATELLITE_PROVIDER" => "A2", "LOC_NETWORK_FLAG_ANYCAST" => "A3", + "LOC_NETWORK_FLAG_DROP" => "XD", ); # Array which contains special country codes. -my @special_locations = ( "A1", "A2", "A3" ); +my @special_locations = ( "A1", "A2", "A3", "XD" ); # Directory where the libloc database and keyfile lives. our $location_dir = "/var/lib/location/";