From nobody Thu Dec 30 07:05:29 2021 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A763A191175D for ; Thu, 30 Dec 2021 07:05:40 +0000 (UTC) (envelope-from 4250.82.1d4d70004bb2e26.7f7f8fa89f43f8442c3c8d98be75bc4d@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4JPfS440FVz3trh for ; Thu, 30 Dec 2021 07:05:40 +0000 (UTC) (envelope-from 4250.82.1d4d70004bb2e26.7f7f8fa89f43f8442c3c8d98be75bc4d@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1640847941; x=1643439941; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=ObMeK3kDZHuF6RWDQ29wf/KXdaIfWRwA5z4i7G99yP8=; b=OY00F+bsJlBUo4+ZPj31J0coXIdOLgDYD+60gJZGNtVWOIzdHJ9ptJ4/k3JWk7fBaEeSUpSE6f5X85lScgbjVTOFwaj3p7l70lrOS26P8M5wh5hJj7D1cpeku+lLu+fr75kwbebNbNEKg7SIhIoiHTw9zb3385/Hp9GXoDzWEDc= X-Thread-Info: NDI1MC4xMi4xZDRkNzAwMDRiYjJlMjYucXVlc3Rpb25zPWZyZWVic2Qub3Jn Received: from r1.us-east-2.aws.in.socketlabs.com (r1.us-east-2.aws.in.socketlabs.com [142.0.189.1]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 30 Dec 2021 02:05:32 -0500 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r1.us-east-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 30 Dec 2021 02:05:31 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1n2pVC-00009E-HB; Thu, 30 Dec 2021 07:05:29 +0000 Date: Thu, 30 Dec 2021 07:05:29 +0000 From: Steve O'Hara-Smith To: Michael Sierchio Cc: Kurt Hackenberg , "questions@FreeBSD.org" Subject: Re: ipfw syntax clarification Message-Id: <20211230070529.9dba7412d68b6c417251058d@sohara.org> In-Reply-To: References: <8b2c341d-10e6-51a2-0654-86f4394865c7@tundraware.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) X-Clacks-Overhead: "GNU Terry Pratchett" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4JPfS440FVz3trh X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Wed, 29 Dec 2021 22:32:20 -0800 Michael Sierchio wrote: > Actual location of IP addresses > is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is > somewhat proprietary. Even they only guess based on what they can find out about who controls which block, and yes they're careful with anything they have that isn't public because they sell use of it. All geo-ip databases will get my home static IP in the right country (courtesy of RIPE) but most have the wrong county let alone city, one or two will put me in the nearest city (about half an hour drive away) revealing fairly detailed knowledge of my ISPs network infrastructure. In regions near national borders it is very common for the IPs to be recorded in the wrong country because fundamentally IP addresses follow network boundaries not geographic ones. My ISP has the exact address but it takes a human being looking at two separate screens (billing and provisioning) to put them together. I've been on the end of a support call when someone did just that to verify that I still had the static IP after a change. GDPR prevents them from passing on that level of detail or doing anything with it other than routing packets down the right bit of fibre. -- Steve O'Hara-Smith