From nobody Thu Dec 30 08:11:00 2021 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 66D5C191ECA8 for ; Thu, 30 Dec 2021 08:11:10 +0000 (UTC) (envelope-from 4250.82.1d4d70004bb4ea0.2a1f06bca362a22d75925dff19f9b3ae@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4JPgvf2J9fz4ZD1 for ; Thu, 30 Dec 2021 08:11:10 +0000 (UTC) (envelope-from 4250.82.1d4d70004bb4ea0.2a1f06bca362a22d75925dff19f9b3ae@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1640851870; x=1643443870; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=r/k/QDSteem0zRFbtzQEHGVQViJaY80zcwhQOBKt6M0=; b=l9TbVBZ5wL/YYWidd6P1oa1hW9qQKAswP8HppevmTdeCRVw6qA1eYBGpGo2XgNpE99j+T7ym2PLwIlGSfvgQJBLX/lQthG00nFN7Ns8q2MvNnyR6VGErQ9neeSRDALleBj4pFuh6muofIFmSQ8vky8ZyvhvNXHvmWjizCpIw7uE= X-Thread-Info: NDI1MC4xMi4xZDRkNzAwMDRiYjRlYTAucXVlc3Rpb25zPWZyZWVic2Qub3Jn Received: from r1.us-east-2.aws.in.socketlabs.com (r1.us-east-2.aws.in.socketlabs.com [142.0.189.1]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 30 Dec 2021 03:11:02 -0500 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r1.us-east-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 30 Dec 2021 03:11:01 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1n2qWb-0000K4-3z; Thu, 30 Dec 2021 08:11:00 +0000 Date: Thu, 30 Dec 2021 08:11:00 +0000 From: Steve O'Hara-Smith To: Michael Sierchio Cc: Kurt Hackenberg , "questions@FreeBSD.org" Subject: Re: ipfw syntax clarification Message-Id: <20211230081100.61aa3ed3f093be97dd8a88d5@sohara.org> In-Reply-To: References: <8b2c341d-10e6-51a2-0654-86f4394865c7@tundraware.com> <20211230070529.9dba7412d68b6c417251058d@sohara.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4JPgvf2J9fz4ZD1 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Wed, 29 Dec 2021 23:16:45 -0800 Michael Sierchio wrote: > On Wed, Dec 29, 2021 at 11:05 PM Steve O'Hara-Smith > wrote: > > > On Wed, 29 Dec 2021 22:32:20 -0800 > > Michael Sierchio wrote: > > > > > Actual location of IP addresses > > > is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is > > > somewhat proprietary. > > > > Even they only guess based on what they can find out about who > > controls which block, > > > Not so – the location DB used by the large CDNs are empirical, and based > on RTT of probes which happen all the time from many different geo > locations. It's pretty easy to infer where the targets are. These are This is what I call guessing based on what they can find out - nobody tells them where the IP addresses are used and if the fibre running out of a router near a border happens to cross that border (or the block of IPs routed down it is spread across that border by a VPN) then there's no way to tell by RTT measurements and the CDN will guess wrong, which happens all the time. -- Steve O'Hara-Smith Odds and Ends at http://www.sohara.org/