location - Man Page
Query the location database
Synopsis
location export --directory=DIR [--format=FORMAT] [--family=ipv6|ipv4] [ASN|CC ...] location get-as ASN [ASN...] location list-countries [--show-name] [--show-continent] location list-networks-by-as ASN location list-networks-by-cc COUNTRY_CODE location list-networks-by-flags [--anonymous-proxy|--satellite-provider|--anycast|--drop] location lookup ADDRESS [ADDRESS...] location search-as STRING location update [--cron=daily|weekly|monthly] location verify location version
Description
location retrieves information from the location database. This data can be used to determine someone’s location on the Internet and for building firewall rulesets to block access from certain ASes or countries.
Options
- --database FILE, -d FILE
The path of the database which is being opened.
If this option is omitted, the system’s database will be opened.
- --quiet
Enable quiet mode
- --debug
Enable debugging mode
Commands
- export [--directory=DIR] [--format=FORMAT] [--family=ipv6|ipv4] [ASN|CC ...]
This command exports the whole database into the given directory.
The output can be filtered by only exporting a certain address family, or by passing a list of country codes and/or ASNs. The default is to export all known countries.
The output format can be chosen with the --format parameter. For possible formats, please see below.
If the --directory option is omitted, the output will be written to stdout which is useful when you want to load any custom exports straight into nftables or ipset.
- get-as ASN [ASN...]
This command returns the name of the owning organisation of the Autonomous System.
- list-countries [--show-name] [--show-continent]
Lists all countries known to the database.
With the optional parameters --show-name and --show-continent, the name and continent code will be printed, too.
- list-networks-by-as [--family=[ipv6|ipv4]] [--format=FORMAT] ASN
Lists all networks which belong to this Autonomous System.
The --family parameter can be used to filter output to only IPv6 or IPv4 addresses.
The --format parameter can change the output so that it can be directly loaded into other software. For details see below.
- list-networks-by-cc [--family=[ipv6|ipv4]] [--format=FORMAT] COUNTRY_CODE
Lists all networks that belong to a country.
The country has to be encoded in ISO3166 Alpha-2 notation.
See above for usage of the --family and --format parameters.
- list-networks-by-flags [--family=[ipv6|ipv4]] [--format=FORMAT] [--anonymous-proxy|--satellite-provider|--anycast|--drop]
Lists all networks that have a certain flag.
See above for usage of the --family and --format parameters.
- list-bogons [--family=[ipv6|ipv4]] [--format=FORMAT]
Lists all bogons (i.e. networks that are unknown to the database).
See above for usage of the --family and --format parameters.
- lookup ADDRESS [ADDRESS...]
This command returns the network the given IP address has been found in as well as its Autonomous System if that information is available.
- search-as STRING
Lists all Autonomous Systems which match the given string.
The search will be performed case-insensitively.
- update
This command will try to update the local database.
It will terminate with a return code of zero if the database has been successfully updated. 1 on error, 2 on invalid call and 3 if the database was already the latest version.
The --cron option allows limiting updates to once a day (daily), once a week (weekly), or once a month (monthly). If the task is being called, but the database has been updated recently, an update will be skipped.
- verify
Verifies the downloaded database.
- version
Shows the version information of the downloaded database.
- --help
Shows a short help text on using this program.
- --version
Shows the program’s version and exists.
Exit Codes
The location command will normally exit with code zero. If there has been a problem and the requested action could not be performed, the exit code is unequal to zero.
Formats
Some commands allow specifying the output format. This is helpful if the exported data should be imported into a packet filter for example. The following formats are understood:
- list (default): Just lists all networks, one per line
- ipset: For ipset
- nftables: For nftables
- xt_geoip: Returns a list of networks to be loaded into the xt_geoip kernel module
How It Works
The downloader checks a DNS record for the latest version of the database. It will then try to download a file with that version from a mirror server. If the downloaded file is outdated, the next mirror will be tried until we have found a file that is recent enough.
Bug Reports
Please report all bugs to the bugtracker at https://bugzilla.ipfire.org/; refer to https://wiki.ipfire.org/devel/bugzilla for details.
Authors
Michael Tremer