Work in progress....
Thanks to libloc, the free & open source location database, IPFire comes with an accurate, trustworthy database for mapping IP addresses to countries and Autonomous Systems, and vice versa. This allows us to introduce a new feature: Proactive detection of Fast Flux setups, which are commonly used by ne'er-do-wells for hosting questionable and malicious content on compromised machines around the world, switching from one infected PC, IoT device, or router to another within minutes.
To the best of our knowledge, this is a unique feature. Contrary to other security mechanisms such as AV scanners, which are often lagging behind, it detects malware, phishing, C&C servers and other nefarious things proactively - before any threat intelligence source in the world even knows about them. Even better, measurements done so far indicate it comes with a near-zero false positive rate in productive environments.
If you are using IPFire's built-in web proxy, all you need to do is to tick a checkbox, hit the "save and reload" button at the end of that page, and you're done.
To compensate the rather simple looking screenshot, this blog post explains what Fast Flux hosting looks like, how it is used by cyber criminals, and how IPFire detects it. If you are in need of some tea or coffee, it is now time to make it. Ready? Here we go...