From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 06/12] rules.pl: Move to ipset based data for
 LOCATIONBLOCK feature.
Date: Tue, 15 Feb 2022 12:40:55 +0000
Message-ID: <0B5B45DB-C4A8-4A9B-B855-C27FEFBC1F6C@ipfire.org>
In-Reply-To: <20220214184257.2406-6-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5988563281433494885=="
List-Id: <development.lists.ipfire.org>

--===============5988563281433494885==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 14 Feb 2022, at 18:42, Stefan Schantl <stefan.schantl(a)ipfire.org> wrot=
e:
>=20
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/firewall/rules.pl | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>=20
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 5b1153b08..e009c1838 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -671,7 +671,11 @@ sub locationblock {
> 	# is enabled.
> 	foreach my $location (@locations) {
> 		if(exists $locationsettings{$location} && $locationsettings{$location} eq=
 "on") {
> -			run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP");
> +			# Call function to load the networks list for this country.
> +			&ipset_restore($location);
> +
> +			# Call iptables and create rule to use the loaded ipset list.
> +			run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j =
DROP");
> 		}
> 	}
> }
> --=20
> 2.30.2
>=20


--===============5988563281433494885==--