From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject:
 [PATCH 06/12] rules.pl: Move to ipset based data for LOCATIONBLOCK feature.
Date: Mon, 14 Feb 2022 19:42:50 +0100
Message-ID: <20220214184257.2406-6-stefan.schantl@ipfire.org>
In-Reply-To: <20220214184257.2406-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1782375781764047730=="
List-Id: <development.lists.ipfire.org>

--===============1782375781764047730==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/rules.pl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 5b1153b08..e009c1838 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -671,7 +671,11 @@ sub locationblock {
 	# is enabled.
 	foreach my $location (@locations) {
 		if(exists $locationsettings{$location} && $locationsettings{$location} eq =
"on") {
-			run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP");
+			# Call function to load the networks list for this country.
+			&ipset_restore($location);
+
+			# Call iptables and create rule to use the loaded ipset list.
+			run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DR=
OP");
 		}
 	}
 }
--=20
2.30.2


--===============1782375781764047730==--