Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/firewall-lib.pl |  4 ++--
>  config/firewall/rules.pl        | 16 ++++++++++++++--
>  2 files changed, 16 insertions(+), 4 deletions(-)
> 
> diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
> index bc0b30ca5..13f0c9971 100644
> --- a/config/firewall/firewall-lib.pl
> +++ b/config/firewall/firewall-lib.pl
> @@ -466,7 +466,7 @@ sub get_address
>  			# Get external interface.
>  			my $external_interface = &get_external_interface();
>  
> -			push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
> +			push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
>  		}
>  
>  	# Handle rule options with a location as target.
> @@ -476,7 +476,7 @@ sub get_address
>  			# Get external interface.
>  			my $external_interface = &get_external_interface();
>  
> -			push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
> +			push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
>  		}
>  
>  	# If nothing was selected, we assume "any".
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index e009c1838..d533ffb42 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -401,7 +401,13 @@ sub buildrules {
>  					my @source_options = ();
>  					if ($source =~ /mac/) {
>  						push(@source_options, $source);
> -					} elsif ($source =~ /-m geoip/) {
> +					} elsif ($source =~ /-m set/) {
> +						# Grab location code from hash.
> +						my $loc_src = $$hash{$key}[4];
> +
> +						# Call function to load the networks list for this country.
> +						&ipset_restore($loc_src);
> +
>  						push(@source_options, $source);
>  					} elsif($source) {
>  						push(@source_options, ("-s", $source));
> @@ -409,7 +415,13 @@ sub buildrules {
>  
>  					# Prepare destination options.
>  					my @destination_options = ();
> -					if ($destination =~ /-m geoip/) {
> +					if ($destination =~ /-m set/) {
> +						# Grab location code from hash.
> +						my $loc_dst = $$hash{$key}[6];
> +
> +						# Call function to load the networks list for this country.
> +						&ipset_restore($loc_dst);
> +
>  						push(@destination_options,  $destination);
>  					} elsif ($destination) {
>  						push(@destination_options, ("-d", $destination));