Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/firewall/firewall-lib.pl | 4 ++-- config/firewall/rules.pl | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index bc0b30ca5..13f0c9971 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -466,7 +466,7 @@ sub get_address # Get external interface. my $external_interface = &get_external_interface();
- push(@ret, ["-m geoip --src-cc $value", "$external_interface"]); + push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]); }
# Handle rule options with a location as target. @@ -476,7 +476,7 @@ sub get_address # Get external interface. my $external_interface = &get_external_interface();
- push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]); + push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]); }
# If nothing was selected, we assume "any". diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index e009c1838..d533ffb42 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -401,7 +401,13 @@ sub buildrules { my @source_options = (); if ($source =~ /mac/) { push(@source_options, $source); - } elsif ($source =~ /-m geoip/) { + } elsif ($source =~ /-m set/) { + # Grab location code from hash. + my $loc_src = $$hash{$key}[4]; + + # Call function to load the networks list for this country. + &ipset_restore($loc_src); + push(@source_options, $source); } elsif($source) { push(@source_options, ("-s", $source)); @@ -409,7 +415,13 @@ sub buildrules {
# Prepare destination options. my @destination_options = (); - if ($destination =~ /-m geoip/) { + if ($destination =~ /-m set/) { + # Grab location code from hash. + my $loc_dst = $$hash{$key}[6]; + + # Call function to load the networks list for this country. + &ipset_restore($loc_dst); + push(@destination_options, $destination); } elsif ($destination) { push(@destination_options, ("-d", $destination));