Reviewed-by: Peter Müller peter.mueller@ipfire.org
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/firewall/firewall-lib.pl | 4 ++-- config/firewall/rules.pl | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index bc0b30ca5..13f0c9971 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -466,7 +466,7 @@ sub get_address # Get external interface. my $external_interface = &get_external_interface();
push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
}
# Handle rule options with a location as target.
@@ -476,7 +476,7 @@ sub get_address # Get external interface. my $external_interface = &get_external_interface();
push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
}
# If nothing was selected, we assume "any".
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index e009c1838..d533ffb42 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -401,7 +401,13 @@ sub buildrules { my @source_options = (); if ($source =~ /mac/) { push(@source_options, $source);
} elsif ($source =~ /-m geoip/) {
} elsif ($source =~ /-m set/) {
# Grab location code from hash.
my $loc_src = $$hash{$key}[4];
# Call function to load the networks list for this country.
&ipset_restore($loc_src);
push(@source_options, $source); } elsif($source) { push(@source_options, ("-s", $source));
@@ -409,7 +415,13 @@ sub buildrules {
# Prepare destination options. my @destination_options = ();
if ($destination =~ /-m geoip/) {
if ($destination =~ /-m set/) {
# Grab location code from hash.
my $loc_dst = $$hash{$key}[6];
# Call function to load the networks list for this country.
&ipset_restore($loc_dst);
push(@destination_options, $destination); } elsif ($destination) { push(@destination_options, ("-d", $destination));