rules.pl: Move to ipset based data for LOCATIONBLOCK feature.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 5b1153b08a50e28c6c789266ada620c68a3f99af..e009c18380cb73d9417e2fb953587476e295734e 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -671,7 +671,11 @@ sub locationblock {
        # is enabled.
        foreach my $location (@locations) {
                if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") {
-                       run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP");
+                       # Call function to load the networks list for this country.
+                       &ipset_restore($location);
+
+                       # Call iptables and create rule to use the loaded ipset list.
+                       run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP");
                }
        }
 }