rules.pl: Move to ipset based data for location based firewall rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index e7ec30ae0b337234418e5fc013c2641128a0c010..f4089a3a00bea0bff7217314ceecb59d44dadc80 100644 (file)
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -466,7 +466,7 @@ sub get_address
                        # Get external interface.
                        my $external_interface = &get_external_interface();
 
-                       push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+                       push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
                }
 
        # Handle rule options with a location as target.
@@ -476,7 +476,7 @@ sub get_address
                        # Get external interface.
                        my $external_interface = &get_external_interface();
 
-                       push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+                       push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
                }
 
        # If nothing was selected, we assume "any".

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index e009c18380cb73d9417e2fb953587476e295734e..d533ffb428bb4462eb66f8a83994440950c8cc84 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -401,7 +401,13 @@ sub buildrules {
                                        my @source_options = ();
                                        if ($source =~ /mac/) {
                                                push(@source_options, $source);
-                                       } elsif ($source =~ /-m geoip/) {
+                                       } elsif ($source =~ /-m set/) {
+                                               # Grab location code from hash.
+                                               my $loc_src = $$hash{$key}[4];
+
+                                               # Call function to load the networks list for this country.
+                                               &ipset_restore($loc_src);
+
                                                push(@source_options, $source);
                                        } elsif($source) {
                                                push(@source_options, ("-s", $source));
@@ -409,7 +415,13 @@ sub buildrules {
 
                                        # Prepare destination options.
                                        my @destination_options = ();
-                                       if ($destination =~ /-m geoip/) {
+                                       if ($destination =~ /-m set/) {
+                                               # Grab location code from hash.
+                                               my $loc_dst = $$hash{$key}[6];
+
+                                               # Call function to load the networks list for this country.
+                                               &ipset_restore($loc_dst);
+
                                                push(@destination_options,  $destination);
                                        } elsif ($destination) {
                                                push(@destination_options, ("-d", $destination));