From cab02e2a5f77eaf0bc12f7c115348baf2a04b699 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 4 Jan 2015 00:57:23 +0100
Subject: [PATCH] Add "GEOIPBLOCK" chains to firewall initscript.

---
 src/initscripts/init.d/firewall | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c383652e0b..8ca02bc9d1 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,6 +179,11 @@ iptables_init() {
 		iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
 	fi
 
+	# GeoIP block
+	iptables -N GEOIPBLOCK
+	iptables -A INPUT -j GEOIPBLOCK
+	iptables -A FORWARD -j GEOIPBLOCK
+
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	iptables -N IPSECINPUT
 	iptables -N IPSECFORWARD
-- 
2.39.2