X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=8ca02bc9d1932b4530556d5baf29ef0053eb090d;hb=1292598207d74304227a3c77346c1d046eb51975;hp=c383652e0b5e89b086caac5a1d745181fb113b6b;hpb=32f17a8e4ad0701b3ddbcc22b353bb5430c9d42b;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c383652e0b..8ca02bc9d1 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,6 +179,11 @@ iptables_init() {
 		iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
 	fi
 
+	# GeoIP block
+	iptables -N GEOIPBLOCK
+	iptables -A INPUT -j GEOIPBLOCK
+	iptables -A FORWARD -j GEOIPBLOCK
+
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	iptables -N IPSECINPUT
 	iptables -N IPSECFORWARD