rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.

Otherwise existing rules still remain in the chain and will be processed
even geoipblock has been disabled.

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index a12ab56670f92342527cc4748349fc0301cbde2e..98ab22b4d858b8ef54f3fcbc700680e97ce396db 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -589,6 +589,9 @@ sub geoipblock {
                # Read settings file
                &General::readhash("$geoipfile", \%geoipsettings);
        } else {
+               # Drop active rules.
+               run("$IPTABLES -F GEOIPBLOCK");
+
                # Exit submodule, go on processing the remaining script
                return;
        }
@@ -602,7 +605,7 @@ sub geoipblock {
        # Get supported locations.
        my @locations = &fwlib::get_geoip_locations();
 
-       # Create iptables chain.
+       # Flush iptables chain.
        run("$IPTABLES -F GEOIPBLOCK");
 
        # Loop through all supported geoip locations and