rules.pl: Move flush of LOCATIONBLOCK into main flush() function.

It is required to get rid of all ipset based rules before all of
the loaded ipset lists can be destroyed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9d280045adf6dcbaa72df3d45b4f09e22107825b..f685d08a7f3caf8ea9606207b00c7fc52da79e2d 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -186,6 +186,9 @@ sub flush {
        run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
        run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
        run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+
+       # Flush LOCATIONBLOCK chain.
+       run("$IPTABLES -F LOCATIONBLOCK");
 }
 
 sub buildrules {
@@ -638,8 +641,7 @@ sub p2pblock {
 }
 
 sub locationblock {
-       # Flush iptables chain.
-       run("$IPTABLES -F LOCATIONBLOCK");
+       # The LOCATIONBLOCK chain now gets flushed by the flush() function.
 
        # If location blocking is not enabled, we are finished here.
        if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {