From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 8 Mar 2015 09:09:16 +0000 (+0100)
Subject: rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03e8c80bebc339d83dd04a45129266ae37aed4e6;p=people%2Fstevee%2Fipfire-2.x.git

rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.

Otherwise existing rules still remain in the chain and will be processed
even geoipblock has been disabled.
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index a12ab56670..98ab22b4d8 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -589,6 +589,9 @@ sub geoipblock {
 		# Read settings file
 		&General::readhash("$geoipfile", \%geoipsettings);
 	} else {
+		# Drop active rules.
+		run("$IPTABLES -F GEOIPBLOCK");
+
 		# Exit submodule, go on processing the remaining script
 		return;
 	}
@@ -602,7 +605,7 @@ sub geoipblock {
 	# Get supported locations.
 	my @locations = &fwlib::get_geoip_locations();
 
-	# Create iptables chain.
+	# Flush iptables chain.
 	run("$IPTABLES -F GEOIPBLOCK");
 
 	# Loop through all supported geoip locations and