From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 11 Feb 2022 20:28:41 +0000 (+0100)
Subject: rules.pl: Move to ipset based data for LOCATIONBLOCK feature.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=68cb0a4630abedc51ca9f237f575c7c54ca1c3e7;p=people%2Fstevee%2Fipfire-2.x.git

rules.pl: Move to ipset based data for LOCATIONBLOCK feature.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 5b1153b08a..e009c18380 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -671,7 +671,11 @@ sub locationblock {
 	# is enabled.
 	foreach my $location (@locations) {
 		if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") {
-			run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP");
+			# Call function to load the networks list for this country.
+			&ipset_restore($location);
+
+			# Call iptables and create rule to use the loaded ipset list.
+			run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP");
 		}
 	}
 }