From: Peter Müller <peter.mueller@ipfire.org>
Date: Tue, 15 Feb 2022 18:18:31 +0000 (+0000)
Subject: firewall: Get rid of xt_geoip for DROP_HOSTILE
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7987879e21b7fb5369b9b74d3173ff3949d7f89a;p=people%2Fms%2Fipfire-2.x.git

firewall: Get rid of xt_geoip for DROP_HOSTILE

This is required to drop xtables-addons altogether.

Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 2ac7db09b1..adb2240bbe 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -147,10 +147,10 @@ iptables_init() {
 	iptables -N HOSTILE
 	if [ "$DROPHOSTILE" == "on" ]; then
 		iptables -A HOSTILE -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
-		iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j HOSTILE
-		iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE
-		iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE
-		iptables -A OUTPUT  -o $IFACE -m geoip --src-cc XD -j HOSTILE
+		iptables -A INPUT   -i $IFACE -m set --match-set CC_XD src -j HOSTILE
+		iptables -A FORWARD -i $IFACE -m set --match-set CC_XD src -j HOSTILE
+		iptables -A FORWARD -o $IFACE -m set --match-set CC_XD dst -j HOSTILE
+		iptables -A OUTPUT  -o $IFACE -m set --match-set CC_XD src -j HOSTILE
 	fi
 	iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"