From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 14 Feb 2022 18:42:47 +0000 (+0100)
Subject: rules.pl: Move flush of LOCATIONBLOCK into main flush() function.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bbeb2a5067f72d0f4073a7a183ed6f1f3477765c;p=people%2Fms%2Fipfire-2.x.git

rules.pl: Move flush of LOCATIONBLOCK into main flush() function.

It is required to get rid of all ipset based rules before all of
the loaded ipset lists can be destroyed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9d280045ad..f685d08a7f 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -186,6 +186,9 @@ sub flush {
 	run("$IPTABLES -t nat -F $CHAIN_NAT_SOURCE");
 	run("$IPTABLES -t nat -F $CHAIN_NAT_DESTINATION");
 	run("$IPTABLES -t mangle -F $CHAIN_MANGLE_NAT_DESTINATION_FIX");
+
+	# Flush LOCATIONBLOCK chain.
+	run("$IPTABLES -F LOCATIONBLOCK");
 }
 
 sub buildrules {
@@ -638,8 +641,7 @@ sub p2pblock {
 }
 
 sub locationblock {
-	# Flush iptables chain.
-	run("$IPTABLES -F LOCATIONBLOCK");
+	# The LOCATIONBLOCK chain now gets flushed by the flush() function.
 
 	# If location blocking is not enabled, we are finished here.
 	if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {