From 910abe6dba2771a639b4ff76c868797015f35110 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 14 Apr 2023 20:45:28 +0200
Subject: [PATCH] rules.pl: Use load_location function to load a location set

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/firewall/rules.pl | 51 +++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 8 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index fc1be960e3..7223adf5e2 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -434,8 +434,17 @@ sub buildrules {
 						# obtain the set name.
 						my ($a, $b, $c, $loc_src, $e) = split(/ /, $source);
 
-						# Call function to load the networks list for this country.
-						&ipset_restore($loc_src);
+						# Call function to load the networks list for this country,
+						# in case it is not loaded yet.
+						unless($ipset_loaded_sets{$loc_src}) {
+							# Print debug notice.
+							print "Loading set $loc_src\n" if ($DEBUG);
+
+							&Location::Functions::load_location($loc_src);
+
+							# Mark the set as loaded.
+							$ipset_loaded_sets{$loc_src} = "1";
+						}
 
 						push(@source_options, $source);
 					} elsif($source) {
@@ -449,8 +458,17 @@ sub buildrules {
 						# obtain the set name.
 						my ($a, $b, $c, $loc_dst, $e) = split(/ /, $destination);
 
-						# Call function to load the networks list for this country.
-						&ipset_restore($loc_dst);
+						# Call function to load the networks list for this country,
+						# if it is not loaded yet.
+						unless($ipset_loaded_sets{$loc_dst}) {
+							# Print debug notice.
+							print "Loading set $loc_dst\n" if ($DEBUG);
+
+							&Location::Functions::load_location($loc_dst);
+
+							# Mark the set as loaded.
+							$ipset_loaded_sets{$loc_dst} = "1";
+						}
 
 						push(@destination_options,  $destination);
 					} elsif ($destination) {
@@ -697,8 +715,17 @@ sub locationblock {
 	# is enabled.
 	foreach my $location (@locations) {
 		if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") {
-			# Call function to load the networks list for this country.
-			&ipset_restore($location);
+			# Call function to load the networks list for this country, if not
+			# loaded yet.
+			unless($ipset_loaded_sets{$location}) {
+				# Print debug notice.
+				print "Loading set $location\n" if ($DEBUG);
+
+				&Location::Functions::load_location($location);
+
+				# Mark the set as loaded.
+				$ipset_loaded_sets{$location} = "1";
+			}
 
 			# Call iptables and create rule to use the loaded ipset list.
 			run("$IPTABLES -A LOCATIONBLOCK -m set --match-set $location src -j DROP");
@@ -719,8 +746,16 @@ sub drop_hostile_networks () {
 	# Exit if there is no red interface.
 	return unless($RED_DEV);
 
-	# Call function to load the network list of hostile networks.
-	&ipset_restore($HOSTILE_CCODE);
+	# Call function to load the network list of hostile networks, if not loaded yet.
+	unless ($ipset_loaded_sets{$HOSTILE_CCODE}) {
+		# Print debug notice.
+		print "Loading set $HOSTILE_CCODE\n" if ($DEBUG);
+
+		&Location::Functions::load_location($HOSTILE_CCODE);
+
+		# Mark the set as loaded.
+		$ipset_loaded_sets{$HOSTILE_CCODE} = "1";
+	}
 
 	# Check traffic in incoming/outgoing direction and drop if it matches
 	run("$IPTABLES -A HOSTILE -i $RED_DEV -m set --match-set $HOSTILE_CCODE src -j HOSTILE_DROP");
-- 
2.39.5