From 03e8c80bebc339d83dd04a45129266ae37aed4e6 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 8 Mar 2015 10:09:16 +0100
Subject: [PATCH] rules.pl: Flush GEOIPBLOCK chain when the feature will be
 switched off.

Otherwise existing rules still remain in the chain and will be processed
even geoipblock has been disabled.
---
 config/firewall/rules.pl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index a12ab56670..98ab22b4d8 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -589,6 +589,9 @@ sub geoipblock {
 		# Read settings file
 		&General::readhash("$geoipfile", \%geoipsettings);
 	} else {
+		# Drop active rules.
+		run("$IPTABLES -F GEOIPBLOCK");
+
 		# Exit submodule, go on processing the remaining script
 		return;
 	}
@@ -602,7 +605,7 @@ sub geoipblock {
 	# Get supported locations.
 	my @locations = &fwlib::get_geoip_locations();
 
-	# Create iptables chain.
+	# Flush iptables chain.
 	run("$IPTABLES -F GEOIPBLOCK");
 
 	# Loop through all supported geoip locations and
-- 
2.39.5