+sub locationblock {
+ # Flush iptables chain.
+ run("$IPTABLES -F LOCATIONBLOCK");
+
+ # If location blocking is not enabled, we are finished here.
+ if ($locationsettings{'LOCATIONBLOCK_ENABLED'} ne "on") {
+ # Exit submodule. Process remaining script.
+ return;
+ }
+
+ # Only check the RED interface, which is ppp0 in case of RED_TYPE being
+ # set to "PPPOE", and red0 in case of RED_TYPE not being empty otherwise.
+ if ($defaultNetworks{'RED_TYPE'} eq "PPPOE") {
+ run("$IPTABLES -A LOCATIONBLOCK ! -i ppp0 -j RETURN");
+ } elsif ($defaultNetworks{'RED_DEV'} ne "") {
+ run("$IPTABLES -A LOCATIONBLOCK ! -i $defaultNetworks{'RED_DEV'} -j RETURN");
+ }
+
+ # Do not check any private address space
+ foreach my $network (@PRIVATE_NETWORKS) {
+ run("$IPTABLES -A LOCATIONBLOCK -s $network -j RETURN");
+ }
+
+ # Loop through all supported locations and
+ # create iptables rules, if blocking for this country
+ # is enabled.
+ foreach my $location (@locations) {
+ if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") {
+ run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP");
+ }
+ }
+}
+