rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.

Otherwise existing rules still remain in the chain and will be processed
even geoipblock has been disabled.

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index fa7edee1bec2fb36645c144dc1bc77fd054ed937..5358996114979de58e464e7d958a78b320a4b68e 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -586,6 +586,9 @@ sub geoipblock {
                # Read settings file
                &General::readhash("$geoipfile", \%geoipsettings);
        } else {
+               # Drop active rules.
+               run("$IPTABLES -F GEOIPBLOCK");
+
                # Exit submodule, go on processing the remaining script
                return;
        }
@@ -599,7 +602,7 @@ sub geoipblock {
        # Get supported locations.
        my @locations = &fwlib::get_geoip_locations();
 
-       # Create iptables chain.
+       # Flush iptables chain.
        run("$IPTABLES -F GEOIPBLOCK");
 
        # Loop through all supported geoip locations and