From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 3 Jan 2015 23:57:23 +0000 (+0100)
Subject: Add "GEOIPBLOCK" chains to firewall initscript.
X-Git-Tag: v2.17-core91~128^2~6^2~12^2~17
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=cab02e2a5f77eaf0bc12f7c115348baf2a04b699

Add "GEOIPBLOCK" chains to firewall initscript.
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index c383652e0b..8ca02bc9d1 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,6 +179,11 @@ iptables_init() {
 		iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
 	fi
 
+	# GeoIP block
+	iptables -N GEOIPBLOCK
+	iptables -A INPUT -j GEOIPBLOCK
+	iptables -A FORWARD -j GEOIPBLOCK
+
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	iptables -N IPSECINPUT
 	iptables -N IPSECFORWARD