} elsif ($NAT_MODE eq "SNAT") {
my @nat_options = @options;
+ if ($destination_intf) {
+ push(@nat_options, ("-o", $destination_intf));
+ }
+
push(@nat_options, @source_options);
push(@nat_options, @destination_options);
sub geoipblock {
my %geoipsettings = ();
+ $geoipsettings{'GEOIPBLOCK_ENABLED'} = "off";
+
+ # Flush iptables chain.
+ run("$IPTABLES -F GEOIPBLOCK");
# Check if the geoip settings file exists
if (-e "$geoipfile") {
# Read settings file
&General::readhash("$geoipfile", \%geoipsettings);
- } else {
- # Drop active rules.
- run("$IPTABLES -F GEOIPBLOCK");
-
- # Exit submodule, go on processing the remaining script
- return;
}
# If geoip blocking is not enabled, we are finished here.
# Get supported locations.
my @locations = &fwlib::get_geoip_locations();
- # Flush iptables chain.
- run("$IPTABLES -F GEOIPBLOCK");
-
# Loop through all supported geoip locations and
# create iptables rules, if blocking this country
# is enabled.
foreach my $location (@locations) {
- if($geoipsettings{$location} eq "on") {
+ if(exists $geoipsettings{$location} && $geoipsettings{$location} eq "on") {
run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP");
}
}