| Message ID | 20220214184257.2406-6-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 0df1d268edc94df13f6f5e610e69a2bd63d79918 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JyClz4HBlz3wsl for <patchwork@web04.haj.ipfire.org>; Mon, 14 Feb 2022 18:43:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JyClq0Gn9z5NR; Mon, 14 Feb 2022 18:43:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JyClp2GCwz30H8; Mon, 14 Feb 2022 18:43:18 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JyClm2VfXz2xVx for <development@lists.ipfire.org>; Mon, 14 Feb 2022 18:43:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4JyClm0GRNz3gG; Mon, 14 Feb 2022 18:43:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1644864196; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZmBkYfzKw546PBXaYxBW3ZipP41lRWUXJ2Ow9DX20/o=; b=O/LNlHucp3AK9Z4LHyWaqvbwz+BZzYx0grq3L0XpcZ4db+T/poAvAJNiHhpYt9Y2NHReLp kgKfFZMqN4Wc1jCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1644864196; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZmBkYfzKw546PBXaYxBW3ZipP41lRWUXJ2Ow9DX20/o=; b=p9yBqaZmToNLJWdIc7BfNDVOPoUOonjZG3DSjJ7vrlZ/3pZQZaYWTwyxrkI58Hy8oQq0lG sbT88Iq+s0xFWAAH6ONYuPmFB5lzlJ1YNjodKD8P66nB6EzRu1k+pRl9HeXaobi6Awq6s2 p4offGWLCemhb9WhwlIw71oVLTjpwYfIZbx9bBkXkfrfVkpl0cQUF4K0RrD0NKS2U/H16h glM8EwSJt+Cq0nouGu+oIJVDeAfjaLq7aUT3aQLxlsPylXChhyWzda0Zsh7maaf8RnXcO5 8L1f/yA0jA08MBwVajX/6GsyRFWrqBSLTBkAPTfSqBPidE2tsFTAe2CDjPBOWA== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 06/12] rules.pl: Move to ipset based data for LOCATIONBLOCK feature. Date: Mon, 14 Feb 2022 19:42:50 +0100 Message-Id: <20220214184257.2406-6-stefan.schantl@ipfire.org> In-Reply-To: <20220214184257.2406-1-stefan.schantl@ipfire.org> References: <20220214184257.2406-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[01/12] location-functions.pl: Rename and set the location for exported databases to "/var/lib/location/ipset/".
|
|
Commit Message
Stefan Schantl
Feb. 14, 2022, 6:42 p.m. UTC
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/firewall/rules.pl | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 5b1153b08..e009c1838 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -671,7 +671,11 @@ sub locationblock { > # is enabled. > foreach my $location (@locations) { > if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") { > - run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP"); > + # Call function to load the networks list for this country. > + &ipset_restore($location); > + > + # Call iptables and create rule to use the loaded ipset list. > + run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP"); > } > } > }
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 14 Feb 2022, at 18:42, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 5b1153b08..e009c1838 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -671,7 +671,11 @@ sub locationblock { > # is enabled. > foreach my $location (@locations) { > if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") { > - run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP"); > + # Call function to load the networks list for this country. > + &ipset_restore($location); > + > + # Call iptables and create rule to use the loaded ipset list. > + run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP"); > } > } > } > -- > 2.30.2 >
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 5b1153b08..e009c1838 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -671,7 +671,11 @@ sub locationblock { # is enabled. foreach my $location (@locations) { if(exists $locationsettings{$location} && $locationsettings{$location} eq "on") { - run("$IPTABLES -A LOCATIONBLOCK -m geoip --src-cc $location -j DROP"); + # Call function to load the networks list for this country. + &ipset_restore($location); + + # Call iptables and create rule to use the loaded ipset list. + run("$IPTABLES -A LOCATIONBLOCK -m set --match-set CC_$location src -j DROP"); } } }