rules.pl: Move to ipset based data for location based firewall rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

config/firewall/firewall-lib.pl

@@ -466,7 +466,7 @@ sub get_address
 			# Get external interface.
 			my $external_interface = &get_external_interface();
 
-			push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+			push(@ret, ["-m set --match-set CC_$value src", "$external_interface"]);
 		}
 
 	# Handle rule options with a location as target.
@@ -476,7 +476,7 @@ sub get_address
 			# Get external interface.
 			my $external_interface = &get_external_interface();
 
-			push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+			push(@ret, ["-m set --match-set CC_$value dst", "$external_interface"]);
 		}
 
 	# If nothing was selected, we assume "any".

config/firewall/rules.pl

@@ -401,7 +401,13 @@ sub buildrules {
 					my @source_options = ();
 					if ($source =~ /mac/) {
 						push(@source_options, $source);
-					} elsif ($source =~ /-m geoip/) {
+					} elsif ($source =~ /-m set/) {
+						# Grab location code from hash.
+						my $loc_src = $$hash{$key}[4];
+
+						# Call function to load the networks list for this country.
+						&ipset_restore($loc_src);
+
 						push(@source_options, $source);
 					} elsif($source) {
 						push(@source_options, ("-s", $source));
@@ -409,7 +415,13 @@ sub buildrules {
 
 					# Prepare destination options.
 					my @destination_options = ();
-					if ($destination =~ /-m geoip/) {
+					if ($destination =~ /-m set/) {
+						# Grab location code from hash.
+						my $loc_dst = $$hash{$key}[6];
+
+						# Call function to load the networks list for this country.
+						&ipset_restore($loc_dst);
+
 						push(@destination_options,  $destination);
 					} elsif ($destination) {
 						push(@destination_options, ("-d", $destination));