rules.pl: Flush GEOIPBLOCK chain when the feature will be switched off.

Otherwise existing rules still remain in the chain and will be processed even geoipblock has been disabled.
2026-04-14 13:02:58 +02:00 · 2015-03-08 10:09:16 +01:00
parent e24668f99a
commit 0bb4b135d1
1 changed files with 4 additions and 1 deletions
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -586,6 +586,9 @@ sub geoipblock {
 		# Read settings file
 		&General::readhash("$geoipfile", \%geoipsettings);
 	} else {
+		# Drop active rules.
+		run("$IPTABLES -F GEOIPBLOCK");
+
 		# Exit submodule, go on processing the remaining script
 		return;
 	}
@@ -599,7 +602,7 @@ sub geoipblock {
 	# Get supported locations.
 	my @locations = &fwlib::get_geoip_locations();

-	# Create iptables chain.
+	# Flush iptables chain.
 	run("$IPTABLES -F GEOIPBLOCK");

 	# Loop through all supported geoip locations and