Merge branch 'seventeen-geoip' into next-geoip

src/initscripts/init.d/firewall

@@ -179,6 +179,11 @@ iptables_init() {
 		iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
 	fi
 
+	# GeoIP block
+	iptables -N GEOIPBLOCK
+	iptables -A INPUT -j GEOIPBLOCK
+	iptables -A FORWARD -j GEOIPBLOCK
+
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	iptables -N IPSECINPUT
 	iptables -N IPSECFORWARD

src/initscripts/init.d/networking/red.up/99-geoip-database

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Get the GeoIP database if no one exists yet.
+
+DIR=/usr/share/xt_geoip
+
+found=false
+
+# Check if the directory contains any data.
+for i in $DIR/*; do
+        found=true
+        break
+done
+
+# Download ruleset if none has been found.
+if ! ${found}; then
+	/us/local/bin/xt_geoip_update >/dev/null 2>&1
+fi
+
+exit 0