firewall-lib.pl: Populate GeoIP rules only if location is available.

In case a GeoIP related firewall rule should be created, the script now will check if the given location is still available. Fixes #12054. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2019-04-16 21:08:05 +02:00
parent 75612f0644
commit dba780a784
1 changed files with 34 additions and 6 deletions
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -72,6 +72,9 @@ my $netsettings		= "${General::swroot}/ethernet/settings";
 &General::readhasharray("$configsrvgrp", \%customservicegrp);
 &General::get_aliases(\%aliases);

+# Get all available GeoIP locations.
+my @available_geoip_locations = &get_geoip_locations();
+
 sub get_srv_prot
 {
 	my $val=shift;
@@ -458,17 +461,23 @@ sub get_address

 	# Handle rule options with GeoIP as source.
 	} elsif ($key eq "cust_geoip_src") {
-		# Get external interface.
-		my $external_interface = &get_external_interface();
+		# Check if the given GeoIP location is available.
+		if(&geoip_location_is_available($value)) {
+			# Get external interface.
+			my $external_interface = &get_external_interface();

-		push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+			push(@ret, ["-m geoip --src-cc $value", "$external_interface"]);
+		}

 	# Handle rule options with GeoIP as target.
 	} elsif ($key eq "cust_geoip_tgt") {
-		# Get external interface.
-		my $external_interface = &get_external_interface();
+		# Check if the given GeoIP location is available.
+		if(&geoip_location_is_available($value)) {
+			# Get external interface.
+			my $external_interface = &get_external_interface();

-		push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+			push(@ret, ["-m geoip --dst-cc $value", "$external_interface"]);
+		}

 	# If nothing was selected, we assume "any".
 	} else {
@@ -612,4 +621,23 @@ sub get_geoip_locations() {
 	return &GeoIP::get_geoip_locations();
 }

+# Function to check if a database of a given GeoIP location is
+# available.
+sub geoip_location_is_available($) {
+	my ($location) = @_;
+
+	# Loop through the global array of available GeoIP locations.
+	foreach my $geoip_location (@available_geoip_locations) {
+		# Check if the current processed location is the searched one.
+		if($location eq $geoip_location) {
+			# If it is part of the array, return "1" - True.
+			return 1;
+		}
+	}
+
+	# If we got here, the given location is not part of the array of available
+	# zones. Return nothing.
+	return;
+}
+
 return 1;