Merge branch 'next-geoip' into core-90-geoip

src/initscripts/init.d/firewall

@@ -179,6 +179,11 @@ iptables_init() {
 		iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
 	fi
 
+	# GeoIP block
+	iptables -N GEOIPBLOCK
+	iptables -A INPUT -j GEOIPBLOCK
+	iptables -A FORWARD -j GEOIPBLOCK
+
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	iptables -N IPSECINPUT
 	iptables -N IPSECFORWARD

src/initscripts/init.d/networking/red.up/99-geoip-database

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Get the GeoIP database if no one exists yet.
+
+DIR="/usr/share/xt_geoip/*"
+
+found=false
+
+# Check if the directory contains any data.
+for i in $DIR; do
+	# Ignore "." and ".."
+	if [ -d "$i" ]; then
+        	found=true
+        	break
+	fi
+done
+
+# Download ruleset if none has been found.
+if ! ${found}; then
+	/usr/local/bin/xt_geoip_update >/dev/null 2>&1
+fi
+
+exit 0