smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-bz10794-masq-template.patch

diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip     2019-07-28 06:07:15.053185349 +0200
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-07-28 06:17:00.655164126 +0200
@@ -1,18 +1,6 @@
 # masq : drop from geoip countries
 {
-    my $BC = $masq{BadCountries} || '';
-    my $GP = $masq{GeoIP} || 'disabled';
-    my $KERNEL = `/bin/uname -r`;
-    chomp($KERNEL);
-    my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
-    my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko";
-    my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko";
-    my $port;
-    my @locPorts;
-    my $servStatus;
-    my $locBC;
-   # to allow reload      
-            $OUT .=<<'EOF';
+  $OUT .=<<'EOF';
    # A blacklist chain for xtables-addons GEOIP
     /sbin/iptables --new-chain XTGeoIP
     /sbin/iptables --new-chain XTGeoIP_1
@@ -21,67 +9,4 @@
        -j XTGeoIP
 EOF
 
-    if ($GP eq 'enabled')
-    {
-        if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE)
-        {
-
-# do not block LAN
-    my $locals = "@locals";
-    if (@locals)
-    {
-        # Make a new local_chk chain and add any networks found in networks db
-        foreach my $local (@locals)
-        {
-            # If the network is a remote vpn subnet, restrict it to the ipsec0
-            # interface.
-            my ($net, $msk) = split /\//, $local;
-            my $netrec = $nets->get($net);
-            die "Can't find network $net in networks db!\n" unless $netrec;
-            $OUT .= "    /sbin/iptables -A XTGeoIP_1 -s $local";
-            if (($netrec->prop('remoteVPNSubnet') || 'no') eq 'yes')
-            {
-                $OUT .= " --in-interface ipsec0";
-            }
-            $OUT .= " -j RETURN\n";
-        }
-    }
-
-    ##adding here for service specific
-    
-       my @services = split(/,/, $masq{'XtServices'});
-       foreach my $servName (@services) 
-       {
-           $port = ${$servName}{'TCPPort'} || '';
-           my $servStatus = ${$servName}{'status'} || 'disabled';
-           my $servAccess = ${$servName}{'access'} || 'private';
-           my $locBC = ${$servName}{'BadCountries'} || '';
-           my $reverse = ( ( ${$servName}{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!":  "";
-           if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
-               push  @locPorts, $port;
-                my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport";
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n";
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n";
-           }
-       }
-
-    # block for other or all should move there
-    if ($BC ne '') {
-       my $reverse = ( ( $masq{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!":  "";
-       my $others = ( ( $masq{'XTGeoipOther'}  || 'enabled') eq "disabled") ? 1 : 0;
-       @locPorts = () unless $others;
-       if (@locPorts != 0) {
-               my $LocPorts = join ',', @locPorts;
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n";
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j DROP\n";
-       } else {
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
-                $OUT .= "    /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j DROP\n";
-        }
-    }
-    $OUT .= "    /sbin/iptables --append  XTGeoIP_1" .
-                " -j RETURN\n";
-    ## end of add
-    } else { $OUT .= "    # module xt_geoip not found for current kernel\n"; }
-    } else { $OUT .= "    # xt_geoip disabled\n"; }
 }
diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip       2019-07-28 06:07:15.251185374 +0200
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip   2019-07-28 06:13:24.431170782 +0200
@@ -32,12 +32,12 @@
     /sbin/iptables --new-chain $NEW_XTGeoIP
 EOF
 
-    if ($GP eq 'enabled' and $BC ne '')
+    if ( $GP eq 'enabled' )
     {
         if (-s $PATH_MODULE || -s $PATH2_MODULE || -s $PATH3_MODULE)
         {
 
-# do not block LAN
+    # do not block LAN
     my $locals = "@locals";
     if (@locals)
     {
@@ -75,8 +75,8 @@
            }
        }
 
-                # block for all or other ports should move there
-                if ($BC ne '') {
+   # block for all or other ports should move there
+   if ($BC ne '') {
                    my $reverse = ( ( $masq{'XTGeoipRev'} || 'disabled' ) eq "enabled" )? "!":  "";
                    my $others = ( ( $masq{'XTGeoipOther'}  || 'disabled') eq "enabled") ? 1 : 0;
                    @locPorts = () unless $others;
1	jpp	1.1	diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip
2			--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-07-28 06:07:15.053185349 +0200
3			+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40Xt_Geoip 2019-07-28 06:17:00.655164126 +0200
4			@@ -1,18 +1,6 @@
5			# masq : drop from geoip countries
6			{
7			- my $BC = $masq{BadCountries} \|\| '';
8			- my $GP = $masq{GeoIP} \|\| 'disabled';
9			- my $KERNEL = `/bin/uname -r`;
10			- chomp($KERNEL);
11			- my $PATH_MODULE = "/lib/modules/$KERNEL/extra/xt_geoip.ko";
12			- my $PATH2_MODULE = "/lib/modules/$KERNEL/weak-updates/xt_geoip.ko";
13			- my $PATH3_MODULE = "/lib/modules/$KERNEL/weak-updates/xtables-addons/xt_geoip.ko";
14			- my $port;
15			- my @locPorts;
16			- my $servStatus;
17			- my $locBC;
18			- # to allow reload
19			- $OUT .=<<'EOF';
20			+ $OUT .=<<'EOF';
21			# A blacklist chain for xtables-addons GEOIP
22			/sbin/iptables --new-chain XTGeoIP
23			/sbin/iptables --new-chain XTGeoIP_1
24			@@ -21,67 +9,4 @@
25			-j XTGeoIP
26			EOF
27
28			- if ($GP eq 'enabled')
29			- {
30			- if (-s $PATH_MODULE \|\| -s $PATH2_MODULE \|\| -s $PATH3_MODULE)
31			- {
32			-
33			-# do not block LAN
34			- my $locals = "@locals";
35			- if (@locals)
36			- {
37			- # Make a new local_chk chain and add any networks found in networks db
38			- foreach my $local (@locals)
39			- {
40			- # If the network is a remote vpn subnet, restrict it to the ipsec0
41			- # interface.
42			- my ($net, $msk) = split /\//, $local;
43			- my $netrec = $nets->get($net);
44			- die "Can't find network $net in networks db!\n" unless $netrec;
45			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -s $local";
46			- if (($netrec->prop('remoteVPNSubnet') \|\| 'no') eq 'yes')
47			- {
48			- $OUT .= " --in-interface ipsec0";
49			- }
50			- $OUT .= " -j RETURN\n";
51			- }
52			- }
53			-
54			- ##adding here for service specific
55			-
56			- my @services = split(/,/, $masq{'XtServices'});
57			- foreach my $servName (@services)
58			- {
59			- $port = ${$servName}{'TCPPort'} \|\| '';
60			- my $servStatus = ${$servName}{'status'} \|\| 'disabled';
61			- my $servAccess = ${$servName}{'access'} \|\| 'private';
62			- my $locBC = ${$servName}{'BadCountries'} \|\| '';
63			- my $reverse = ( ( ${$servName}{'XTGeoipRev'} \|\| 'disabled' ) eq "enabled" )? "!": "";
64			- if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
65			- push @locPorts, $port;
66			- my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport";
67			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n";
68			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n";
69			- }
70			- }
71			-
72			- # block for other or all should move there
73			- if ($BC ne '') {
74			- my $reverse = ( ( $masq{'XTGeoipRev'} \|\| 'disabled' ) eq "enabled" )? "!": "";
75			- my $others = ( ( $masq{'XTGeoipOther'} \|\| 'enabled') eq "disabled") ? 1 : 0;
76			- @locPorts = () unless $others;
77			- if (@locPorts != 0) {
78			- my $LocPorts = join ',', @locPorts;
79			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n";
80			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j DROP\n";
81			- } else {
82			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
83			- $OUT .= " /sbin/iptables -A XTGeoIP_1 -p tcp -m geoip $reverse --src-cc $BC -j DROP\n";
84			- }
85			- }
86			- $OUT .= " /sbin/iptables --append XTGeoIP_1" .
87			- " -j RETURN\n";
88			- ## end of add
89			- } else { $OUT .= " # module xt_geoip not found for current kernel\n"; }
90			- } else { $OUT .= " # xt_geoip disabled\n"; }
91			}
92			diff -Nur smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
93			--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-07-28 06:07:15.251185374 +0200
94			+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip 2019-07-28 06:13:24.431170782 +0200
95			@@ -32,12 +32,12 @@
96			/sbin/iptables --new-chain $NEW_XTGeoIP
97			EOF
98
99			- if ($GP eq 'enabled' and $BC ne '')
100			+ if ( $GP eq 'enabled' )
101			{
102			if (-s $PATH_MODULE \|\| -s $PATH2_MODULE \|\| -s $PATH3_MODULE)
103			{
104
105			-# do not block LAN
106			+ # do not block LAN
107			my $locals = "@locals";
108			if (@locals)
109			{
110			@@ -75,8 +75,8 @@
111			}
112			}
113
114			- # block for all or other ports should move there
115			- if ($BC ne '') {
116			+ # block for all or other ports should move there
117			+ if ($BC ne '') {
118			my $reverse = ( ( $masq{'XTGeoipRev'} \|\| 'disabled' ) eq "enabled" )? "!": "";
119			my $others = ( ( $masq{'XTGeoipOther'} \|\| 'disabled') eq "enabled") ? 1 : 0;
120			@locPorts = () unless $others;