Merge pull request #1357 from sarthurdev/geoip

firewall: T4299: Add support for GeoIP filtering

1 files changed, 16 insertions, 0 deletions

diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index 1f88ae40c..961b83301 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -60,6 +60,14 @@ table ip filter {
         flags dynamic
     }
 {%     endfor %}
+{%     if geoip_updated.name is vyos_defined %}
+{%         for setname in geoip_updated.name %}
+    set {{ setname }} {
+        type ipv4_addr
+        flags interval
+    }
+{%         endfor %}
+{%     endif %}
 {% endif %}
 {% if state_policy is vyos_defined %}
     chain VYOS_STATE_POLICY {
@@ -121,6 +129,14 @@ table ip6 filter {
         flags dynamic
     }
 {%     endfor %}
+{%     if geoip_updated.ipv6_name is vyos_defined %}
+{%         for setname in geoip_updated.ipv6_name %}
+    set {{ setname }} {
+        type ipv6_addr
+        flags interval
+    }
+{%         endfor %}
+{%     endif %}
 {% endif %}
 {% if state_policy is vyos_defined %}
     chain VYOS_STATE_POLICY6 {