Merge pull request #802 from Diekos/geoip-inverse-match

Firewall: T4299: Add inverse-match to geoip

docs/configuration/firewall/index.rst

@@ -325,15 +325,25 @@ There are a lot of matching criteria against which the package can be tested.
 
 .. cfgcmd:: set firewall name <name> rule <1-999999> source geoip country-code
    <country>
+.. cfgcmd:: set firewall name <name> rule <1-999999> source geoip inverse-match
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source geoip
    country-code <country>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source geoip
+   inverse-match
 .. cfgcmd:: set firewall name <name> rule <1-999999> destination geoip
    country-code <country>
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination geoip
+   inverse-match
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination geoip
    country-code <country>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination geoip
+   inverse-match
 
-Match IP addresses based on its geolocation. More info: `geoip matching
+Match IP addresses based on its geolocation.
-<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_
+More info: `geoip matching
+<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_.
+
+Use inverse-match to match anything except the given country-codes.
 
 Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required,
 permits redistribution so we can include a database in images(~3MB