I just want to discuss if it’s necessary to have the Location Block filter right in front of the firewall input fixed. I think this limits its usage a little bit.
E.g. if an IPFire instance is installed right in front of a server and the server is handling mail, it’s important, that the server can get connections from all over the world. So Location Block must be turned off.
If another service on this server needs the location block, locations groups need to be created to get a similar function within a firewall rule.
If the Location Block is enabled and allows only incoming connections from, say Germany, even if a forwarding rule has an “any” source, it’s still limited to Germany in the moment.
IMHO it would be more flexible if the Location Block page/module configures a filter part of the firewall and sits not strictly in front of it.
The Location Block filter might be selected as part of the source/dest Location option of a firewall rule, where I can select single countries or location groups.