## REMOVED Requirements

### Requirement: ipset and iptables are installed on all servers
**Reason**: Server-side CN destination blocking is no longer needed; Surge client handles CN routing.
**Migration**: No replacement. CN destination routing remains at the Surge client level.

### Requirement: China IP CIDR list is downloaded
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: None required.

### Requirement: ipset is populated with China CIDR ranges
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: Existing `cn-block` ipset will no longer be updated. It can be manually destroyed.

### Requirement: iptables blocks outbound to China IPs
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: The OUTPUT chain DROP rule referencing `cn-block` can be manually removed.

### Requirement: CN IP list is refreshed daily via cron
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: The cron job `geoblock-refresh` will be removed by Ansible.

### Requirement: ipset is restored on boot
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: The geoblock systemd service will be removed by Ansible.

### Requirement: Geoblock role is applied to all servers
**Reason**: Server-side CN destination blocking is no longer needed.
**Migration**: The geoblock role is removed from `site.yml`.