github
/
1Panel
mirror of https://github.com/1Panel-dev/1Panel
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 解决 firewalld 防火墙规则 ipv6 下不生效的问题 (#2789)

pull/2790/head
ssongliu 2023-11-03 11:14:43 +08:00 committed by GitHub
parent b42a500c62
commit 46320634f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backend/utils/firewall/client/firewalld.go
View File

@ -141,37 +141,27 @@ func (f *Firewall) RichRules(rule FireInfo, operation string) error {
if cmd.CheckIllegal(operation, rule.Address, rule.Protocol, rule.Port, rule.Strategy) { if cmd.CheckIllegal(operation, rule.Address, rule.Protocol, rule.Port, rule.Strategy) {
return buserr.New(constant.ErrCmdIllegal) return buserr.New(constant.ErrCmdIllegal)
} }
ruleStr := "" ruleStr := "rule family=ipv4 "
if strings.Contains(rule.Address, "-") { if len(rule.Address) != 0 {
std, err := cmd.Execf("firewall-cmd --permanent --new-ipset=%s --type=hash:ip", rule.Address) ruleStr += fmt.Sprintf("source address=%s ", rule.Address)
if err != nil {
return fmt.Errorf("add new ipset failed, err: %s", std)
}
std2, err := cmd.Execf("firewall-cmd --permanent --ipset=%s --add-entry=%s", rule.Address, rule.Address)
if err != nil {
return fmt.Errorf("add entry to ipset failed, err: %s", std2)
}
if err := f.Reload(); err != nil {
return err
}
ruleStr = fmt.Sprintf("rule source ipset=%s %s", rule.Address, rule.Strategy)
} else {
ruleStr = "rule "
if len(rule.Address) != 0 {
ruleStr += fmt.Sprintf("source address=%s ", rule.Address)
}
if len(rule.Port) != 0 {
ruleStr += fmt.Sprintf("port port=%s ", rule.Port)
}
if len(rule.Protocol) != 0 {
ruleStr += fmt.Sprintf("protocol=%s ", rule.Protocol)
}
ruleStr += rule.Strategy
} }
if len(rule.Port) != 0 {
ruleStr += fmt.Sprintf("port port=%s ", rule.Port)
}
if len(rule.Protocol) != 0 {
ruleStr += fmt.Sprintf("protocol=%s ", rule.Protocol)
}
ruleStr += rule.Strategy
stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr) stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr)
if err != nil { if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout)
} }
if len(rule.Address) == 0 {
stdout1, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "))
if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout1)
}
}
return nil return nil
} }