From ef16934952beef484feefea24fa06b8d0fea291a Mon Sep 17 00:00:00 2001 From: ssongliu <73214554+ssongliu@users.noreply.github.com> Date: Tue, 11 Apr 2023 16:58:33 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=98=B2=E7=81=AB=E5=A2=99=E7=A6=81=20p?= =?UTF-8?q?ing=20=E6=96=B9=E5=BC=8F=E4=BF=AE=E6=94=B9=20(#577)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/service/firewall.go | 58 ++++++++++++++++++++-- backend/utils/firewall/client.go | 3 -- backend/utils/firewall/client/firewalld.go | 21 -------- backend/utils/firewall/client/ufw.go | 47 ------------------ 4 files changed, 55 insertions(+), 74 deletions(-) diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index fe4797364..0c8336c1f 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -2,10 +2,12 @@ package service import ( "fmt" + "os" "strconv" "strings" "github.com/1Panel-dev/1Panel/backend/app/dto" + "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/common" "github.com/1Panel-dev/1Panel/backend/utils/firewall" @@ -13,6 +15,8 @@ import ( "github.com/jinzhu/copier" ) +const confPath = "/etc/sysctl.conf" + type FirewallService struct{} type IFirewallService interface { @@ -44,7 +48,7 @@ func (u *FirewallService) LoadBaseInfo() (dto.FirewallBaseInfo, error) { if err != nil { return baseInfo, err } - baseInfo.PingStatus, err = client.PingStatus() + baseInfo.PingStatus, err = u.PingStatus() if err != nil { return baseInfo, err } @@ -152,9 +156,9 @@ func (u *FirewallService) OperateFirewall(operation string) error { _, _ = cmd.Exec("systemctl restart docker") return nil case "disablePing": - return client.UpdatePingStatus("0") + return u.UpdatePingStatus("0") case "enablePing": - return client.UpdatePingStatus("1") + return u.UpdatePingStatus("1") } return fmt.Errorf("not support such operation: %s", operation) } @@ -361,3 +365,51 @@ func (u *FirewallService) loadPortByApp() []portOfApp { return datas } + +func (u *FirewallService) PingStatus() (string, error) { + stdout, err := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") + if err != nil { + return constant.StatusDisable, fmt.Errorf("load firewall ping status failed, err: %s", stdout) + } + if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { + return constant.StatusEnable, nil + } + return constant.StatusDisable, nil +} + +func (u *FirewallService) UpdatePingStatus(enabel string) error { + lineBytes, err := os.ReadFile(confPath) + if err != nil { + return err + } + files := strings.Split(string(lineBytes), "\n") + var newFiles []string + hasLine := false + for _, line := range files { + if strings.Contains(line, "net/ipv4/icmp_echo_ignore_all") || strings.HasPrefix(line, "net/ipv4/icmp_echo_ignore_all") { + newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enabel) + hasLine = true + } else { + newFiles = append(newFiles, line) + } + } + if !hasLine { + newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enabel) + } + file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, 0666) + if err != nil { + return err + } + defer file.Close() + _, err = file.WriteString(strings.Join(newFiles, "\n")) + if err != nil { + return err + } + + stdout, err := cmd.Exec("sudo sysctl -p") + if err != nil { + return fmt.Errorf("update ping status failed, err: %v", stdout) + } + + return nil +} diff --git a/backend/utils/firewall/client.go b/backend/utils/firewall/client.go index 4d9dae8b7..9080b657d 100644 --- a/backend/utils/firewall/client.go +++ b/backend/utils/firewall/client.go @@ -15,9 +15,6 @@ type FirewallClient interface { Status() (string, error) // running not running Version() (string, error) - PingStatus() (string, error) // Enable Disable - UpdatePingStatus(enable string) error - ListPort() ([]client.FireInfo, error) ListAddress() ([]client.FireInfo, error) diff --git a/backend/utils/firewall/client/firewalld.go b/backend/utils/firewall/client/firewalld.go index d36d3c9eb..72386f645 100644 --- a/backend/utils/firewall/client/firewalld.go +++ b/backend/utils/firewall/client/firewalld.go @@ -4,7 +4,6 @@ import ( "fmt" "strings" - "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/utils/cmd" ) @@ -42,26 +41,6 @@ func (f *Firewall) Start() error { return nil } -func (f *Firewall) PingStatus() (string, error) { - stdout, _ := cmd.Exec("firewall-cmd --zone=public --query-rich-rule='rule protocol value=icmp drop'") - if stdout == "yes\n" { - return constant.StatusEnable, nil - } - return constant.StatusDisable, nil -} - -func (f *Firewall) UpdatePingStatus(enabel string) error { - operation := "add" - if enabel == "0" { - operation = "remove" - } - stdout, err := cmd.Execf("firewall-cmd --permanent --%s-rich-rule='rule protocol value=icmp drop'", operation) - if err != nil { - return fmt.Errorf("update firewall ping status failed, err: %s", stdout) - } - return f.Reload() -} - func (f *Firewall) Stop() error { stdout, err := cmd.Exec("systemctl stop firewalld") if err != nil { diff --git a/backend/utils/firewall/client/ufw.go b/backend/utils/firewall/client/ufw.go index 96ffed5a5..a0c6f3a24 100644 --- a/backend/utils/firewall/client/ufw.go +++ b/backend/utils/firewall/client/ufw.go @@ -2,15 +2,11 @@ package client import ( "fmt" - "os" "strings" - "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/utils/cmd" ) -const confPath = "/etc/ufw/sysctl.conf" - type Ufw struct{} func NewUfw() (*Ufw, error) { @@ -49,49 +45,6 @@ func (f *Ufw) Start() error { return nil } -func (f *Ufw) PingStatus() (string, error) { - stdout, err := cmd.Exec("cat /etc/ufw/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") - if err != nil { - return constant.StatusDisable, fmt.Errorf("load firewall ping status failed, err: %s", stdout) - } - if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { - return constant.StatusEnable, nil - } - return constant.StatusDisable, nil -} - -func (f *Ufw) UpdatePingStatus(enabel string) error { - lineBytes, err := os.ReadFile(confPath) - if err != nil { - return err - } - files := strings.Split(string(lineBytes), "\n") - var newFiles []string - for _, line := range files { - if strings.Contains(line, "net/ipv4/icmp_echo_ignore_all") || strings.HasPrefix(line, "net/ipv4/icmp_echo_ignore_all") { - newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enabel) - } else { - newFiles = append(newFiles, line) - } - } - file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, 0666) - if err != nil { - return err - } - defer file.Close() - _, err = file.WriteString(strings.Join(newFiles, "\n")) - if err != nil { - return err - } - - stdout, err := cmd.Exec("sudo ufw reload") - if err != nil { - return fmt.Errorf("reload ufw setting failed, err: %v", stdout) - } - - return nil -} - func (f *Ufw) Stop() error { stdout, err := cmd.Exec("sudo ufw disable") if err != nil {