diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index b2bc52ed3..e3c0ef986 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -223,11 +223,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool) req.Port = strings.ReplaceAll(req.Port, "-", ":") req.Protocol = proto if err := u.operatePort(client, req); err != nil { - global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) + return err } req.Port = strings.ReplaceAll(req.Port, ":", "-") if err := u.addPortRecord(req); err != nil { - global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err) + return err } } } @@ -242,13 +242,13 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool) } req.Address = addr if err := u.operatePort(client, req); err != nil { - global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) + return err } if len(req.Protocol) == 0 { req.Protocol = "tcp/udp" } if err := u.addPortRecord(req); err != nil { - global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err) + return err } } return nil @@ -261,9 +261,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool) req.Protocol = proto req.Address = addr if err := u.operatePort(client, req); err != nil { - global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) + return err + } + if err := u.addPortRecord(req); err != nil { + return err } - _ = u.addPortRecord(req) } } else { ports := strings.Split(itemPorts, ",") @@ -276,9 +278,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool) req.Port = port req.Protocol = proto if err := u.operatePort(client, req); err != nil { - global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) + return err + } + if err := u.addPortRecord(req); err != nil { + return err } - _ = u.addPortRecord(req) } } } @@ -308,10 +312,12 @@ func (u *FirewallService) OperateAddressRule(req dto.AddrRuleOperate, reload boo } fireInfo.Address = addressList[i] if err := client.RichRules(fireInfo, req.Operation); err != nil { - global.LOG.Errorf("%s address %s failed (strategy: %s), err: %v", req.Operation, addressList[i], req.Strategy, err) + return err } req.Address = addressList[i] - _ = u.addAddressRecord(req) + if err := u.addAddressRecord(req); err != nil { + return err + } } if reload { return client.Reload() @@ -545,26 +551,33 @@ func (u *FirewallService) addPortRecord(req dto.PortRuleOperate) error { return hostRepo.DeleteFirewallRecord("port", req.Port, req.Protocol, req.Address, req.Strategy) } - return hostRepo.SaveFirewallRecord(&model.Firewall{ + if err := hostRepo.SaveFirewallRecord(&model.Firewall{ Type: "port", Port: req.Port, Protocol: req.Protocol, Address: req.Address, Strategy: req.Strategy, Description: req.Description, - }) + }); err != nil { + return fmt.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err) + } + + return nil } func (u *FirewallService) addAddressRecord(req dto.AddrRuleOperate) error { if req.Operation == "remove" { return hostRepo.DeleteFirewallRecord("address", "", "", req.Address, req.Strategy) } - return hostRepo.SaveFirewallRecord(&model.Firewall{ + if err := hostRepo.SaveFirewallRecord(&model.Firewall{ Type: "address", Address: req.Address, Strategy: req.Strategy, Description: req.Description, - }) + }); err != nil { + return fmt.Errorf("add record failed (strategy: %s, address: %s), err: %v", req.Strategy, req.Address, err) + } + return nil } func listIpRules(strategy string) ([]string, error) { diff --git a/backend/utils/firewall/client/firewalld.go b/backend/utils/firewall/client/firewalld.go index 3f92fe2d7..3ceb23812 100644 --- a/backend/utils/firewall/client/firewalld.go +++ b/backend/utils/firewall/client/firewalld.go @@ -132,7 +132,7 @@ func (f *Firewall) Port(port FireInfo, operation string) error { stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-port=%s/%s --permanent", operation, port.Port, port.Protocol) if err != nil { - return fmt.Errorf("%s port failed, err: %s", operation, stdout) + return fmt.Errorf("%s (port: %s/%s strategy: %s) failed, err: %s", operation, port.Port, port.Protocol, port.Strategy, stdout) } return nil } @@ -154,12 +154,12 @@ func (f *Firewall) RichRules(rule FireInfo, operation string) error { ruleStr += rule.Strategy stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr) if err != nil { - return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) + return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, ruleStr, stdout) } if len(rule.Address) == 0 { stdout1, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 ")) if err != nil { - return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout1) + return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "), stdout1) } } return nil diff --git a/backend/utils/firewall/client/ufw.go b/backend/utils/firewall/client/ufw.go index 74d07b238..d2e42c5b2 100644 --- a/backend/utils/firewall/client/ufw.go +++ b/backend/utils/firewall/client/ufw.go @@ -146,7 +146,7 @@ func (f *Ufw) Port(port FireInfo, operation string) error { } stdout, err := cmd.Exec(command) if err != nil { - return fmt.Errorf("%s port failed, err: %s", operation, stdout) + return fmt.Errorf("%s (%s) failed, err: %s", operation, command, stdout) } return nil } @@ -183,7 +183,7 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error { stdout, err := cmd.Exec(ruleStr) if err != nil { - return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) + return fmt.Errorf("%s rich rules (%s), failed, err: %s", operation, ruleStr, stdout) } return nil }