1Panel-dev/1Panel
1
1
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-12-09 20:05:54 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: 优化防火墙错误返回 (#2791)

Browse source
This commit is contained in:
ssongliu 2023-11-03 14:38:13 +08:00 committed by GitHub
parent 6a989482a9
commit 0d9fc1ccee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
backend/app/service/firewall.go
View file

@ -223,11 +223,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
req.Port = strings.ReplaceAll(req.Port, "-", ":") req.Port = strings.ReplaceAll(req.Port, "-", ":")
req.Protocol = proto req.Protocol = proto
if err := u.operatePort(client, req); err != nil { if err := u.operatePort(client, req); err != nil {
global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) return err
} }
req.Port = strings.ReplaceAll(req.Port, ":", "-") req.Port = strings.ReplaceAll(req.Port, ":", "-")
if err := u.addPortRecord(req); err != nil { if err := u.addPortRecord(req); err != nil {
global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err) return err
} }
} }
} }
@ -242,13 +242,13 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
} }
req.Address = addr req.Address = addr
if err := u.operatePort(client, req); err != nil { if err := u.operatePort(client, req); err != nil {
global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) return err
} }
if len(req.Protocol) == 0 { if len(req.Protocol) == 0 {
req.Protocol = "tcp/udp" req.Protocol = "tcp/udp"
} }
if err := u.addPortRecord(req); err != nil { if err := u.addPortRecord(req); err != nil {
global.LOG.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err) return err
} }
} }
return nil return nil
@ -261,9 +261,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
req.Protocol = proto req.Protocol = proto
req.Address = addr req.Address = addr
if err := u.operatePort(client, req); err != nil { if err := u.operatePort(client, req); err != nil {
global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) return err
}
if err := u.addPortRecord(req); err != nil {
return err
} }
_ = u.addPortRecord(req)
} }
} else { } else {
ports := strings.Split(itemPorts, ",") ports := strings.Split(itemPorts, ",")
@ -276,9 +278,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
req.Port = port req.Port = port
req.Protocol = proto req.Protocol = proto
if err := u.operatePort(client, req); err != nil { if err := u.operatePort(client, req); err != nil {
global.LOG.Errorf("%s port %s/%s failed (strategy: %s, address: %s), err: %v", req.Operation, req.Port, req.Protocol, req.Strategy, req.Address, err) return err
}
if err := u.addPortRecord(req); err != nil {
return err
} }
_ = u.addPortRecord(req)
} }
} }
} }
@ -308,10 +312,12 @@ func (u *FirewallService) OperateAddressRule(req dto.AddrRuleOperate, reload boo
} }
fireInfo.Address = addressList[i] fireInfo.Address = addressList[i]
if err := client.RichRules(fireInfo, req.Operation); err != nil { if err := client.RichRules(fireInfo, req.Operation); err != nil {
global.LOG.Errorf("%s address %s failed (strategy: %s), err: %v", req.Operation, addressList[i], req.Strategy, err) return err
} }
req.Address = addressList[i] req.Address = addressList[i]
_ = u.addAddressRecord(req) if err := u.addAddressRecord(req); err != nil {
return err
}
} }
if reload { if reload {
return client.Reload() return client.Reload()
@ -545,26 +551,33 @@ func (u *FirewallService) addPortRecord(req dto.PortRuleOperate) error {
return hostRepo.DeleteFirewallRecord("port", req.Port, req.Protocol, req.Address, req.Strategy) return hostRepo.DeleteFirewallRecord("port", req.Port, req.Protocol, req.Address, req.Strategy)
} }
return hostRepo.SaveFirewallRecord(&model.Firewall{ if err := hostRepo.SaveFirewallRecord(&model.Firewall{
Type: "port", Type: "port",
Port: req.Port, Port: req.Port,
Protocol: req.Protocol, Protocol: req.Protocol,
Address: req.Address, Address: req.Address,
Strategy: req.Strategy, Strategy: req.Strategy,
Description: req.Description, Description: req.Description,
}) }); err != nil {
return fmt.Errorf("add record %s/%s failed (strategy: %s, address: %s), err: %v", req.Port, req.Protocol, req.Strategy, req.Address, err)
}
return nil
} }
func (u *FirewallService) addAddressRecord(req dto.AddrRuleOperate) error { func (u *FirewallService) addAddressRecord(req dto.AddrRuleOperate) error {
if req.Operation == "remove" { if req.Operation == "remove" {
return hostRepo.DeleteFirewallRecord("address", "", "", req.Address, req.Strategy) return hostRepo.DeleteFirewallRecord("address", "", "", req.Address, req.Strategy)
} }
return hostRepo.SaveFirewallRecord(&model.Firewall{ if err := hostRepo.SaveFirewallRecord(&model.Firewall{
Type: "address", Type: "address",
Address: req.Address, Address: req.Address,
Strategy: req.Strategy, Strategy: req.Strategy,
Description: req.Description, Description: req.Description,
}) }); err != nil {
return fmt.Errorf("add record failed (strategy: %s, address: %s), err: %v", req.Strategy, req.Address, err)
}
return nil
} }
func listIpRules(strategy string) ([]string, error) { func listIpRules(strategy string) ([]string, error) {

6
backend/utils/firewall/client/firewalld.go
View file

@ -132,7 +132,7 @@ func (f *Firewall) Port(port FireInfo, operation string) error {
stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-port=%s/%s --permanent", operation, port.Port, port.Protocol) stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-port=%s/%s --permanent", operation, port.Port, port.Protocol)
if err != nil { if err != nil {
return fmt.Errorf("%s port failed, err: %s", operation, stdout) return fmt.Errorf("%s (port: %s/%s strategy: %s) failed, err: %s", operation, port.Port, port.Protocol, port.Strategy, stdout)
} }
return nil return nil
} }
@ -154,12 +154,12 @@ func (f *Firewall) RichRules(rule FireInfo, operation string) error {
ruleStr += rule.Strategy ruleStr += rule.Strategy
stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr) stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleStr)
if err != nil { if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, ruleStr, stdout)
} }
if len(rule.Address) == 0 { if len(rule.Address) == 0 {
stdout1, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 ")) stdout1, err := cmd.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "))
if err != nil { if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout1) return fmt.Errorf("%s rich rules (%s) failed, err: %s", operation, strings.ReplaceAll(ruleStr, "family=ipv4 ", "family=ipv6 "), stdout1)
} }
} }
return nil return nil

4
backend/utils/firewall/client/ufw.go
View file

@ -146,7 +146,7 @@ func (f *Ufw) Port(port FireInfo, operation string) error {
} }
stdout, err := cmd.Exec(command) stdout, err := cmd.Exec(command)
if err != nil { if err != nil {
return fmt.Errorf("%s port failed, err: %s", operation, stdout) return fmt.Errorf("%s (%s) failed, err: %s", operation, command, stdout)
} }
return nil return nil
} }
@ -183,7 +183,7 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {
stdout, err := cmd.Exec(ruleStr) stdout, err := cmd.Exec(ruleStr)
if err != nil { if err != nil {
return fmt.Errorf("%s rich rules failed, err: %s", operation, stdout) return fmt.Errorf("%s rich rules (%s), failed, err: %s", operation, ruleStr, stdout)
} }
return nil return nil
} }