From 280e74e01bf22d32aa8e6d25f54c19d92af85c6e Mon Sep 17 00:00:00 2001
From: ssongliu <songlius11@163.com>
Date: Thu, 17 Aug 2023 10:21:14 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=20ufw=20=E9=98=B2?=
 =?UTF-8?q?=E7=81=AB=E5=A2=99=E5=88=9B=E5=BB=BA=E5=A4=9A=E7=AB=AF=E5=8F=A3?=
 =?UTF-8?q?=E6=97=B6=E6=97=A0=E6=B3=95=E5=88=A0=E9=99=A4=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/app/service/firewall.go | 68 +++++++++++++++------------------
 1 file changed, 30 insertions(+), 38 deletions(-)

diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go
index e010c34e2..06363464a 100644
--- a/backend/app/service/firewall.go
+++ b/backend/app/service/firewall.go
@@ -166,59 +166,51 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
 	if err != nil {
 		return err
 	}
+	protos := strings.Split(req.Protocol, "/")
 	if client.Name() == "ufw" {
-		req.Port = strings.ReplaceAll(req.Port, "-", ":")
-		if req.Operation == "remove" && req.Protocol == "tcp/udp" {
-			req.Protocol = ""
-			return u.operatePort(client, req)
+		if len(req.Address) == 0 {
+			req.Address = "Anywhere"
 		}
+		if strings.Contains(req.Port, ",") || strings.Contains(req.Port, "-") {
+			for _, proto := range protos {
+				req.Port = strings.ReplaceAll(req.Port, "-", ":")
+				req.Protocol = proto
+				if err := u.operatePort(client, req); err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+		if req.Protocol == "tcp/udp" {
+			req.Protocol = ""
+		}
+		if err := u.operatePort(client, req); err != nil {
+			return err
+		}
+		return nil
 	}
-	if req.Protocol == "tcp/udp" {
-		if client.Name() == "firewalld" && strings.Contains(req.Port, ",") {
+
+	for _, proto := range protos {
+		if strings.Contains(req.Port, "-") {
+			req.Protocol = proto
+			if err := u.operatePort(client, req); err != nil {
+				return err
+			}
+		} else {
 			ports := strings.Split(req.Port, ",")
 			for _, port := range ports {
 				if len(port) == 0 {
 					continue
 				}
 				req.Port = port
-				req.Protocol = "tcp"
+				req.Protocol = proto
 				if err := u.operatePort(client, req); err != nil {
 					return err
 				}
-				req.Protocol = "udp"
-				if err := u.operatePort(client, req); err != nil {
-					return err
-				}
-			}
-		} else {
-			req.Protocol = "tcp"
-			if err := u.operatePort(client, req); err != nil {
-				return err
-			}
-			req.Protocol = "udp"
-			if err := u.operatePort(client, req); err != nil {
-				return err
-			}
-		}
-	} else {
-		if strings.Contains(req.Port, ",") {
-			ports := strings.Split(req.Port, ",")
-			for _, port := range ports {
-				req.Port = port
-				if err := u.operatePort(client, req); err != nil {
-					return err
-				}
-			}
-		} else {
-			if err := u.operatePort(client, req); err != nil {
-				return err
 			}
 		}
 	}
-	if reload {
-		return client.Reload()
-	}
-	return nil
+	return client.Reload()
 }
 
 func (u *FirewallService) OperateAddressRule(req dto.AddrRuleOperate, reload bool) error {