From 3ba1362bdce09c4adadce831993cea2f5bd322fe Mon Sep 17 00:00:00 2001
From: ssongliu <songlius11@163.com>
Date: Tue, 16 Dec 2025 10:59:53 +0800
Subject: [PATCH] fix: Fix ufw IPv6 rule configuration issue

---
 agent/utils/firewall/client/ufw.go | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/agent/utils/firewall/client/ufw.go b/agent/utils/firewall/client/ufw.go
index 97da61e2f..e7244b785 100644
--- a/agent/utils/firewall/client/ufw.go
+++ b/agent/utils/firewall/client/ufw.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/1Panel-dev/1Panel/agent/buserr"
+	"github.com/1Panel-dev/1Panel/agent/global"
 	"github.com/1Panel-dev/1Panel/agent/utils/cmd"
 )
 
@@ -167,7 +168,8 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {
 		return buserr.New("ErrCmdIllegal")
 	}
 
-	ruleStr := fmt.Sprintf("%s insert 1 %s ", f.CmdStr, rule.Strategy)
+	insertNum := f.loadInsertNum(rule, operation)
+	ruleStr := fmt.Sprintf("%s insert %d %s ", f.CmdStr, insertNum, rule.Strategy)
 	if operation == "remove" {
 		ruleStr = fmt.Sprintf("%s delete %s ", f.CmdStr, rule.Strategy)
 	}
@@ -252,3 +254,26 @@ func (f *Ufw) loadInfo(line string, fireType string) FireInfo {
 
 	return itemInfo
 }
+
+func (f *Ufw) loadInsertNum(rule FireInfo, operation string) int {
+	if !strings.Contains(rule.Address, ":") || operation == "remove" {
+		return 1
+	}
+	rules, err := cmd.RunDefaultWithStdoutBashCf("%s status numbered", f.CmdStr)
+	if err != nil {
+		global.LOG.Errorf("load ufw rules failed, err: %v", err)
+		return 1
+	}
+	lines := strings.Split(rules, "\n")
+	i := 1
+	for _, item := range lines {
+		fields := strings.Fields(item)
+		if len(fields) < 4 {
+			continue
+		}
+		if !strings.Contains(item, "(v6)") {
+			i++
+		}
+	}
+	return i
+}