1Panel-dev/1Panel
1
1
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-10-10 15:36:45 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: Enable the ping ban function to be compatible with some IPv6 mac… (#8285)

Browse source
This commit is contained in:
ssongliu 2025-04-01 17:23:52 +08:00 committed by GitHub
parent 4fd50cc3ad
commit 578fa45bb3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
agent/app/service/firewall.go
View file

@ -566,10 +566,8 @@ func (u *FirewallService) pingStatus() string {
if _, err := os.Stat("/etc/sysctl.conf"); err != nil { if _, err := os.Stat("/etc/sysctl.conf"); err != nil {
return constant.StatusNone return constant.StatusNone
} }
sudo := cmd.SudoHandleCmd() stdout, _ := cmd.Execf("%s sysctl -a 2>/dev/null | grep 'net.ipv4.icmp.echo_ignore_all'", cmd.SudoHandleCmd())
command := fmt.Sprintf("%s cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ", sudo) if stdout == "net.ipv4.icmp_echo_ignore_all = 1\n" {
stdout, _ := cmd.Exec(command)
if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" {
return constant.StatusEnable return constant.StatusEnable
} }
return constant.StatusDisable return constant.StatusDisable
@ -582,17 +580,30 @@ func (u *FirewallService) updatePingStatus(enable string) error {
} }
files := strings.Split(string(lineBytes), "\n") files := strings.Split(string(lineBytes), "\n")
var newFiles []string var newFiles []string
hasLine := false var hasIpv6 bool
ipv6Status, _ := cmd.Exec("sysctl -a 2>/dev/null | grep 'net.ipv6.icmp.echo_ignore_all'")
if len(strings.ReplaceAll(ipv6Status, "\n", "")) != 0 {
hasIpv6 = true
}
hasIPv4Line, hasIPv6Line := false, false
for _, line := range files { for _, line := range files {
if strings.Contains(line, "net/ipv4/icmp_echo_ignore_all") || strings.HasPrefix(line, "net/ipv4/icmp_echo_ignore_all") { if strings.Contains(line, "net/ipv4/icmp_echo_ignore_all") || strings.Contains(line, "net.ipv4.icmp_echo_ignore_all") {
newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enable) newFiles = append(newFiles, "net.ipv4.icmp_echo_ignore_all="+enable)
hasLine = true hasIPv4Line = true
} else { continue
}
if hasIpv6 && strings.Contains(line, "net/ipv6/icmp/echo_ignore_all") || strings.Contains(line, "net.ipv6.icmp.echo_ignore_all") {
newFiles = append(newFiles, "net.ipv6.icmp.echo_ignore_all="+enable)
hasIPv6Line = true
continue
}
newFiles = append(newFiles, line) newFiles = append(newFiles, line)
} }
if !hasIPv4Line {
newFiles = append(newFiles, "net.ipv4.icmp_echo_ignore_all="+enable)
} }
if !hasLine { if !hasIPv6Line {
newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enable) newFiles = append(newFiles, "net.ipv6.icmp.echo_ignore_all="+enable)
} }
file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm) file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
if err != nil { if err != nil {