fix: Modify the binding position of the 1PANEL_OUTPUT chain (#10945)

2025-12-17 21:08:25 +08:00 · 2025-11-13 15:43:10 +08:00 · 2025-11-13 15:43:10 +08:00 · 8c9ae38017
commit 8c9ae38017
parent 3920076bd9
1 changed files with 7 additions and 4 deletions
--- a/agent/app/service/iptables.go
+++ b/agent/app/service/iptables.go
@ -178,10 +178,10 @@ func (s *IptablesService) Operate(req dto.IptablesOp) error {
 		if err := iptables.AddChain(iptables.FilterTab, iptables.Chain1PanelOutput); err != nil {
 			return err
 		}
-		number := loadBindNumber()
+		if err := iptables.BindChain(iptables.FilterTab, iptables.ChainOutput, iptables.Chain1PanelOutput, 1); err != nil {
 		if err := iptables.BindChain(iptables.FilterTab, iptables.ChainOutput, iptables.Chain1PanelOutput, number); err != nil {
 			return err
 		}
 		number := loadBindNumber(iptables.Chain1PanelInput)
 		if err := iptables.BindChain(iptables.FilterTab, iptables.ChainInput, iptables.Chain1PanelInput, number); err != nil {
 			return err
 		}
@ -212,7 +212,7 @@ func (s *IptablesService) Operate(req dto.IptablesOp) error {
 		}
 		return nil
 	case "bind":
-		if err := iptables.BindChain(iptables.FilterTab, targetChain, req.Name, loadBindNumber()); err != nil {
+		if err := iptables.BindChain(iptables.FilterTab, targetChain, req.Name, loadBindNumber(req.Name)); err != nil {
 			return err
 		}
 		return nil
@ -289,7 +289,10 @@ func (s *IptablesService) validateIPOrCIDR(ipStr string) error {
 	return nil
 }
-func loadBindNumber() int {
+func loadBindNumber(chain string) int {
 	if chain == iptables.Chain1PanelOutput {
 		return 1
 	}
 	number := 1
 	if exist, _ := iptables.CheckChainExist(iptables.FilterTab, iptables.Chain1PanelBasicBefore); exist {
 		number++