fix: Fix the issue of abnormal iptables persistence loading (#11066)

2025-12-17 12:58:51 +08:00 · 2025-11-25 14:21:24 +08:00 · 2025-11-25 14:21:24 +08:00 · c3cc26a136
commit c3cc26a136
parent dda83b6307
4 changed files with 11 additions and 8 deletions
--- a/agent/init/firewall/firewall.go
+++ b/agent/init/firewall/firewall.go
@ -7,6 +7,7 @@ import (
 	"github.com/1Panel-dev/1Panel/agent/app/service"
 	"github.com/1Panel-dev/1Panel/agent/global"
 	"github.com/1Panel-dev/1Panel/agent/utils/firewall"
+	firewallClient "github.com/1Panel-dev/1Panel/agent/utils/firewall/client"
 	"github.com/1Panel-dev/1Panel/agent/utils/firewall/client/iptables"
 )

@ -29,6 +30,10 @@ func Init() {
 			global.LOG.Errorf("load postrouting rules from file failed, err: %v", err)
 			return
 		}
+		if err := firewallClient.EnableIptablesForward(); err != nil {
+			global.LOG.Errorf("enable iptables forward failed, err: %v", err)
+			return
+		}
 		global.LOG.Infof("loaded iptables rules for forward from file successfully")
 	}
 	if clientName == "ufw" {
--- a/agent/utils/firewall/client/iptables/common.go
+++ b/agent/utils/firewall/client/iptables/common.go
@ -45,7 +45,7 @@ const (

 func RunWithStd(tab, rule string) (string, error) {
 	cmdMgr := cmd.NewCommandMgr(cmd.WithIgnoreExist1(), cmd.WithTimeout(20*time.Second))
-	stdout, err := cmdMgr.RunWithStdoutBashCf("%s iptables -t %s %s", cmd.SudoHandleCmd(), tab, rule)
+	stdout, err := cmdMgr.RunWithStdoutBashCf("%s iptables -w -t %s %s", cmd.SudoHandleCmd(), tab, rule)
 	if err != nil {
 		global.LOG.Errorf("iptables command failed [table=%s, rule=%s]: %v", tab, rule, err)
 		return stdout, err
--- a/agent/utils/firewall/client/iptables/persistence.go
+++ b/agent/utils/firewall/client/iptables/persistence.go
@ -60,15 +60,14 @@ func SaveRulesToFile(tab, chain, fileName string) error {
 }

 func LoadRulesFromFile(tab, chain, fileName string) error {
-	rulesFile := path.Join(global.Dir.FirewallDir, fileName)
-	if _, err := os.Stat(rulesFile); os.IsNotExist(err) {
-		return nil
-	}
-
 	if err := AddChain(tab, chain); err != nil {
 		global.LOG.Errorf("create chain %s failed: %v", chain, err)
 		return err
 	}
+	rulesFile := path.Join(global.Dir.FirewallDir, fileName)
+	if _, err := os.Stat(rulesFile); os.IsNotExist(err) {
+		return nil
+	}
 	data, err := os.ReadFile(rulesFile)
 	if err != nil {
 		global.LOG.Errorf("read rules from file %s failed, err: %v", rulesFile, err)
--- a/frontend/src/views/host/firewall/advance/index.vue
+++ b/frontend/src/views/host/firewall/advance/index.vue
@ -17,7 +17,7 @@
                    <template #main>
                        <div class="app-warn">
                            <div class="flex flex-col gap-2 items-center justify-center w-full sm:flex-row">
-                                <span>{{ $t('firewall.advancedControlNotAvailable', [firewallName]) }}</span>
+                                <span>{{ $t('firewall.advancedControlNotAvailable', [fireName]) }}</span>
                            </div>
                            <div>
                                <img src="@/assets/images/no_app.svg" />
@ -160,7 +160,6 @@ const loading = ref();
 const selects = ref<any>([]);
 const selectedChain = ref('1PANEL_INPUT');
 const defaultStrategy = ref('ACCEPT');
-const firewallName = ref('');

 const maskShow = ref(true);
 const isActive = ref(false);