From dc47eb5ae4d4a2fa906a74715f8bd8f24d04eff4 Mon Sep 17 00:00:00 2001
From: HynoR <20227709+HynoR@users.noreply.github.com>
Date: Mon, 22 Dec 2025 15:55:47 +0800
Subject: [PATCH] feat: Add UDP port 443 acceptance rule to firewall and
 iptables configuration

---
 agent/app/service/firewall.go | 3 +++
 agent/app/service/iptables.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/agent/app/service/firewall.go b/agent/app/service/firewall.go
index bb36d6d10..b8dcf96d8 100644
--- a/agent/app/service/firewall.go
+++ b/agent/app/service/firewall.go
@@ -711,6 +711,9 @@ func (u *FirewallService) addPortsBeforeStart(client firewall.FirewallClient) er
 	if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
 		return err
 	}
+	if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "udp", Strategy: "accept"}, "add"); err != nil {
+		return err
+	}
 
 	return client.Reload()
 }
diff --git a/agent/app/service/iptables.go b/agent/app/service/iptables.go
index 49f921451..2f50118cd 100644
--- a/agent/app/service/iptables.go
+++ b/agent/app/service/iptables.go
@@ -363,6 +363,9 @@ func initPreRules() error {
 			return err
 		}
 	}
+	if err := iptables.AddRule(iptables.FilterTab, iptables.Chain1PanelBasicAfter, fmt.Sprintf("-p udp -m udp --dport 443 -j ACCEPT")); err != nil {
+		return err
+	}
 	if err := iptables.AddRule(iptables.FilterTab, iptables.Chain1PanelBasicAfter, iptables.DropAllTcp); err != nil {
 		return err
 	}