From e7608673d7bfb94b8fa5628c6ac3bca679d22a77 Mon Sep 17 00:00:00 2001 From: ssongliu <73214554+ssongliu@users.noreply.github.com> Date: Fri, 14 Apr 2023 15:10:46 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=89=93=E5=BC=80=E9=98=B2=E7=81=AB?= =?UTF-8?q?=E5=A2=99=E6=97=B6=EF=BC=8C=E8=87=AA=E5=8A=A8=E6=94=BE=E5=BC=80?= =?UTF-8?q?=E5=BA=94=E7=94=A8=E4=BB=A5=E5=8F=8A=2080=20443=2022=20?= =?UTF-8?q?=E7=AB=AF=E5=8F=A3=20(#637)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/service/firewall.go | 45 +++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index 9586635e5..6a8a2cbbf 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -48,7 +48,7 @@ func (u *FirewallService) LoadBaseInfo() (dto.FirewallBaseInfo, error) { if err != nil { return baseInfo, err } - baseInfo.PingStatus, err = u.PingStatus() + baseInfo.PingStatus, err = u.pingStatus() if err != nil { return baseInfo, err } @@ -142,14 +142,10 @@ func (u *FirewallService) OperateFirewall(operation string) error { if err := client.Start(); err != nil { return err } - serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort")) - if err != nil { + if err := u.addPortsBeforeStart(client); err != nil { + _ = client.Stop() return err } - if err := client.Port(fireClient.FireInfo{Port: serverPort.Value, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { - return err - } - _ = client.Reload() _, _ = cmd.Exec("systemctl restart docker") return nil case "stop": @@ -159,9 +155,9 @@ func (u *FirewallService) OperateFirewall(operation string) error { _, _ = cmd.Exec("systemctl restart docker") return nil case "disablePing": - return u.UpdatePingStatus("0") + return u.updatePingStatus("0") case "enablePing": - return u.UpdatePingStatus("1") + return u.updatePingStatus("1") } return fmt.Errorf("not support such operation: %s", operation) } @@ -369,7 +365,7 @@ func (u *FirewallService) loadPortByApp() []portOfApp { return datas } -func (u *FirewallService) PingStatus() (string, error) { +func (u *FirewallService) pingStatus() (string, error) { stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { return constant.StatusEnable, nil @@ -377,7 +373,7 @@ func (u *FirewallService) PingStatus() (string, error) { return constant.StatusDisable, nil } -func (u *FirewallService) UpdatePingStatus(enabel string) error { +func (u *FirewallService) updatePingStatus(enabel string) error { lineBytes, err := os.ReadFile(confPath) if err != nil { return err @@ -413,3 +409,30 @@ func (u *FirewallService) UpdatePingStatus(enabel string) error { return nil } + +func (u *FirewallService) addPortsBeforeStart(client firewall.FirewallClient) error { + serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort")) + if err != nil { + return err + } + if err := client.Port(fireClient.FireInfo{Port: serverPort.Value, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { + return err + } + if err := client.Port(fireClient.FireInfo{Port: "22", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { + return err + } + if err := client.Port(fireClient.FireInfo{Port: "80", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { + return err + } + if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { + return err + } + apps := u.loadPortByApp() + for _, app := range apps { + if err := client.Port(fireClient.FireInfo{Port: app.HttpPort, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { + return err + } + } + + return client.Reload() +}