From 0741f60896903dee953db4d755ce8a9429fcb02f Mon Sep 17 00:00:00 2001
From: endymx <345793738@qq.com>
Date: Thu, 13 Feb 2025 22:56:09 +0800
Subject: [PATCH] =?UTF-8?q?fix(iptables):=20=E5=A4=8D=E6=9D=82=E7=8E=AF?=
 =?UTF-8?q?=E5=A2=83=E4=B8=8B=E8=BD=AC=E5=8F=91=E5=88=A0=E9=99=A4=E7=AB=AF?=
 =?UTF-8?q?=E5=8F=A3=E9=94=99=E8=AF=AF=20(#7868)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/utils/firewall/client/iptables.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/utils/firewall/client/iptables.go b/backend/utils/firewall/client/iptables.go
index e691b0036..affff8b81 100644
--- a/backend/utils/firewall/client/iptables.go
+++ b/backend/utils/firewall/client/iptables.go
@@ -133,10 +133,10 @@ func (iptables *Iptables) NatAdd(protocol, srcPort, dest, destPort string, save
 
 		// 非本机转发, 按公网流程走
 		if err := iptables.runf(NatTab, fmt.Sprintf(
-			"-A %s -p %s -d %s --dport %s -j MASQUERADE",
+			"-A %s -d %s -p %s --dport %s -j MASQUERADE",
 			PostRoutingChain,
-			protocol,
 			dest,
+			protocol,
 			destPort,
 		)); err != nil {
 			return err
@@ -192,7 +192,7 @@ func (iptables *Iptables) NatRemove(num string, protocol, srcPort, dest, destPor
 	// 删除公网转发规则
 	if dest != "" && dest != "127.0.0.1" && dest != "localhost" {
 		if err := iptables.runf(NatTab, fmt.Sprintf(
-			"-D %s -p %s -d %s --dport %s -j MASQUERADE",
+			"-D %s -d %s -p %s --dport %s -j MASQUERADE",
 			PostRoutingChain,
 			dest,
 			protocol,