fix(iptables): 复杂环境下转发删除端口错误 (#7868)

2025-03-01 03:24:14 +08:00 · 2025-02-13 22:56:09 +08:00 · 2025-02-13 22:56:09 +08:00 · 0741f60896
commit 0741f60896
parent af8eef4a91
1 changed files with 3 additions and 3 deletions
--- a/backend/utils/firewall/client/iptables.go
+++ b/backend/utils/firewall/client/iptables.go
@ -133,10 +133,10 @@ func (iptables *Iptables) NatAdd(protocol, srcPort, dest, destPort string, save

 		// 非本机转发, 按公网流程走
 		if err := iptables.runf(NatTab, fmt.Sprintf(
-			"-A %s -p %s -d %s --dport %s -j MASQUERADE",
+			"-A %s -d %s -p %s --dport %s -j MASQUERADE",
 			PostRoutingChain,
-			protocol,
 			dest,
+			protocol,
 			destPort,
 		)); err != nil {
 			return err
@ -192,7 +192,7 @@ func (iptables *Iptables) NatRemove(num string, protocol, srcPort, dest, destPor
 	// 删除公网转发规则
 	if dest != "" && dest != "127.0.0.1" && dest != "localhost" {
 		if err := iptables.runf(NatTab, fmt.Sprintf(
-			"-D %s -p %s -d %s --dport %s -j MASQUERADE",
+			"-D %s -d %s -p %s --dport %s -j MASQUERADE",
 			PostRoutingChain,
 			dest,
 			protocol,