gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-03-16 18:54:43 +08:00
Code

fix: 优化防火墙端口转发错误信息 (#6967)

Browse Source
This commit is contained in:
ssongliu 2024-11-06 16:31:19 +08:00 committed by GitHub
parent eb0164907c
commit 8d35c54672
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 42 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/app/service/firewall.go
View File

@ -10,6 +10,7 @@ import (
"github.com/1Panel-dev/1Panel/backend/app/dto" "github.com/1Panel-dev/1Panel/backend/app/dto"
"github.com/1Panel-dev/1Panel/backend/app/model" "github.com/1Panel-dev/1Panel/backend/app/model"
"github.com/1Panel-dev/1Panel/backend/buserr"
"github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/constant"
"github.com/1Panel-dev/1Panel/backend/global" "github.com/1Panel-dev/1Panel/backend/global"
"github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/cmd"
@ -86,6 +87,11 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{}
case "port": case "port":
rules, err = client.ListPort() rules, err = client.ListPort()
case "forward": case "forward":
isSupport, errSup := checkIsSupport()
if !isSupport {
return 0, nil, errSup
}
rules, err = client.ListForward() rules, err = client.ListForward()
case "address": case "address":
rules, err = client.ListAddress() rules, err = client.ListAddress()
@ -306,6 +312,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
} }
func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error { func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error {
isSupport, errSup := checkIsSupport()
if !isSupport {
return errSup
}
client, err := firewall.NewFirewallClient() client, err := firewall.NewFirewallClient()
if err != nil { if err != nil {
return err return err
@ -689,3 +700,14 @@ func checkPortUsed(ports, proto string, apps []portOfApp) string {
} }
return "" return ""
} }
func checkIsSupport() (bool, error) {
std, err := cmd.Exec("iptables --version")
if err != nil {
return false, fmt.Errorf("handle iptables --version failed, stdout: %s, err: %v", std, err)
}
if strings.Contains(std, "nf_tables") {
return false, buserr.New(constant.ErrNFTables)
}
return true, nil
}

4
backend/constant/errs.go
View File

@ -143,7 +143,9 @@ var (
) )
var ( var (
ErrFirewall = "ErrFirewall" ErrFirewallNone = "ErrFirewallNone"
ErrFirewallBoth = "ErrFirewallBoth"
ErrNFTables = "ErrNFTables"
) )
// cronjob // cronjob

4
backend/i18n/lang/en.yaml
View File

@ -165,7 +165,9 @@ ErrConfigAlreadyExist: "A configuration file with the same name already exists"
ErrUserFindErr: "Failed to find user {{ .name }} {{ .err }}" ErrUserFindErr: "Failed to find user {{ .name }} {{ .err }}"
#ssh #ssh
ErrFirewall: "No firewalld or ufw service is detected. Please check and try again!" ErrFirewallNone: "No firewalld or ufw service detected on the system. Please check and try again!"
ErrFirewallBoth: "Both firewalld and ufw services are detected on the system. To avoid conflicts, please uninstall one and try again!"
ErrNFTables: "Port forwarding functionality relies on the iptables service and is currently not compatible with nftables operations!"
#cronjob #cronjob
ErrBashExecute: "Script execution error, please check the specific information in the task output text area." ErrBashExecute: "Script execution error, please check the specific information in the task output text area."

4
backend/i18n/lang/zh-Hant.yaml
View File

@ -166,7 +166,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件"
ErrUserFindErr: "用戶 {{ .name }} 查找失敗 {{ .err }}" ErrUserFindErr: "用戶 {{ .name }} 查找失敗 {{ .err }}"
#ssh #ssh
ErrFirewall: "當前未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!" ErrFirewallNone: "未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!"
ErrFirewallBoth: "檢測到系統同時存在 firewalld 或 ufw 服務,為避免衝突,請卸載後重試!"
ErrNFTables: "端口轉發功能依賴於 iptables 服務,暫不兼容 nftables 操作!"
#cronjob #cronjob
ErrBashExecute: "腳本執行錯誤,請在任務輸出文本域中查看具體信息。" ErrBashExecute: "腳本執行錯誤,請在任務輸出文本域中查看具體信息。"

4
backend/i18n/lang/zh.yaml
View File

@ -168,7 +168,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件"
ErrUserFindErr: "用户 {{ .name }} 查找失败 {{ .err }}" ErrUserFindErr: "用户 {{ .name }} 查找失败 {{ .err }}"
#ssh #ssh
ErrFirewall: "当前未检测到系统 firewalld 或 ufw 服务,请检查后重试!" ErrFirewallNone: "未检测到系统 firewalld 或 ufw 服务,请检查后重试!"
ErrFirewallBoth: "检测到系统同时存在 firewalld 或 ufw 服务,为避免冲突,请卸载后重试!"
ErrNFTables: "端口转发功能依赖于 iptables 服务,暂不兼容 nftables 操作!"
#cronjob #cronjob
ErrBashExecute: "脚本执行错误,请在任务输出文本域中查看具体信息。" ErrBashExecute: "脚本执行错误,请在任务输出文本域中查看具体信息。"

17
backend/utils/firewall/client.go
View File

@ -1,10 +1,9 @@
package firewall package firewall
import ( import (
"os"
"github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/buserr"
"github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/constant"
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
"github.com/1Panel-dev/1Panel/backend/utils/firewall/client" "github.com/1Panel-dev/1Panel/backend/utils/firewall/client"
) )
@ -29,18 +28,18 @@ type FirewallClient interface {
} }
func NewFirewallClient() (FirewallClient, error) { func NewFirewallClient() (FirewallClient, error) {
_, firewalldErr := os.Stat("/usr/sbin/firewalld") firewalld := cmd.Which("firewalld")
_, ufwErr := os.Stat("/usr/sbin/ufw") ufw := cmd.Which("ufw")
if firewalldErr == nil && ufwErr == nil { if firewalld && ufw {
return nil, buserr.New("firewalld and ufw both found, only one firewall should be active") return nil, buserr.New(constant.ErrFirewallBoth)
} }
if firewalldErr == nil { if firewalld {
return client.NewFirewalld() return client.NewFirewalld()
} }
if ufwErr == nil { if ufw {
return client.NewUfw() return client.NewUfw()
} }
return nil, buserr.New(constant.ErrFirewall) return nil, buserr.New(constant.ErrFirewallNone)
} }