mirror of
https://github.com/1Panel-dev/1Panel.git
synced 2025-03-17 03:04:46 +08:00
fix: 优化防火墙端口转发错误信息 (#6967)
This commit is contained in:
parent
eb0164907c
commit
8d35c54672
@ -10,6 +10,7 @@ import (
|
|||||||
|
|
||||||
"github.com/1Panel-dev/1Panel/backend/app/dto"
|
"github.com/1Panel-dev/1Panel/backend/app/dto"
|
||||||
"github.com/1Panel-dev/1Panel/backend/app/model"
|
"github.com/1Panel-dev/1Panel/backend/app/model"
|
||||||
|
"github.com/1Panel-dev/1Panel/backend/buserr"
|
||||||
"github.com/1Panel-dev/1Panel/backend/constant"
|
"github.com/1Panel-dev/1Panel/backend/constant"
|
||||||
"github.com/1Panel-dev/1Panel/backend/global"
|
"github.com/1Panel-dev/1Panel/backend/global"
|
||||||
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
|
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
|
||||||
@ -86,6 +87,11 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{}
|
|||||||
case "port":
|
case "port":
|
||||||
rules, err = client.ListPort()
|
rules, err = client.ListPort()
|
||||||
case "forward":
|
case "forward":
|
||||||
|
isSupport, errSup := checkIsSupport()
|
||||||
|
if !isSupport {
|
||||||
|
return 0, nil, errSup
|
||||||
|
}
|
||||||
|
|
||||||
rules, err = client.ListForward()
|
rules, err = client.ListForward()
|
||||||
case "address":
|
case "address":
|
||||||
rules, err = client.ListAddress()
|
rules, err = client.ListAddress()
|
||||||
@ -306,6 +312,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error {
|
func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error {
|
||||||
|
isSupport, errSup := checkIsSupport()
|
||||||
|
if !isSupport {
|
||||||
|
return errSup
|
||||||
|
}
|
||||||
|
|
||||||
client, err := firewall.NewFirewallClient()
|
client, err := firewall.NewFirewallClient()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@ -689,3 +700,14 @@ func checkPortUsed(ports, proto string, apps []portOfApp) string {
|
|||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func checkIsSupport() (bool, error) {
|
||||||
|
std, err := cmd.Exec("iptables --version")
|
||||||
|
if err != nil {
|
||||||
|
return false, fmt.Errorf("handle iptables --version failed, stdout: %s, err: %v", std, err)
|
||||||
|
}
|
||||||
|
if strings.Contains(std, "nf_tables") {
|
||||||
|
return false, buserr.New(constant.ErrNFTables)
|
||||||
|
}
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
@ -143,7 +143,9 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ErrFirewall = "ErrFirewall"
|
ErrFirewallNone = "ErrFirewallNone"
|
||||||
|
ErrFirewallBoth = "ErrFirewallBoth"
|
||||||
|
ErrNFTables = "ErrNFTables"
|
||||||
)
|
)
|
||||||
|
|
||||||
// cronjob
|
// cronjob
|
||||||
|
@ -165,7 +165,9 @@ ErrConfigAlreadyExist: "A configuration file with the same name already exists"
|
|||||||
ErrUserFindErr: "Failed to find user {{ .name }} {{ .err }}"
|
ErrUserFindErr: "Failed to find user {{ .name }} {{ .err }}"
|
||||||
|
|
||||||
#ssh
|
#ssh
|
||||||
ErrFirewall: "No firewalld or ufw service is detected. Please check and try again!"
|
ErrFirewallNone: "No firewalld or ufw service detected on the system. Please check and try again!"
|
||||||
|
ErrFirewallBoth: "Both firewalld and ufw services are detected on the system. To avoid conflicts, please uninstall one and try again!"
|
||||||
|
ErrNFTables: "Port forwarding functionality relies on the iptables service and is currently not compatible with nftables operations!"
|
||||||
|
|
||||||
#cronjob
|
#cronjob
|
||||||
ErrBashExecute: "Script execution error, please check the specific information in the task output text area."
|
ErrBashExecute: "Script execution error, please check the specific information in the task output text area."
|
||||||
|
@ -166,7 +166,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件"
|
|||||||
ErrUserFindErr: "用戶 {{ .name }} 查找失敗 {{ .err }}"
|
ErrUserFindErr: "用戶 {{ .name }} 查找失敗 {{ .err }}"
|
||||||
|
|
||||||
#ssh
|
#ssh
|
||||||
ErrFirewall: "當前未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!"
|
ErrFirewallNone: "未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!"
|
||||||
|
ErrFirewallBoth: "檢測到系統同時存在 firewalld 或 ufw 服務,為避免衝突,請卸載後重試!"
|
||||||
|
ErrNFTables: "端口轉發功能依賴於 iptables 服務,暫不兼容 nftables 操作!"
|
||||||
|
|
||||||
#cronjob
|
#cronjob
|
||||||
ErrBashExecute: "腳本執行錯誤,請在任務輸出文本域中查看具體信息。"
|
ErrBashExecute: "腳本執行錯誤,請在任務輸出文本域中查看具體信息。"
|
||||||
|
@ -168,7 +168,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件"
|
|||||||
ErrUserFindErr: "用户 {{ .name }} 查找失败 {{ .err }}"
|
ErrUserFindErr: "用户 {{ .name }} 查找失败 {{ .err }}"
|
||||||
|
|
||||||
#ssh
|
#ssh
|
||||||
ErrFirewall: "当前未检测到系统 firewalld 或 ufw 服务,请检查后重试!"
|
ErrFirewallNone: "未检测到系统 firewalld 或 ufw 服务,请检查后重试!"
|
||||||
|
ErrFirewallBoth: "检测到系统同时存在 firewalld 或 ufw 服务,为避免冲突,请卸载后重试!"
|
||||||
|
ErrNFTables: "端口转发功能依赖于 iptables 服务,暂不兼容 nftables 操作!"
|
||||||
|
|
||||||
#cronjob
|
#cronjob
|
||||||
ErrBashExecute: "脚本执行错误,请在任务输出文本域中查看具体信息。"
|
ErrBashExecute: "脚本执行错误,请在任务输出文本域中查看具体信息。"
|
||||||
|
@ -1,10 +1,9 @@
|
|||||||
package firewall
|
package firewall
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
|
||||||
|
|
||||||
"github.com/1Panel-dev/1Panel/backend/buserr"
|
"github.com/1Panel-dev/1Panel/backend/buserr"
|
||||||
"github.com/1Panel-dev/1Panel/backend/constant"
|
"github.com/1Panel-dev/1Panel/backend/constant"
|
||||||
|
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
|
||||||
"github.com/1Panel-dev/1Panel/backend/utils/firewall/client"
|
"github.com/1Panel-dev/1Panel/backend/utils/firewall/client"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -29,18 +28,18 @@ type FirewallClient interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func NewFirewallClient() (FirewallClient, error) {
|
func NewFirewallClient() (FirewallClient, error) {
|
||||||
_, firewalldErr := os.Stat("/usr/sbin/firewalld")
|
firewalld := cmd.Which("firewalld")
|
||||||
_, ufwErr := os.Stat("/usr/sbin/ufw")
|
ufw := cmd.Which("ufw")
|
||||||
|
|
||||||
if firewalldErr == nil && ufwErr == nil {
|
if firewalld && ufw {
|
||||||
return nil, buserr.New("firewalld and ufw both found, only one firewall should be active")
|
return nil, buserr.New(constant.ErrFirewallBoth)
|
||||||
}
|
}
|
||||||
|
|
||||||
if firewalldErr == nil {
|
if firewalld {
|
||||||
return client.NewFirewalld()
|
return client.NewFirewalld()
|
||||||
}
|
}
|
||||||
if ufwErr == nil {
|
if ufw {
|
||||||
return client.NewUfw()
|
return client.NewUfw()
|
||||||
}
|
}
|
||||||
return nil, buserr.New(constant.ErrFirewall)
|
return nil, buserr.New(constant.ErrFirewallNone)
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user