gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-19 00:09:16 +08:00
Code

feat: 端口转发功能 (#5439)

Browse Source
This commit is contained in:
endymx 2024-06-15 22:28:03 +08:00 committed by GitHub
parent b36e2c5676
commit af0ecce25b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 814 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
backend/app/api/v1/firewall.go
View File

@ -94,6 +94,29 @@ func (b *BaseApi) OperatePortRule(c *gin.Context) {
helper.SuccessWithData(c, nil)
}
// OperateForwardRule
// @Tags Firewall
// @Summary Create group
// @Description 更新防火墙端口转发规则
// @Accept json
// @Param request body dto.ForwardRuleOperate true "request"
// @Success 200
// @Security ApiKeyAuth
// @Router /hosts/firewall/forward [post]
// @x-panel-log {"bodyKeys":["source_port"],"paramKeys":[],"BeforeFunctions":[],"formatZH":"更新端口转发规则 [source_port]","formatEN":"update port forward rules [source_port]"}
func (b *BaseApi) OperateForwardRule(c *gin.Context) {
var req dto.ForwardRuleOperate
if err := helper.CheckBindAndValidate(&req, c); err != nil {
return
}
if err := firewallService.OperateForwardRule(req); err != nil {
helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
return
}
helper.SuccessWithData(c, nil)
}
// @Tags Firewall
// @Summary Create group
// @Description 创建防火墙 IP 规则

11
backend/app/dto/firewall.go
View File

@ -29,6 +29,17 @@ type PortRuleOperate struct {
Description string `json:"description"`
}
type ForwardRuleOperate struct {
Rules []struct {
Operation string `json:"operation" validate:"required,oneof=add remove"`
Num string `json:"num"`
Protocol string `json:"protocol" validate:"required,oneof=tcp udp tcp/udp"`
Port string `json:"port" validate:"required"`
TargetIP string `json:"targetIP"`
TargetPort string `json:"targetPort" validate:"required"`
} `json:"rules"`
}
type UpdateFirewallDescription struct {
Type string `json:"type"`
Address string `json:"address"`

9
backend/app/model/firewall.go
View File

@ -10,3 +10,12 @@ type Firewall struct {
Strategy string `gorm:"type:varchar(64);not null" json:"strategy"`
Description string `gorm:"type:varchar(64);not null" json:"description"`
}
type Forward struct {
BaseModel
Protocol string `gorm:"type:varchar(64);not null" json:"protocol"`
Port string `gorm:"type:varchar(64);not null" json:"port"`
TargetIP string `gorm:"type:varchar(64);not null" json:"targetIP"`
TargetPort string `gorm:"type:varchar(64);not null" json:"targetPort"`
}

84
backend/app/service/firewall.go
View File

@ -3,6 +3,7 @@ package service
import (
"fmt"
"os"
"sort"
"strconv"
"strings"
"sync"
@ -28,6 +29,7 @@ type IFirewallService interface {
SearchWithPage(search dto.RuleSearch) (int64, interface{}, error)
OperateFirewall(operation string) error
OperatePortRule(req dto.PortRuleOperate, reload bool) error
OperateForwardRule(req dto.ForwardRuleOperate) error
OperateAddressRule(req dto.AddrRuleOperate, reload bool) error
UpdatePortRule(req dto.PortRuleUpdate) error
UpdateAddrRule(req dto.AddrRuleUpdate) error
@ -78,42 +80,36 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{}
if err != nil {
return 0, nil, err
}
if req.Type == "port" {
ports, err := client.ListPort()
if err != nil {
return 0, nil, err
}
if len(req.Info) != 0 {
for _, port := range ports {
if strings.Contains(port.Port, req.Info) {
datas = append(datas, port)
}
}
} else {
datas = ports
}
} else {
addrs, err := client.ListAddress()
if err != nil {
return 0, nil, err
}
if len(req.Info) != 0 {
for _, addr := range addrs {
if strings.Contains(addr.Address, req.Info) {
datas = append(datas, addr)
}
}
} else {
datas = addrs
}
var rules []fireClient.FireInfo
switch req.Type {
case "port":
rules, err = client.ListPort()
case "forward":
rules, err = client.ListForward()
case "address":
rules, err = client.ListAddress()
}
if err != nil {
return 0, nil, err
}
if len(req.Info) != 0 {
for _, addr := range rules {
if strings.Contains(addr.Address, req.Info) {
datas = append(datas, addr)
}
}
} else {
datas = rules
}
if req.Type == "port" {
apps := u.loadPortByApp()
for i := 0; i < len(datas); i++ {
datas[i].UsedStatus = checkPortUsed(datas[i].Port, datas[i].Protocol, apps)
}
}
var datasFilterStatus []fireClient.FireInfo
if len(req.Status) != 0 {
for _, data := range datas {
@ -127,6 +123,7 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{}
} else {
datasFilterStatus = datas
}
var datasFilterStrategy []fireClient.FireInfo
if len(req.Strategy) != 0 {
for _, data := range datasFilterStatus {
@ -300,6 +297,37 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool)
return nil
}
func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error {
client, err := firewall.NewFirewallClient()
if err != nil {
return err
}
sort.SliceStable(req.Rules, func(i, j int) bool {
n1, _ := strconv.Atoi(req.Rules[i].Num)
n2, _ := strconv.Atoi(req.Rules[j].Num)
return n1 > n2
})
for _, r := range req.Rules {
for _, p := range strings.Split(r.Protocol, "/") {
if r.TargetIP == "" {
r.TargetIP = "127.0.0.1"
}
if err = client.PortForward(fireClient.Forward{
Num: r.Num,
Protocol: p,
Port: r.Port,
TargetIP: r.TargetIP,
TargetPort: r.TargetPort,
}, r.Operation); err != nil {
return err
}
}
}
return nil
}
func (u *FirewallService) OperateAddressRule(req dto.AddrRuleOperate, reload bool) error {
client, err := firewall.NewFirewallClient()
if err != nil {

5
backend/init/app/app.go
View File

@ -2,6 +2,7 @@ package app
import (
"github.com/1Panel-dev/1Panel/backend/utils/docker"
"github.com/1Panel-dev/1Panel/backend/utils/firewall"
"path"
"github.com/1Panel-dev/1Panel/backend/constant"
@ -31,6 +32,10 @@ func Init() {
}
_ = docker.CreateDefaultDockerNetwork()
if f, err := firewall.NewFirewallClient(); err == nil {
_ = f.EnableForward()
}
}
func createDir(fileOp files.FileOp, dirPath string) {

1
backend/init/migration/migrate.go
View File

@ -89,6 +89,7 @@ func Init() {
migrations.AddFtp,
migrations.AddProxy,
migrations.AddCronJobColumn,
migrations.AddForward,
})
if err := m.Migrate(); err != nil {
global.LOG.Error(err)

10
backend/init/migration/migrations/v_1_10.go
View File

@ -239,6 +239,16 @@ var AddProxy = &gormigrate.Migration{
},
}
var AddForward = &gormigrate.Migration{
ID: "202400611-add-forward",
Migrate: func(tx *gorm.DB) error {
if err := tx.AutoMigrate(&model.Forward{}); err != nil {
return err
}
return nil
},
}
var AddCronJobColumn = &gormigrate.Migration{
ID: "20240524-add-cronjob-command",
Migrate: func(tx *gorm.DB) error {

1
backend/router/ro_host.go
View File

@ -29,6 +29,7 @@ func (s *HostRouter) InitRouter(Router *gin.RouterGroup) {
hostRouter.POST("/firewall/search", baseApi.SearchFirewallRule)
hostRouter.POST("/firewall/operate", baseApi.OperateFirewall)
hostRouter.POST("/firewall/port", baseApi.OperatePortRule)
hostRouter.POST("/firewall/forward", baseApi.OperateForwardRule)
hostRouter.POST("/firewall/ip", baseApi.OperateIPRule)
hostRouter.POST("/firewall/batch", baseApi.BatchOperateRule)
hostRouter.POST("/firewall/update/port", baseApi.UpdatePortRule)

3
backend/utils/firewall/client.go
View File

@ -18,11 +18,14 @@ type FirewallClient interface {
Version() (string, error)
ListPort() ([]client.FireInfo, error)
ListForward() ([]client.FireInfo, error)
ListAddress() ([]client.FireInfo, error)
Port(port client.FireInfo, operation string) error
RichRules(rule client.FireInfo, operation string) error
PortForward(info client.Forward, operation string) error
EnableForward() error
}
func NewFirewallClient() (FirewallClient, error) {

51
backend/utils/firewall/client/firewalld.go
View File

@ -2,6 +2,7 @@ package client
import (
"fmt"
"regexp"
"strings"
"sync"
@ -10,6 +11,8 @@ import (
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
)
var ForwardListRegex = regexp.MustCompile(`^port=(\d{1,5}):proto=(.+?):toport=(\d{1,5}):toaddr=(.*)$`)
type Firewall struct{}
func NewFirewalld() (*Firewall, error) {
@ -115,6 +118,29 @@ func (f *Firewall) ListPort() ([]FireInfo, error) {
return datas, nil
}
func (f *Firewall) ListForward() ([]FireInfo, error) {
stdout, err := cmd.Exec("firewall-cmd --zone=public --list-forward-ports")
if err != nil {
return nil, err
}
var datas []FireInfo
for _, line := range strings.Split(stdout, "\n") {
line = strings.TrimFunc(line, func(r rune) bool {
return r <= 32
})
if ForwardListRegex.MatchString(line) {
match := ForwardListRegex.FindStringSubmatch(line)
datas = append(datas, FireInfo{
Port: match[1],
Protocol: match[2],
TargetIP: match[4],
TargetPort: match[3],
})
}
}
return datas, nil
}
func (f *Firewall) ListAddress() ([]FireInfo, error) {
stdout, err := cmd.Exec("firewall-cmd --zone=public --list-rich-rules")
if err != nil {
@ -175,15 +201,18 @@ func (f *Firewall) RichRules(rule FireInfo, operation string) error {
}
func (f *Firewall) PortForward(info Forward, operation string) error {
ruleStr := fmt.Sprintf("firewall-cmd --%s-forward-port=port=%s:proto=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.Target)
if len(info.Address) != 0 {
ruleStr = fmt.Sprintf("firewall-cmd --%s-forward-port=port=%s:proto=%s:toaddr=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.Address, info.Target)
ruleStr := fmt.Sprintf("firewall-cmd --zone=public --%s-forward-port=port=%s:proto=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.TargetPort)
if info.TargetIP != "" && info.TargetIP != "127.0.0.1" && info.TargetIP != "localhost" {
ruleStr = fmt.Sprintf("firewall-cmd --zone=public --%s-forward-port=port=%s:proto=%s:toaddr=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.TargetIP, info.TargetPort)
}
stdout, err := cmd.Exec(ruleStr)
if err != nil {
return fmt.Errorf("%s port forward failed, err: %s", operation, stdout)
}
if err = f.Reload(); err != nil {
return err
}
return nil
}
@ -208,3 +237,19 @@ func (f *Firewall) loadInfo(line string) FireInfo {
}
return itemRule
}
func (f *Firewall) EnableForward() error {
stdout, err := cmd.Exec("firewall-cmd --zone=public --query-masquerade")
if err != nil {
if strings.HasSuffix(strings.TrimSpace(stdout), "no") {
stdout, err = cmd.Exec("firewall-cmd --zone=public --add-masquerade --permanent")
if err != nil {
return fmt.Errorf("%s: %s", err, stdout)
}
return f.Reload()
}
return fmt.Errorf("%s: %s", err, stdout)
}
return nil
}

24
backend/utils/firewall/client/info.go
View File

@ -7,13 +7,29 @@ type FireInfo struct {
Protocol string `json:"protocol"` // tcp udp tcp/udp
Strategy string `json:"strategy"` // accept drop
Num string `json:"num"`
TargetIP string `json:"targetIP"`
TargetPort string `json:"targetPort"`
UsedStatus string `json:"usedStatus"`
Description string `json:"description"`
}
type Forward struct {
Protocol string `json:"protocol"`
Address string `json:"address"`
Port string `json:"port"`
Target string `json:"target"`
Num string `json:"num"`
Protocol string `json:"protocol"`
Port string `json:"port"`
TargetIP string `json:"targetIP"`
TargetPort string `json:"targetPort"`
}
type IptablesNatInfo struct {
Num string `json:"num"`
Target string `json:"target"`
Protocol string `json:"protocol"`
Opt string `json:"opt"`
Source string `json:"source"`
Destination string `json:"destination"`
SrcPort string `json:"srcPort"`
DestPort string `json:"destPort"`
}

132
backend/utils/firewall/client/iptables.go Normal file
View File

@ -0,0 +1,132 @@
package client
import (
"fmt"
"github.com/1Panel-dev/1Panel/backend/app/model"
"github.com/1Panel-dev/1Panel/backend/global"
"github.com/1Panel-dev/1Panel/backend/utils/cmd"
"github.com/pkg/errors"
"regexp"
"strings"
)
var NatListRegex = regexp.MustCompile(`^(\d+)\s+(.+?)\s+(.+?)\s+(.+?)\s+(.+?)\s+(.+?)\s+(.+?) .+?:(\d{1,5}(?::\d+)?).+?[ :](.+-.+|(?:.+:)?\d{1,5}(?:-\d{1,5})?)$`)
type Iptables struct {
CmdStr string
}
func NewIptables() (*Iptables, error) {
iptables := new(Iptables)
if cmd.HasNoPasswordSudo() {
iptables.CmdStr = "sudo"
}
return iptables, nil
}
func (iptables *Iptables) Check() error {
stdout, err := cmd.Exec("cat /proc/sys/net/ipv4/ip_forward")
if err != nil {
return err
}
if stdout == "0" {
return fmt.Errorf("disable")
}
return nil
}
func (iptables *Iptables) NatList() ([]IptablesNatInfo, error) {
stdout, err := cmd.Execf("%s iptables -t nat -nL PREROUTING --line", iptables.CmdStr)
if err != nil {
return nil, err
}
var forwardList []IptablesNatInfo
for _, line := range strings.Split(stdout, "\n") {
line = strings.TrimFunc(line, func(r rune) bool {
return r <= 32
})
if NatListRegex.MatchString(line) {
match := NatListRegex.FindStringSubmatch(line)
if !strings.Contains(match[9], ":") {
match[9] = fmt.Sprintf(":%s", match[9])
}
forwardList = append(forwardList, IptablesNatInfo{
Num: match[1],
Target: match[2],
Protocol: match[7],
Opt: match[4],
Source: match[5],
Destination: match[6],
SrcPort: match[8],
DestPort: match[9],
})
}
}
return forwardList, nil
}
func (iptables *Iptables) NatAdd(protocol, src, destIp, destPort string, save bool) error {
rule := fmt.Sprintf("%s iptables -t nat -A PREROUTING -p %s --dport %s -j REDIRECT --to-port %s", iptables.CmdStr, protocol, src, destPort)
if destIp != "" && destIp != "127.0.0.1" && destIp != "localhost" {
rule = fmt.Sprintf("%s iptables -t nat -A PREROUTING -p %s --dport %s -j DNAT --to-destination %s:%s", iptables.CmdStr, protocol, src, destIp, destPort)
}
stdout, err := cmd.Exec(rule)
if err != nil {
return err
}
if stdout != "" {
return errors.New(stdout)
}
if save {
return global.DB.Save(&model.Forward{
Protocol: protocol,
Port: src,
TargetIP: destIp,
TargetPort: destPort,
}).Error
}
return nil
}
func (iptables *Iptables) NatRemove(num string, protocol, src, destIp, destPort string) error {
stdout, err := cmd.Execf("%s iptables -t nat -D PREROUTING %s", iptables.CmdStr, num)
if err != nil {
return err
}
if stdout != "" {
return fmt.Errorf(stdout)
}
global.DB.Where(
"protocol = ? AND port = ? AND target_ip = ? AND target_port = ?",
protocol,
src,
destIp,
destPort,
).Delete(&model.Forward{})
return nil
}
func (iptables *Iptables) Reload() error {
stdout, err := cmd.Execf("%s iptables -t nat -F && %s iptables -t nat -X", iptables.CmdStr, iptables.CmdStr)
if err != nil {
return err
}
if stdout != "" {
return fmt.Errorf(stdout)
}
var rules []model.Forward
global.DB.Find(&rules)
for _, forward := range rules {
if err := iptables.NatAdd(forward.Protocol, forward.Port, forward.TargetIP, forward.TargetPort, false); err != nil {
return err
}
}
return nil
}

50
backend/utils/firewall/client/ufw.go
View File

@ -103,6 +103,30 @@ func (f *Ufw) ListPort() ([]FireInfo, error) {
return datas, nil
}
func (f *Ufw) ListForward() ([]FireInfo, error) {
iptables, err := NewIptables()
if err != nil {
return nil, err
}
rules, err := iptables.NatList()
if err != nil {
return nil, err
}
var list []FireInfo
for _, rule := range rules {
dest := strings.SplitN(rule.DestPort, ":", 2)
list = append(list, FireInfo{
Num: rule.Num,
Protocol: rule.Protocol,
Port: rule.SrcPort,
TargetIP: dest[0],
TargetPort: dest[1],
})
}
return list, nil
}
func (f *Ufw) ListAddress() ([]FireInfo, error) {
stdout, err := cmd.Execf("%s status verbose", f.CmdStr)
if err != nil {
@ -206,17 +230,18 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error {
}
func (f *Ufw) PortForward(info Forward, operation string) error {
ruleStr := fmt.Sprintf("firewall-cmd --%s-forward-port=port=%s:proto=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.Target)
if len(info.Address) != 0 {
ruleStr = fmt.Sprintf("firewall-cmd --%s-forward-port=port=%s:proto=%s:toaddr=%s:toport=%s --permanent", operation, info.Port, info.Protocol, info.Address, info.Target)
iptables, err := NewIptables()
if err != nil {
return err
}
stdout, err := cmd.Exec(ruleStr)
if err != nil {
return fmt.Errorf("%s port forward failed, err: %s", operation, stdout)
if operation == "add" {
err = iptables.NatAdd(info.Protocol, info.Port, info.TargetIP, info.TargetPort, true)
} else {
err = iptables.NatRemove(info.Num, info.Protocol, info.Port, info.TargetIP, info.TargetPort)
}
if err := f.Reload(); err != nil {
return err
if err != nil {
return fmt.Errorf("%s port forward failed, err: %s", operation, err)
}
return nil
}
@ -258,3 +283,12 @@ func (f *Ufw) loadInfo(line string, fireType string) FireInfo {
return itemInfo
}
func (f *Ufw) EnableForward() error {
iptables, err := NewIptables()
if err != nil {
return err
}
return iptables.Reload()
}

12
frontend/src/api/interface/host.ts
View File

@ -74,12 +74,17 @@ export namespace Host {
export interface RuleInfo extends ReqPage {
family: string;
address: string;
destination: string;
port: string;
srcPort: string;
destPort: string;
protocol: string;
strategy: string;
usedStatus: string;
description: string;
[key: string]: any;
}
export interface UpdateDescription {
address: string;
@ -97,6 +102,13 @@ export namespace Host {
strategy: string;
description: string;
}
export interface RuleForward {
operation: string;
protocol: string;
port: string;
targetIP: string;
targetPort: string;
}
export interface RuleIP {
operation: string;
address: string;

3
frontend/src/api/modules/host.ts
View File

@ -98,6 +98,9 @@ export const operateFire = (operation: string) => {
export const operatePortRule = (params: Host.RulePort) => {
return http.post<Host.RulePort>(`/hosts/firewall/port`, params, TimeoutEnum.T_40S);
};
export const operateForwardRule = (params: { rules: Host.RuleForward[] }) => {
return http.post<Host.RulePort>(`/hosts/firewall/forward`, params, TimeoutEnum.T_40S);
};
export const operateIPRule = (params: Host.RuleIP) => {
return http.post<Host.RuleIP>(`/hosts/firewall/ip`, params, TimeoutEnum.T_40S);
};

7
frontend/src/lang/modules/en.ts
View File

@ -1,4 +1,5 @@
import fit2cloudEnLocale from 'fit2cloud-ui-plus/src/locale/lang/en';
let xpackEnLocale = {};
const xpackModules = import.meta.glob('../../xpack/lang/en.ts', { eager: true });
if (xpackModules['../../xpack/lang/en.ts']) {
@ -2204,8 +2205,14 @@ const message = {
addressHelper2: 'For multiple IPs or IP ranges, separate with commas: 172.16.10.11, 172.16.0.0/24',
allIP: 'All IP',
portRule: 'Port rule',
forwardRule: 'Forwarding',
ipRule: 'IP rule',
userAgent: 'User-Agent filter',
sourcePort: 'Source Port',
targetIP: 'Destination IP',
targetPort: 'Destination Port',
forwardHelper1: 'In the case of local port forwarding, the destination IP is: 127.0.0.1',
forwardHelper2: 'If the destination IP is not filled in, it will be forwarded to the local port by default',
},
runtime: {
runtime: 'Runtime',

6
frontend/src/lang/modules/tw.ts
View File

@ -2048,8 +2048,14 @@ const message = {
addressHelper2: '多個 IP IP 請用 "," 隔開172.16.10.11,172.16.0.0/24',
allIP: '所有 IP',
portRule: '端口規則',
forwardRule: '端口轉發',
ipRule: 'IP 規則',
userAgent: 'User-Agent 過濾',
sourcePort: '來源端口',
targetIP: '目標 IP',
targetPort: '目標端口',
forwardHelper1: '如果是本機端口轉發目標 IP 127.0.0.1',
forwardHelper2: '如果目標 IP 不填寫默認為本機端口轉發',
},
runtime: {
runtime: '運行環境',

8
frontend/src/lang/modules/zh.ts
View File

@ -92,6 +92,7 @@ const message = {
user: '用户',
title: '标题',
port: '端口',
forward: '转发',
protocol: '协议',
tableSetting: '列表设置',
refreshRate: '刷新频率',
@ -2049,8 +2050,15 @@ const message = {
addressHelper2: '多个 IP IP 请用 "," 隔开172.16.10.11,172.16.0.0/24',
allIP: '所有 IP',
portRule: '端口规则',
forwardRule: '端口转发',
ipRule: 'IP 规则',
userAgent: 'User-Agent 过滤',
destination: '目的地',
sourcePort: '源端口',
targetIP: '目标 IP',
targetPort: '目标端口',
forwardHelper1: '如果是本机端口转发目标IP为127.0.0.1',
forwardHelper2: '如果目标IP不填写则默认为本机端口转发',
},
runtime: {
runtime: '运行环境',

10
frontend/src/routers/modules/host.ts
View File

@ -60,6 +60,16 @@ const hostRouter = {
requiresAuth: false,
},
},
{
path: '/hosts/firewall/forward',
name: 'FirewallForward',
component: () => import('@/views/host/firewall/forward/index.vue'),
hidden: true,
meta: {
activeMenu: '/hosts/firewall/port',
requiresAuth: false,
},
},
{
path: '/hosts/firewall/ip',
name: 'FirewallIP',

6
frontend/src/utils/util.ts
View File

@ -327,11 +327,7 @@ export function checkPort(value: string): boolean {
return true;
}
const reg = /^([1-9](\d{0,3}))$|^([1-5]\d{4})$|^(6[0-4]\d{3})$|^(65[0-4]\d{2})$|^(655[0-2]\d)$|^(6553[0-5])$/;
if (!reg.test(value) && value !== '') {
return true;
} else {
return false;
}
return !reg.test(value) && value !== '';
}
export function getProvider(provider: string): string {

226
frontend/src/views/host/firewall/forward/index.vue Normal file
View File

@ -0,0 +1,226 @@
<template>
<div>
<FireRouter />
<div v-loading="loading">
<FireStatus
v-show="fireName !== '-'"
ref="fireStatusRef"
@search="search"
v-model:loading="loading"
v-model:mask-show="maskShow"
v-model:status="fireStatus"
v-model:name="fireName"
/>
<div v-if="fireName !== '-'">
<el-card v-if="fireStatus != 'running' && maskShow" class="mask-prompt">
<span>{{ $t('firewall.firewallNotStart') }}</span>
</el-card>
<LayoutContent :title="$t('firewall.forwardRule')" :class="{ mask: fireStatus != 'running' }">
<template #toolbar>
<el-row>
<el-col :span="16">
<el-button type="primary" @click="onOpenDialog('create')">
{{ $t('commons.button.create') }}{{ $t('firewall.forwardRule') }}
</el-button>
<el-button @click="onDelete(null)" plain :disabled="selects.length === 0">
{{ $t('commons.button.delete') }}
</el-button>
</el-col>
<el-col :span="8">
<TableSetting @search="search()" />
<TableSearch @search="search()" v-model:searchName="searchName" />
</el-col>
</el-row>
</template>
<template #main>
<ComplexTable
:pagination-config="paginationConfig"
v-model:selects="selects"
@search="search"
:data="data"
>
<el-table-column type="selection" fix />
<el-table-column :label="$t('commons.table.protocol')" :min-width="70" prop="protocol" />
<el-table-column :label="$t('firewall.sourcePort')" :min-width="70" prop="port" />
<el-table-column :min-width="80" :label="$t('firewall.targetIP')" prop="targetIP">
<template #default="{ row }">
<span v-if="row.targetIP">{{ row.targetIP }}</span>
<span v-else>127.0.0.1</span>
</template>
</el-table-column>
<el-table-column :label="$t('firewall.targetPort')" :min-width="70" prop="targetPort" />
<fu-table-operations
width="200px"
:buttons="buttons"
:ellipsis="10"
:label="$t('commons.table.operate')"
fix
/>
</ComplexTable>
</template>
</LayoutContent>
</div>
<div v-else>
<LayoutContent :title="$t('firewall.firewall')" :divider="true">
<template #main>
<div class="app-warn">
<div>
<span>{{ $t('firewall.notSupport') }}</span>
<span @click="toDoc">
<el-icon class="ml-2"><Position /></el-icon>
{{ $t('firewall.quickJump') }}
</span>
<div>
<img src="@/assets/images/no_app.svg" />
</div>
</div>
</div>
</template>
</LayoutContent>
</div>
</div>
<OpDialog ref="opRef" @search="search" />
<OperateDialog @search="search" ref="dialogRef" />
</div>
</template>
<script lang="ts" setup>
import FireRouter from '@/views/host/firewall/index.vue';
import OperateDialog from './operate/index.vue';
import FireStatus from '@/views/host/firewall/status/index.vue';
import { onMounted, reactive, ref } from 'vue';
import { operateForwardRule, searchFireRule } from '@/api/modules/host';
import { Host } from '@/api/interface/host';
import i18n from '@/lang';
const loading = ref();
const activeTag = ref('forward');
const selects = ref<any>([]);
const searchName = ref();
const searchStatus = ref('');
const searchStrategy = ref('');
const maskShow = ref(true);
const fireStatus = ref('running');
const fireName = ref();
const fireStatusRef = ref();
const opRef = ref();
const data = ref();
const paginationConfig = reactive({
cacheSizeKey: 'firewall-forward-page-size',
currentPage: 1,
pageSize: 10,
total: 0,
});
const search = async () => {
if (fireStatus.value !== 'running') {
loading.value = false;
data.value = [];
paginationConfig.total = 0;
return;
}
let params = {
type: activeTag.value,
status: searchStatus.value,
strategy: searchStrategy.value,
info: searchName.value,
page: paginationConfig.currentPage,
pageSize: paginationConfig.pageSize,
};
loading.value = true;
await searchFireRule(params)
.then((res) => {
loading.value = false;
data.value = res.data.items || [];
paginationConfig.total = res.data.total;
})
.catch(() => {
loading.value = false;
});
};
const dialogRef = ref();
const onOpenDialog = async (
title: string,
rowData: Partial<Host.RuleForward> = {
protocol: 'tcp',
port: '8080',
targetIP: '',
targetPort: '',
},
) => {
let params = {
title,
rowData: { ...rowData },
};
dialogRef.value!.acceptParams(params);
};
const toDoc = () => {
window.open('https://1panel.cn/docs/user_manual/hosts/firewall/', '_blank', 'noopener,noreferrer');
};
const onDelete = async (row: Host.RuleForward | null) => {
let names = [];
let rules = [];
if (row) {
rules.push({
...row,
operation: 'remove',
});
names = [row.port + ' (' + row.protocol + ')'];
} else {
for (const item of selects.value) {
names.push(item.port + ' (' + item.protocol + ')');
rules.push({
...item,
operation: 'remove',
});
}
}
opRef.value.acceptParams({
title: i18n.global.t('commons.button.delete'),
names: names,
msg: i18n.global.t('commons.msg.operatorHelper', [
i18n.global.t('firewall.forwardRule'),
i18n.global.t('commons.button.delete'),
]),
api: operateForwardRule,
params: { rules: rules },
});
};
const buttons = [
{
label: i18n.global.t('commons.button.edit'),
click: (row: Host.RuleForward) => {
onOpenDialog('edit', row);
},
},
{
label: i18n.global.t('commons.button.delete'),
click: (row: Host.RuleForward) => {
onDelete(row);
},
},
];
onMounted(() => {
if (fireName.value !== '-') {
loading.value = true;
fireStatusRef.value.acceptParams();
}
});
</script>
<style lang="scss" scoped>
.svg-icon {
font-size: 8px;
margin-bottom: -4px;
cursor: pointer;
}
</style>

176
frontend/src/views/host/firewall/forward/operate/index.vue Normal file
View File

@ -0,0 +1,176 @@
<template>
<el-drawer
v-model="drawerVisible"
:destroy-on-close="true"
:close-on-click-modal="false"
:close-on-press-escape="false"
size="50%"
>
<template #header>
<DrawerHeader :header="title" :back="handleClose" />
</template>
<div v-loading="loading">
<el-form ref="formRef" label-position="top" :model="dialogData.rowData" :rules="rules">
<el-row type="flex" justify="center">
<el-col :span="22">
<el-form-item :label="$t('commons.table.protocol')" prop="protocol">
<el-select style="width: 100%" v-model="dialogData.rowData!.protocol">
<el-option value="tcp" label="tcp" />
<el-option value="udp" label="udp" />
<el-option value="tcp/udp" label="tcp/udp" />
</el-select>
</el-form-item>
<el-form-item :label="$t('firewall.sourcePort')" prop="port">
<el-input clearable v-model.trim="dialogData.rowData!.port" />
</el-form-item>
<el-form-item :label="$t('firewall.targetIP')" prop="targetIP">
<el-input v-model.trim="dialogData.rowData!.targetIP" />
<span class="input-help">{{ $t('firewall.forwardHelper1') }}</span>
<span class="input-help">{{ $t('firewall.forwardHelper2') }}</span>
</el-form-item>
<el-form-item :label="$t('firewall.targetPort')" prop="targetPort">
<el-input clearable v-model.trim="dialogData.rowData!.targetPort" />
</el-form-item>
</el-col>
</el-row>
</el-form>
</div>
<template #footer>
<span class="dialog-footer">
<el-button @click="drawerVisible = false">{{ $t('commons.button.cancel') }}</el-button>
<el-button type="primary" @click="onSubmit(formRef)">
{{ $t('commons.button.confirm') }}
</el-button>
</span>
</template>
</el-drawer>
</template>
<script lang="ts" setup>
import { reactive, ref } from 'vue';
import { Rules } from '@/global/form-rules';
import i18n from '@/lang';
import { ElForm, FormItemRule } from 'element-plus';
import DrawerHeader from '@/components/drawer-header/index.vue';
import { MsgSuccess } from '@/utils/message';
import { Host } from '@/api/interface/host';
import { operateForwardRule } from '@/api/modules/host';
import { checkCidr, checkIpV4V6, deepCopy } from '@/utils/util';
const loading = ref();
const oldRule = ref<Host.RuleForward>();
interface DialogProps {
title: string;
rowData?: Host.RuleForward;
getTableList?: () => Promise<any>;
}
const title = ref<string>('');
const drawerVisible = ref(false);
const dialogData = ref<DialogProps>({
title: '',
});
const acceptParams = (params: DialogProps): void => {
dialogData.value = params;
if (dialogData.value.title === 'edit') {
oldRule.value = deepCopy(params.rowData);
}
title.value = i18n.global.t('firewall.' + dialogData.value.title);
drawerVisible.value = true;
};
const emit = defineEmits<{ (e: 'search'): void }>();
const handleClose = () => {
drawerVisible.value = false;
};
const strPortValidator: FormItemRule = {
required: true,
trigger: 'blur',
validator: (_, value: string) => {
const port = parseInt(value);
return port >= 1 && port <= 65535;
},
message: i18n.global.t('commons.rule.port'),
};
const rules = reactive({
protocol: [Rules.requiredSelect],
port: [Rules.requiredInput, strPortValidator],
targetPort: [Rules.requiredInput, strPortValidator],
targetIP: [{ validator: checkAddress, trigger: 'blur' }],
});
function checkAddress(rule: any, value: string, callback: any) {
if (!value) {
return callback();
}
let addrs = value.split(',');
for (const item of addrs) {
if (item.indexOf('/') !== -1) {
if (checkCidr(item)) {
return callback(new Error(i18n.global.t('firewall.addressFormatError')));
}
} else {
if (checkIpV4V6(item)) {
return callback(new Error(i18n.global.t('firewall.addressFormatError')));
}
}
}
callback();
}
type FormInstance = InstanceType<typeof ElForm>;
const formRef = ref<FormInstance>();
const onSubmit = async (formEl: FormInstance | undefined) => {
if (!formEl) return;
formEl.validate(async (valid) => {
if (!valid) return;
const { rowData } = dialogData.value;
let rules = [];
if (!rowData) return;
rowData.operation = 'add';
if (rowData.targetIP === '') {
rowData.targetIP = '127.0.0.1';
}
rules.push(rowData);
loading.value = true;
if (dialogData.value.title === 'create') {
await operateForwardRule({ rules: rules })
.then(() => {
loading.value = false;
MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
emit('search');
drawerVisible.value = false;
})
.catch(() => {
loading.value = false;
});
return;
}
rules = [];
oldRule.value.operation = 'remove';
dialogData.value.rowData.operation = 'add';
rules.push(oldRule.value);
rules.push(dialogData.value.rowData);
await operateForwardRule({ rules: rules })
.then(() => {
loading.value = false;
MsgSuccess(i18n.global.t('commons.msg.operationSuccess'));
emit('search');
drawerVisible.value = false;
})
.catch(() => {
loading.value = false;
});
});
};
defineExpose({
acceptParams,
});
</script>

4
frontend/src/views/host/firewall/index.vue
View File

@ -15,6 +15,10 @@ const buttons = [
label: i18n.global.t('firewall.portRule'),
path: '/hosts/firewall/port',
},
{
label: i18n.global.t('firewall.forwardRule'),
path: '/hosts/firewall/forward',
},
{
label: i18n.global.t('firewall.ipRule'),
path: '/hosts/firewall/ip',