From d6dcb59ab788b68369436b15f46256a95f500284 Mon Sep 17 00:00:00 2001
From: ssongliu <73214554+ssongliu@users.noreply.github.com>
Date: Wed, 12 Apr 2023 14:50:30 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=20firewalld=20ip=20?=
 =?UTF-8?q?=E8=8C=83=E5=9B=B4=E8=A7=84=E5=88=99=E4=B8=8D=E7=94=9F=E6=95=88?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=20(#594)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/utils/firewall/client/firewalld.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/backend/utils/firewall/client/firewalld.go b/backend/utils/firewall/client/firewalld.go
index 72386f645..3f61b67ce 100644
--- a/backend/utils/firewall/client/firewalld.go
+++ b/backend/utils/firewall/client/firewalld.go
@@ -124,6 +124,17 @@ func (f *Firewall) Port(port FireInfo, operation string) error {
 func (f *Firewall) RichRules(rule FireInfo, operation string) error {
 	ruleStr := ""
 	if strings.Contains(rule.Address, "-") {
+		std, err := cmd.Execf("firewall-cmd --permanent --new-ipset=%s --type=hash:ip", rule.Address)
+		if err != nil {
+			return fmt.Errorf("add new ipset failed, err: %s", std)
+		}
+		std2, err := cmd.Execf("firewall-cmd --permanent --ipset=%s --add-entry=%s", rule.Address, rule.Address)
+		if err != nil {
+			return fmt.Errorf("add entry to ipset failed, err: %s", std2)
+		}
+		if err := f.Reload(); err != nil {
+			return err
+		}
 		ruleStr = fmt.Sprintf("rule source ipset=%s %s", rule.Address, rule.Strategy)
 	} else {
 		ruleStr = "rule family=ipv4 "