gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-31 14:08:06 +08:00
Code

feat: 打开防火墙时,自动放开应用以及 80 443 22 端口 (#637)

Browse Source
This commit is contained in:
ssongliu 2023-04-14 15:10:46 +08:00 committed by GitHub
parent 4c8fc1defa
commit e7608673d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backend/app/service/firewall.go
View File

@ -48,7 +48,7 @@ func (u *FirewallService) LoadBaseInfo() (dto.FirewallBaseInfo, error) {
if err != nil { if err != nil {
return baseInfo, err return baseInfo, err
} }
baseInfo.PingStatus, err = u.PingStatus() baseInfo.PingStatus, err = u.pingStatus()
if err != nil { if err != nil {
return baseInfo, err return baseInfo, err
} }
@ -142,14 +142,10 @@ func (u *FirewallService) OperateFirewall(operation string) error {
if err := client.Start(); err != nil { if err := client.Start(); err != nil {
return err return err
} }
serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort")) if err := u.addPortsBeforeStart(client); err != nil {
if err != nil { _ = client.Stop()
return err return err
} }
if err := client.Port(fireClient.FireInfo{Port: serverPort.Value, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
_ = client.Reload()
_, _ = cmd.Exec("systemctl restart docker") _, _ = cmd.Exec("systemctl restart docker")
return nil return nil
case "stop": case "stop":
@ -159,9 +155,9 @@ func (u *FirewallService) OperateFirewall(operation string) error {
_, _ = cmd.Exec("systemctl restart docker") _, _ = cmd.Exec("systemctl restart docker")
return nil return nil
case "disablePing": case "disablePing":
return u.UpdatePingStatus("0") return u.updatePingStatus("0")
case "enablePing": case "enablePing":
return u.UpdatePingStatus("1") return u.updatePingStatus("1")
} }
return fmt.Errorf("not support such operation: %s", operation) return fmt.Errorf("not support such operation: %s", operation)
} }
@ -369,7 +365,7 @@ func (u *FirewallService) loadPortByApp() []portOfApp {
return datas return datas
} }
func (u *FirewallService) PingStatus() (string, error) { func (u *FirewallService) pingStatus() (string, error) {
stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ") stdout, _ := cmd.Exec("sudo cat /etc/sysctl.conf | grep net/ipv4/icmp_echo_ignore_all= ")
if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" { if stdout == "net/ipv4/icmp_echo_ignore_all=1\n" {
return constant.StatusEnable, nil return constant.StatusEnable, nil
@ -377,7 +373,7 @@ func (u *FirewallService) PingStatus() (string, error) {
return constant.StatusDisable, nil return constant.StatusDisable, nil
} }
func (u *FirewallService) UpdatePingStatus(enabel string) error { func (u *FirewallService) updatePingStatus(enabel string) error {
lineBytes, err := os.ReadFile(confPath) lineBytes, err := os.ReadFile(confPath)
if err != nil { if err != nil {
return err return err
@ -413,3 +409,30 @@ func (u *FirewallService) UpdatePingStatus(enabel string) error {
return nil return nil
} }
func (u *FirewallService) addPortsBeforeStart(client firewall.FirewallClient) error {
serverPort, err := settingRepo.Get(settingRepo.WithByKey("ServerPort"))
if err != nil {
return err
}
if err := client.Port(fireClient.FireInfo{Port: serverPort.Value, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
if err := client.Port(fireClient.FireInfo{Port: "22", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
if err := client.Port(fireClient.FireInfo{Port: "80", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
if err := client.Port(fireClient.FireInfo{Port: "443", Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
apps := u.loadPortByApp()
for _, app := range apps {
if err := client.Port(fireClient.FireInfo{Port: app.HttpPort, Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
return err
}
}
return client.Reload()
}