diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index 24d7092d39d8..2d99d28180d1 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -10,6 +10,7 @@ import ( "github.com/1Panel-dev/1Panel/backend/app/dto" "github.com/1Panel-dev/1Panel/backend/app/model" + "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/global" "github.com/1Panel-dev/1Panel/backend/utils/cmd" @@ -86,6 +87,11 @@ func (u *FirewallService) SearchWithPage(req dto.RuleSearch) (int64, interface{} case "port": rules, err = client.ListPort() case "forward": + isSupport, errSup := checkIsSupport() + if !isSupport { + return 0, nil, errSup + } + rules, err = client.ListForward() case "address": rules, err = client.ListAddress() @@ -306,6 +312,11 @@ func (u *FirewallService) OperatePortRule(req dto.PortRuleOperate, reload bool) } func (u *FirewallService) OperateForwardRule(req dto.ForwardRuleOperate) error { + isSupport, errSup := checkIsSupport() + if !isSupport { + return errSup + } + client, err := firewall.NewFirewallClient() if err != nil { return err @@ -689,3 +700,14 @@ func checkPortUsed(ports, proto string, apps []portOfApp) string { } return "" } + +func checkIsSupport() (bool, error) { + std, err := cmd.Exec("iptables --version") + if err != nil { + return false, fmt.Errorf("handle iptables --version failed, stdout: %s, err: %v", std, err) + } + if strings.Contains(std, "nf_tables") { + return false, buserr.New(constant.ErrNFTables) + } + return true, nil +} diff --git a/backend/constant/errs.go b/backend/constant/errs.go index 0f6c35fbafd1..f98a70c12826 100644 --- a/backend/constant/errs.go +++ b/backend/constant/errs.go @@ -143,7 +143,9 @@ var ( ) var ( - ErrFirewall = "ErrFirewall" + ErrFirewallNone = "ErrFirewallNone" + ErrFirewallBoth = "ErrFirewallBoth" + ErrNFTables = "ErrNFTables" ) // cronjob diff --git a/backend/i18n/lang/en.yaml b/backend/i18n/lang/en.yaml index ca2616db8dd8..75acd9a9952d 100644 --- a/backend/i18n/lang/en.yaml +++ b/backend/i18n/lang/en.yaml @@ -165,7 +165,9 @@ ErrConfigAlreadyExist: "A configuration file with the same name already exists" ErrUserFindErr: "Failed to find user {{ .name }} {{ .err }}" #ssh -ErrFirewall: "No firewalld or ufw service is detected. Please check and try again!" +ErrFirewallNone: "No firewalld or ufw service detected on the system. Please check and try again!" +ErrFirewallBoth: "Both firewalld and ufw services are detected on the system. To avoid conflicts, please uninstall one and try again!" +ErrNFTables: "Port forwarding functionality relies on the iptables service and is currently not compatible with nftables operations!" #cronjob ErrBashExecute: "Script execution error, please check the specific information in the task output text area." diff --git a/backend/i18n/lang/zh-Hant.yaml b/backend/i18n/lang/zh-Hant.yaml index 42e36424c6f0..68474bbf28cc 100644 --- a/backend/i18n/lang/zh-Hant.yaml +++ b/backend/i18n/lang/zh-Hant.yaml @@ -166,7 +166,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件" ErrUserFindErr: "用戶 {{ .name }} 查找失敗 {{ .err }}" #ssh -ErrFirewall: "當前未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!" +ErrFirewallNone: "未檢測到系統 firewalld 或 ufw 服務,請檢查後重試!" +ErrFirewallBoth: "檢測到系統同時存在 firewalld 或 ufw 服務,為避免衝突,請卸載後重試!" +ErrNFTables: "端口轉發功能依賴於 iptables 服務,暫不兼容 nftables 操作!" #cronjob ErrBashExecute: "腳本執行錯誤,請在任務輸出文本域中查看具體信息。" diff --git a/backend/i18n/lang/zh.yaml b/backend/i18n/lang/zh.yaml index 2aee237d85fe..bea6fdfdd2d1 100644 --- a/backend/i18n/lang/zh.yaml +++ b/backend/i18n/lang/zh.yaml @@ -168,7 +168,9 @@ ErrConfigAlreadyExist: "已存在同名配置文件" ErrUserFindErr: "用户 {{ .name }} 查找失败 {{ .err }}" #ssh -ErrFirewall: "当前未检测到系统 firewalld 或 ufw 服务,请检查后重试!" +ErrFirewallNone: "未检测到系统 firewalld 或 ufw 服务,请检查后重试!" +ErrFirewallBoth: "检测到系统同时存在 firewalld 或 ufw 服务,为避免冲突,请卸载后重试!" +ErrNFTables: "端口转发功能依赖于 iptables 服务,暂不兼容 nftables 操作!" #cronjob ErrBashExecute: "脚本执行错误,请在任务输出文本域中查看具体信息。" diff --git a/backend/utils/firewall/client.go b/backend/utils/firewall/client.go index 3eb5ad537987..3ce4b005171c 100644 --- a/backend/utils/firewall/client.go +++ b/backend/utils/firewall/client.go @@ -1,10 +1,9 @@ package firewall import ( - "os" - "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" + "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/firewall/client" ) @@ -29,18 +28,18 @@ type FirewallClient interface { } func NewFirewallClient() (FirewallClient, error) { - _, firewalldErr := os.Stat("/usr/sbin/firewalld") - _, ufwErr := os.Stat("/usr/sbin/ufw") + firewalld := cmd.Which("firewalld") + ufw := cmd.Which("ufw") - if firewalldErr == nil && ufwErr == nil { - return nil, buserr.New("firewalld and ufw both found, only one firewall should be active") + if firewalld && ufw { + return nil, buserr.New(constant.ErrFirewallBoth) } - if firewalldErr == nil { + if firewalld { return client.NewFirewalld() } - if ufwErr == nil { + if ufw { return client.NewUfw() } - return nil, buserr.New(constant.ErrFirewall) + return nil, buserr.New(constant.ErrFirewallNone) }