实现自动SYN Flood防护

2025-12-05 08:30:26 +08:00 · 2022-01-10 19:54:37 +08:00
parent 00cba6a380
commit e48c02176b
4 changed files with 66 additions and 2 deletions
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -285,7 +285,15 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall)
+	var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
+	if len(req.SynFloodJSON) > 0 {
+		err = json.Unmarshal(req.SynFloodJSON, synFloodConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -476,6 +484,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context
 		InboundJSON:  []byte(policy.Inbound),
 		OutboundJSON: []byte(policy.Outbound),
 		Mode:         policy.Mode,
+		SynFloodJSON: []byte(policy.SynFlood),
 	}}, nil
 }

--- a/internal/rpc/services/service_ip_item.go
+++ b/internal/rpc/services/service_ip_item.go
@@ -566,6 +566,22 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			}
 		}

+		// 节点
+		var pbSourceNode *pb.Node
+		if item.SourceNodeId > 0 {
+			node, err := models.SharedNodeDAO.FindEnabledBasicNode(tx, int64(item.SourceNodeId))
+			if err != nil {
+				return nil, err
+			}
+			if node != nil {
+				pbSourceNode = &pb.Node{
+					Id:          int64(node.Id),
+					Name:        node.Name,
+					NodeCluster: &pb.NodeCluster{Id: int64(node.ClusterId)},
+				}
+			}
+		}
+
 		var pbItem = &pb.IPItem{
 			Id:                            int64(item.Id),
 			IpFrom:                        item.IpFrom,
@@ -587,6 +603,7 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			SourceHTTPFirewallPolicy:      pbSourcePolicy,
 			SourceHTTPFirewallRuleGroup:   pbSourceGroup,
 			SourceHTTPFirewallRuleSet:     pbSourceSet,
+			SourceNode:                    pbSourceNode,
 			IsRead:                        item.IsRead == 1,
 		}