Linux下自动添加端口到Firewalld

2025-11-03 15:00:27 +08:00 · 2022-04-19 19:35:50 +08:00
parent 682240a202
commit e9521a3cf9
3 changed files with 63 additions and 1 deletions
--- a/internal/nodes/api_node.go
+++ b/internal/nodes/api_node.go
@@ -349,10 +349,18 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 		remotelogs.Error("API_NODE", "decode http config: "+err.Error())
 		return
 	}
+	var ports = []int{}
 	isListening = false
 	if httpConfig != nil && httpConfig.IsOn && len(httpConfig.Listen) > 0 {
 		for _, listen := range httpConfig.Listen {
 			for _, addr := range listen.Addresses() {
+				// 收集Port
+				_, port, _ := net.SplitHostPort(addr)
+				var portInt = types.Int(port)
+				if portInt > 0 && !lists.ContainsInt(ports, portInt) {
+					ports = append(ports, portInt)
+				}
+
 				listener, err := net.Listen("tcp", addr)
 				if err != nil {
 					remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only")
@@ -401,6 +409,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {

 		for _, listen := range httpsConfig.Listen {
 			for _, addr := range listen.Addresses() {
+				// 收集Port
+				_, port, _ := net.SplitHostPort(addr)
+				var portInt = types.Int(port)
+				if portInt > 0 && !lists.ContainsInt(ports, portInt) {
+					ports = append(ports, portInt)
+				}
+
 				listener, err := net.Listen("tcp", addr)
 				if err != nil {
 					remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only")
@@ -440,6 +455,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 	if restHTTPConfig != nil && restHTTPConfig.IsOn && len(restHTTPConfig.Listen) > 0 {
 		for _, listen := range restHTTPConfig.Listen {
 			for _, addr := range listen.Addresses() {
+				// 收集Port
+				_, port, _ := net.SplitHostPort(addr)
+				var portInt = types.Int(port)
+				if portInt > 0 && !lists.ContainsInt(ports, portInt) {
+					ports = append(ports, portInt)
+				}
+
 				listener, err := net.Listen("tcp", addr)
 				if err != nil {
 					remotelogs.Error("API_NODE", "listening REST 'http://"+addr+"' failed: "+err.Error())
@@ -473,6 +495,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 		len(restHTTPSConfig.SSLPolicy.Certs) > 0 {
 		for _, listen := range restHTTPSConfig.Listen {
 			for _, addr := range listen.Addresses() {
+				// 收集Port
+				_, port, _ := net.SplitHostPort(addr)
+				var portInt = types.Int(port)
+				if portInt > 0 && !lists.ContainsInt(ports, portInt) {
+					ports = append(ports, portInt)
+				}
+
 				listener, err := net.Listen("tcp", addr)
 				if err != nil {
 					remotelogs.Error("API_NODE", "listening REST 'https://"+addr+"' failed: "+err.Error())
@@ -500,6 +529,11 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 		}
 	}

+	// add to local firewall
+	if len(ports) > 0 {
+		utils.AddPortsToFirewall(ports)
+	}
+
 	return
 }

--- a/internal/setup/sql.go
+++ b/internal/setup/sql.go
--- a/internal/utils/firewall.go
+++ b/internal/utils/firewall.go
@@ -0,0 +1,28 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package utils
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
+	"github.com/iwind/TeaGo/types"
+	"os/exec"
+	"runtime"
+)
+
+func AddPortsToFirewall(ports []int) {
+	for _, port := range ports {
+		// Linux
+		if runtime.GOOS == "linux" {
+			// firewalld
+			firewallCmd, _ := exec.LookPath("firewall-cmd")
+			if len(firewallCmd) > 0 {
+				err := exec.Command(firewallCmd, "--add-port="+types.String(port)+"/tcp").Run()
+				if err == nil {
+					remotelogs.Println("API_NODE", "add port '"+types.String(port)+"' to firewalld")
+
+					_ = exec.Command(firewallCmd, "--add-port="+types.String(port)+"/tcp", "--permanent").Run()
+				}
+			}
+		}
+	}
+}