2024-05-17 18:30:33 +08:00
|
|
|
// Copyright 2022 GoEdge goedge.cdn@gmail.com. All rights reserved.
|
2022-01-09 17:07:37 +08:00
|
|
|
|
|
|
|
|
package firewalls
|
|
|
|
|
|
|
|
|
|
import (
|
2024-03-07 19:32:02 +08:00
|
|
|
"os"
|
2022-04-12 21:43:19 +08:00
|
|
|
"runtime"
|
2022-05-18 21:03:51 +08:00
|
|
|
"sync"
|
2024-03-08 10:21:59 +08:00
|
|
|
"time"
|
2024-07-27 15:42:50 +08:00
|
|
|
|
|
|
|
|
teaconst "github.com/TeaOSLab/EdgeNode/internal/const"
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/events"
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
2022-01-09 17:07:37 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var currentFirewall FirewallInterface
|
2022-05-18 21:03:51 +08:00
|
|
|
var firewallLocker = &sync.Mutex{}
|
2022-01-09 17:07:37 +08:00
|
|
|
|
|
|
|
|
// 初始化
|
|
|
|
|
func init() {
|
2023-03-10 15:14:14 +08:00
|
|
|
if !teaconst.IsMain {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-09 17:07:37 +08:00
|
|
|
events.On(events.EventLoaded, func() {
|
|
|
|
|
var firewall = Firewall()
|
2022-04-12 21:43:19 +08:00
|
|
|
if firewall.Name() != "mock" {
|
2022-01-09 17:07:37 +08:00
|
|
|
remotelogs.Println("FIREWALL", "found local firewall '"+firewall.Name()+"'")
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Firewall 查找当前系统中最适合的防火墙
|
|
|
|
|
func Firewall() FirewallInterface {
|
2022-05-18 21:03:51 +08:00
|
|
|
firewallLocker.Lock()
|
|
|
|
|
defer firewallLocker.Unlock()
|
2022-01-09 17:07:37 +08:00
|
|
|
if currentFirewall != nil {
|
|
|
|
|
return currentFirewall
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-07 19:32:02 +08:00
|
|
|
// http firewall
|
|
|
|
|
{
|
|
|
|
|
endpoint, _ := os.LookupEnv("EDGE_HTTP_FIREWALL_ENDPOINT")
|
|
|
|
|
if len(endpoint) > 0 {
|
|
|
|
|
var httpFirewall = NewHTTPFirewall(endpoint)
|
2024-03-08 10:21:59 +08:00
|
|
|
for i := 0; i < 10; i++ {
|
|
|
|
|
if httpFirewall.IsReady() {
|
|
|
|
|
currentFirewall = httpFirewall
|
|
|
|
|
remotelogs.Println("FIREWALL", "using http firewall '"+endpoint+"'")
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
time.Sleep(1 * time.Second)
|
|
|
|
|
}
|
2024-03-07 19:32:02 +08:00
|
|
|
return httpFirewall
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-18 21:03:51 +08:00
|
|
|
// nftables
|
|
|
|
|
if runtime.GOOS == "linux" {
|
|
|
|
|
nftables, err := NewNFTablesFirewall()
|
|
|
|
|
if err != nil {
|
|
|
|
|
remotelogs.Warn("FIREWALL", "'nftables' should be installed on the system to enhance security (init failed: "+err.Error()+")")
|
|
|
|
|
} else {
|
|
|
|
|
if nftables.IsReady() {
|
|
|
|
|
currentFirewall = nftables
|
|
|
|
|
events.Notify(events.EventNFTablesReady)
|
|
|
|
|
return nftables
|
|
|
|
|
} else {
|
|
|
|
|
remotelogs.Warn("FIREWALL", "'nftables' should be enabled on the system to enhance security")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-09 17:07:37 +08:00
|
|
|
// firewalld
|
2022-04-12 21:43:19 +08:00
|
|
|
if runtime.GOOS == "linux" {
|
2022-01-09 17:07:37 +08:00
|
|
|
var firewalld = NewFirewalld()
|
|
|
|
|
if firewalld.IsReady() {
|
|
|
|
|
currentFirewall = firewalld
|
|
|
|
|
return currentFirewall
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 至少返回一个
|
|
|
|
|
currentFirewall = NewMockFirewall()
|
|
|
|
|
return currentFirewall
|
|
|
|
|
}
|
