自动将同集群节点IP加入白名单/尝试使用本地防火墙提升黑名单连接封锁效率

internal/iplibrary/list_utils.go

@@ -3,6 +3,7 @@
 package iplibrary
 
 import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
 )
 
@@ -14,6 +15,12 @@ func AllowIP(ip string, serverId int64) (canGoNext bool, inAllowList bool) {
 		return false, false
 	}
 
+	// check node
+	nodeConfig, err := nodeconfigs.SharedNodeConfig()
+	if err == nil && nodeConfig.IPIsAutoAllowed(ip) {
+		return true, true
+	}
+
 	// check white lists
 	if GlobalWhiteIPList.Contains(ipLong) {
 		return true, true

internal/nodes/client_listener.go

@@ -4,6 +4,7 @@ package nodes
 
 import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeNode/internal/firewalls"
 	"github.com/TeaOSLab/EdgeNode/internal/iplibrary"
 	"github.com/TeaOSLab/EdgeNode/internal/waf"
 	"net"
@@ -51,6 +52,13 @@ func (this *ClientListener) Accept() (net.Conn, error) {
 			}
 
 			_ = conn.Close()
+
+			// 使用本地防火墙延长封禁
+			var fw = firewalls.Firewall()
+			if fw != nil && !fw.IsMock() {
+				_ = fw.DropSourceIP(ip, 60)
+			}
+
 			return this.Accept()
 		}
 	}

internal/nodes/node.go

@@ -116,6 +116,7 @@ func (this *Node) Start() {
 	this.checkDisk()
 
 	// 读取API配置
+	remotelogs.Println("NODE", "init config ...")
 	err = this.syncConfig(0)
 	if err != nil {
 		_, err := nodeconfigs.SharedNodeConfig()
@@ -429,7 +430,7 @@ func (this *Node) syncConfig(taskVersion int64) error {
 			clusterErr := this.checkClusterConfig()
 			if clusterErr != nil {
 				if os.IsNotExist(clusterErr) {
-					return err
+					return errors.New("can not find config file 'configs/api.yaml'")
 				}
 				return errors.New("check cluster config failed: " + clusterErr.Error())
 			}

internal/waf/ip_list.go

@@ -130,8 +130,8 @@ func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope,
 	}
 
 	this.locker.RLock()
-	defer this.locker.RUnlock()
 	_, ok := this.ipMap[ip]
+	this.locker.RUnlock()
 	return ok
 }