From 258ffef0c285bf3c94bf305f76685fb1dc149604 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Mon, 3 Jan 2022 16:27:34 +0800
Subject: [PATCH] =?UTF-8?q?=E5=B0=9D=E8=AF=95=E8=87=AA=E5=8A=A8=E5=9C=A8fi?=
 =?UTF-8?q?rewalld=E4=B8=AD=E5=BC=80=E6=94=BE=E7=AB=AF=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/listener_manager.go | 55 ++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/internal/nodes/listener_manager.go b/internal/nodes/listener_manager.go
index 40d76aa..7abb785 100644
--- a/internal/nodes/listener_manager.go
+++ b/internal/nodes/listener_manager.go
@@ -143,6 +143,9 @@ func (this *ListenerManager) Start(node *nodeconfigs.NodeConfig) error {
 		}
 	}
 
+	// 加入到firewalld
+	this.addToFirewalld(groupAddrs)
+
 	return nil
 }
 
@@ -214,3 +217,55 @@ func (this *ListenerManager) findProcessNameWithPort(isUdp bool, port string) st
 	}
 	return ""
 }
+
+func (this *ListenerManager) addToFirewalld(groupAddrs []string) {
+	if !sharedNodeConfig.AutoOpenPorts {
+		return
+	}
+
+	remotelogs.Println("FIREWALLD", "open ports automatically")
+
+	var ports = []string{}
+	for _, addr := range groupAddrs {
+		var protocol = "tcp"
+		if strings.HasPrefix(addr, "udp") {
+			protocol = "udp"
+		}
+
+		var lastIndex = strings.LastIndex(addr, ":")
+		if lastIndex > 0 {
+			var portString = addr[lastIndex+1:]
+			ports = append(ports, portString+"/"+protocol)
+		}
+	}
+	if len(ports) == 0 {
+		return
+	}
+
+	firewallCmd, err := exec.LookPath("firewall-cmd")
+	if err != nil || len(firewallCmd) == 0 {
+		return
+	}
+
+	for _, port := range ports {
+		{
+			// TODO 需要支持sudo
+			var cmd = exec.Command(firewallCmd, "--add-port="+port, "--permanent")
+			err = cmd.Run()
+			if err != nil {
+				remotelogs.Warn("FIREWALLD", "'"+cmd.String()+"': "+err.Error())
+				return
+			}
+		}
+
+		{
+			// TODO 需要支持sudo
+			var cmd = exec.Command(firewallCmd, "--add-port="+port)
+			err = cmd.Run()
+			if err != nil {
+				remotelogs.Warn("FIREWALLD", "'"+cmd.String()+"': "+err.Error())
+				return
+			}
+		}
+	}
+}