TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-04 07:40:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

nftables:自动升级以前的drop规则为reject规则

Browse Source
This commit is contained in:
刘祥超
2023-04-01 17:09:53 +08:00
parent 9bd4975478
commit f675b88761
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/firewalls/firewall_nftables.go
View File

@@ -13,6 +13,7 @@ import (
"github.com/TeaOSLab/EdgeNode/internal/goman" "github.com/TeaOSLab/EdgeNode/internal/goman"
"github.com/TeaOSLab/EdgeNode/internal/remotelogs" "github.com/TeaOSLab/EdgeNode/internal/remotelogs"
executils "github.com/TeaOSLab/EdgeNode/internal/utils/exec" executils "github.com/TeaOSLab/EdgeNode/internal/utils/exec"
"github.com/google/nftables/expr"
"github.com/iwind/TeaGo/types" "github.com/iwind/TeaGo/types"
"net" "net"
"os/exec" "os/exec"
@@ -229,6 +230,16 @@ func (this *NFTablesFirewall) init() error {
// rule // rule
var ruleName = []byte(setAction) var ruleName = []byte(setAction)
rule, err := chain.GetRuleWithUserData(ruleName) rule, err := chain.GetRuleWithUserData(ruleName)
// 将以前的drop规则删掉替换成后面的reject
if err == nil && setAction != "allow" && rule != nil && rule.VerDict() == expr.VerdictDrop {
deleteErr := chain.DeleteRule(rule)
if deleteErr == nil {
err = nftables.ErrRuleNotFound
rule = nil
}
}
if err != nil { if err != nil {
if nftables.IsNotFound(err) { if nftables.IsNotFound(err) {
if tableDef.IsIPv4 { if tableDef.IsIPv4 {