leftyer/SamWaf
1
0
Fork 0
mirror of https://gitee.com/samwaf/SamWaf.git synced 2025-12-06 14:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #575 from samwafgo/fix_firewall_linux

Browse Source 
fix:linux firewall unaffected
This commit is contained in:
samwafgo
2025-12-02 14:12:58 +08:00
committed by GitHub
parent ffde85c29f 927199b171
commit e81737bcbf
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build_docker_release_linux.bat
View File

@@ -1 +1 @@
docker run --rm -v "$PWD":/media/sf_SamWaf -w /media/sf_SamWaf -e CGO_ENABLED=1 -e GOPROXY=https://goproxy.cn,direct golang:1.22.9 go build -v -ldflags="-X SamWaf/global.GWAF_RELEASE=true -X SamWaf/global.GWAF_RELEASE_VERSION_NAME=20251103 -X SamWaf/global.GWAF_RELEASE_VERSION=v1.3.17 -s -w -extldflags "-static"" -o /media/sf_SamWaf/release/SamWafLinux64 main.go && upx -9 /media/sf_SamWaf/release/SamWafLinux64
docker run --rm -v C:/huawei/goproject/SamWaf:/src -w /src -e CGO_ENABLED=1 -e GOOS=linux -e GOARCH=amd64 -e GOPROXY=https://goproxy.cn,direct golang:1.24.7 sh -c "go build -v -ldflags='-X SamWaf/global.GWAF_RELEASE=true -X SamWaf/global.GWAF_RELEASE_VERSION_NAME=20251103 -X SamWaf/global.GWAF_RELEASE_VERSION=v1.3.17 -s -w -extldflags \"-static\"' -o /src/release/SamWafLinux64 main.go"

12
firewall/firewall.go
View File

@@ -77,11 +77,12 @@ func (fw *FireWallEngine) executeCommand(cmd *exec.Cmd) (error error, printstr s
}
func (fw *FireWallEngine) AddRule(ruleName, ipToAdd, action, proc, localport string) error {
// iptables -A INPUT -s <ip> -j DROP
// iptables -I INPUT 1 -s <ip> -j DROP
// 使用 -I 插入到链的开头,确保规则优先执行
fmt.Printf("[DEBUG] 添加防火墙规则: ip=%s\n", ipToAdd)
cmd := exec.Command("iptables", "-A", "INPUT", "-s", ipToAdd, "-j", "DROP")
fmt.Printf("[DEBUG] 执行命令: iptables -A INPUT -s %s -j DROP\n", ipToAdd)
cmd := exec.Command("iptables", "-I", "INPUT", "1", "-s", ipToAdd, "-j", "DROP")
fmt.Printf("[DEBUG] 执行命令: iptables -I INPUT 1 -s %s -j DROP\n", ipToAdd)
err, output := fw.executeCommand(cmd)
if err != nil {
@@ -180,8 +181,9 @@ func (fw *FireWallEngine) BlockIP(ip string, reason string) error {
return fmt.Errorf("IP %s already blocked", ip)
}
// 添加iptables规则: iptables -A INPUT -s <ip> -j DROP
cmd := exec.Command("iptables", "-A", "INPUT", "-s", ip, "-j", "DROP")
// 添加iptables规则: iptables -I INPUT 1 -s <ip> -j DROP
// 使用 -I 插入到链的开头,确保规则在 ESTABLISHED 连接规则之前执行
cmd := exec.Command("iptables", "-I", "INPUT", "1", "-s", ip, "-j", "DROP")
err, output := fw.executeCommand(cmd)
if err != nil {
fmt.Printf("[ERROR] 封禁IP失败: %s, error: %v, output: %s\n", ip, err, output)