v0.0.11

分支 (1)

标签 (24)

管理

管理

master

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

console-core-go
/
vpn
/
wg
/
iptables
/
service_cmd.go

package iptables

import (
	"fmt"
	"os/exec"
)

type IptablesCmdService struct{}

func NewCmdService() IIptablesService {
	return &IptablesCmdService{}
}

// 	# 增加iptables规则(如果需要从远程访问本地子网)
// iptables -A FORWARD -i wg0 -j ACCEPT
// iptables -A FORWARD -o wg0 -j ACCEPT
// iptables -A -t nat POSTROUTING -o eth0 -j MASQUERADE
// ip6tables -A FORWARD -i wg0 -j ACCEPT
// ip6tables -A FORWARD -o wg0 -j ACCEPT
// ip6tables -A -t nat POSTROUTING -o eth0 -j MASQUERADE

//   # 对应的删除命令
//   iptables -D FORWARD -i wg0 -j ACCEPT
//   iptables -D FORWARD -o wg0 -j ACCEPT
//   iptables -D -t nat POSTROUTING -o eth0 -j MASQUERADE
//   ip6tables -D FORWARD -i wg0 -j ACCEPT
//   ip6tables -D FORWARD -o wg0 -j ACCEPT
//   ip6tables -D -t nat POSTROUTING -o eth0 -j MASQUERADE

func fmt_cmd_add_IptablesErr(err error, output []byte) error {
	return fmt.Errorf("iptables.add err: %s; %s", err.Error(), output)
}
func fmt_cmd_del_IptablesErr(err error, output []byte) error {
	return fmt.Errorf("iptables.del err: %s; %s", err.Error(), output)
}

func (s *IptablesCmdService) Add(wgIface string, eth string) error {
	if output, err := exec.Command("iptables", "-A", "FORWARD", "-i", wgIface, "-j", "ACCEPT").CombinedOutput(); err != nil {
		return fmt_cmd_add_IptablesErr(err, output)
	}
	if output, err := exec.Command("iptables", "-A", "FORWARD", "-o", wgIface, "-j", "ACCEPT").CombinedOutput(); err != nil {
		return fmt_cmd_add_IptablesErr(err, output)
	}
	if output, err := exec.Command("iptables", "-A", "-t", "nat", "POSTROUTING", "-o", eth, "-j", "MASQUERADE").CombinedOutput(); err != nil {
		return fmt_cmd_add_IptablesErr(err, output)
	}

	return nil
}

func (s *IptablesCmdService) Del(wgIface string, eth string) error {
	if output, err := exec.Command("iptables", "-D", "FORWARD", "-i", wgIface, "-j", "ACCEPT").CombinedOutput(); err != nil {
		return fmt_cmd_del_IptablesErr(err, output)
	}
	if output, err := exec.Command("iptables", "-D", "FORWARD", "-o", wgIface, "-j", "ACCEPT").CombinedOutput(); err != nil {
		return fmt_cmd_del_IptablesErr(err, output)
	}
	if output, err := exec.Command("iptables", "-D", "-t", "nat", "POSTROUTING", "-o", eth, "-j", "MASQUERADE").CombinedOutput(); err != nil {
		return fmt_cmd_del_IptablesErr(err, output)
	}

	return nil
}