1Panel-dev · ssongliu · Nov 25, 2025 · Nov 25, 2025
diff --git a/agent/init/firewall/firwall.go → agent/init/firewall/firewall.go b/agent/init/firewall/firwall.go → agent/init/firewall/firewall.go
@@ -7,10 +7,11 @@
 	"github.com/1Panel-dev/1Panel/agent/app/service"
 	"github.com/1Panel-dev/1Panel/agent/global"
 	"github.com/1Panel-dev/1Panel/agent/utils/firewall"
+	firewallClient "github.com/1Panel-dev/1Panel/agent/utils/firewall/client"
 	"github.com/1Panel-dev/1Panel/agent/utils/firewall/client/iptables"
 )
 
 func Init() {
 	client, err := firewall.NewFirewallClient()
 	if err != nil {
 		return
@@ -29,6 +30,10 @@
 			global.LOG.Errorf("load postrouting rules from file failed, err: %v", err)
 			return
 		}
+		if err := firewallClient.EnableIptablesForward(); err != nil {
+			global.LOG.Errorf("enable iptables forward failed, err: %v", err)
+			return
+		}
 		global.LOG.Infof("loaded iptables rules for forward from file successfully")
 	}
 	if clientName == "ufw" {

diff --git a/agent/utils/firewall/client/iptables/common.go b/agent/utils/firewall/client/iptables/common.go
@@ -45,7 +45,7 @@ const (
 
 func RunWithStd(tab, rule string) (string, error) {
 	cmdMgr := cmd.NewCommandMgr(cmd.WithIgnoreExist1(), cmd.WithTimeout(20*time.Second))
-	stdout, err := cmdMgr.RunWithStdoutBashCf("%s iptables -t %s %s", cmd.SudoHandleCmd(), tab, rule)
+	stdout, err := cmdMgr.RunWithStdoutBashCf("%s iptables -w -t %s %s", cmd.SudoHandleCmd(), tab, rule)
 	if err != nil {
 		global.LOG.Errorf("iptables command failed [table=%s, rule=%s]: %v", tab, rule, err)
 		return stdout, err

diff --git a/agent/utils/firewall/client/iptables/persistence.go b/agent/utils/firewall/client/iptables/persistence.go
@@ -60,15 +60,14 @@ func SaveRulesToFile(tab, chain, fileName string) error {
 }
 
 func LoadRulesFromFile(tab, chain, fileName string) error {
-	rulesFile := path.Join(global.Dir.FirewallDir, fileName)
-	if _, err := os.Stat(rulesFile); os.IsNotExist(err) {
-		return nil
-	}
-
 	if err := AddChain(tab, chain); err != nil {
 		global.LOG.Errorf("create chain %s failed: %v", chain, err)
 		return err
 	}
+	rulesFile := path.Join(global.Dir.FirewallDir, fileName)
+	if _, err := os.Stat(rulesFile); os.IsNotExist(err) {
+		return nil
+	}
 	data, err := os.ReadFile(rulesFile)
 	if err != nil {
 		global.LOG.Errorf("read rules from file %s failed, err: %v", rulesFile, err)

diff --git a/frontend/src/views/host/firewall/advance/index.vue b/frontend/src/views/host/firewall/advance/index.vue
@@ -17,7 +17,7 @@
                     <template #main>
                         <div class="app-warn">
                             <div class="flex flex-col gap-2 items-center justify-center w-full sm:flex-row">
-                                <span>{{ $t('firewall.advancedControlNotAvailable', [firewallName]) }}</span>
+                                <span>{{ $t('firewall.advancedControlNotAvailable', [fireName]) }}</span>
                             </div>
                             <div>
                                 <img src="@/assets/images/no_app.svg" />
@@ -160,7 +160,6 @@ const loading = ref();
 const selects = ref<any>([]);
 const selectedChain = ref('1PANEL_INPUT');
 const defaultStrategy = ref('ACCEPT');
-const firewallName = ref('');
 
 const maskShow = ref(true);
 const isActive = ref(false);