public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, boolean success, String[] results) { super(cmd, success, null); assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?"; this.results = results; }
protected SetFirewallRulesAnswer execute(final SetFirewallRulesCommand cmd) { final String controlIp = getRouterSshControlIp(cmd); final String[] results = new String[cmd.getRules().length]; final FirewallRuleTO[] allrules = cmd.getRules(); final FirewallRule.TrafficType trafficType = allrules[0].getTrafficType(); final String egressDefault = cmd.getAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT); final String[][] rules = cmd.generateFwRules(); String args = ""; args += " -F ";
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); if (systemRule != null) { cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule); } else { cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
protected void sendFirewallRules(List<FirewallRuleTO> firewallRules, DataCenter zone, long externalFirewallId) throws ResourceUnavailableException { if (!firewallRules.isEmpty()) { SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(firewallRules); Answer answer = _agentMgr.easySend(externalFirewallId, cmd); if (answer == null || !answer.getResult()) { String details = (answer != null) ? answer.getDetails() : "details unavailable"; String msg = "External firewall was unable to apply static nat rules to the SRX appliance in zone " + zone.getName() + " due to: " + details + "."; s_logger.error(msg); throw new ResourceUnavailableException(msg, DataCenter.class, zone.getId()); } } }
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); if (systemRule != null) { cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule); } else { cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
private Answer execute(SetFirewallRulesCommand cmd, int numRetries) { FirewallRuleTO[] rules = cmd.getRules(); try { ArrayList<IPaloAltoCommand> commandList = new ArrayList<IPaloAltoCommand>(); for (FirewallRuleTO rule : rules) { if (!rule.revoked()) { manageFirewallRule(commandList, PaloAltoPrimative.ADD, rule); } else { manageFirewallRule(commandList, PaloAltoPrimative.DELETE, rule); } } boolean status = requestWithCommit(commandList); return new Answer(cmd); } catch (ExecutionException e) { s_logger.error(e); if (numRetries > 0 && refreshPaloAltoConnection()) { int numRetriesRemaining = numRetries - 1; s_logger.debug("Retrying SetFirewallRulesCommand. Number of retries remaining: " + numRetriesRemaining); return execute(cmd, numRetriesRemaining); } else { return new Answer(cmd, e); } } }
@Override public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) { final SetFirewallRulesCommand command = (SetFirewallRulesCommand) cmd; final List<FirewallRule> rules = new ArrayList<FirewallRule>(); for (final FirewallRuleTO rule : command.getRules()) { final FirewallRule fwRule = new FirewallRule(rule.getId(), rule.getSrcVlanTag(), rule.getSrcIp(), rule.getProtocol(), rule.getSrcPortRange(), rule.revoked(), rule.isAlreadyAdded(), rule.getSourceCidrList(), rule.getDestCidrList(), rule.getPurpose().toString(), rule.getIcmpType(), rule.getIcmpCode(), rule.getTrafficType().toString(), rule.getGuestCidr(), rule.isDefaultEgressPolicy()); rules.add(fwRule); } final FirewallRules ruleSet = new FirewallRules(rules.toArray(new FirewallRule[rules.size()])); return generateConfigItems(ruleSet); }