@Override public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) { final SetStaticNatRulesCommand command = (SetStaticNatRulesCommand) cmd; final LinkedList<StaticNatRule> rules = new LinkedList<>(); for (final StaticNatRuleTO rule : command.getRules()) { final StaticNatRule staticNatRule = new StaticNatRule(rule.revoked(), rule.getProtocol(), rule.getSrcIp(), rule.getStringSrcPortRange(), rule.getDstIp()); rules.add(staticNatRule); } final StaticNatRules staticNatRules = new StaticNatRules(rules); return generateConfigItems(staticNatRules); }
public boolean manageStcNatRule(ArrayList<IPaloAltoCommand> cmdList, PaloAltoPrimative prim, StaticNatRuleTO rule) throws ExecutionException { String publicIp = rule.getSrcIp(); String stcNatName = genStcNatRuleName(publicIp, rule.getId()); if (rule.getSrcVlanTag() == null) { publicInterfaceName = genPublicInterfaceName(new Long("9999")); } else { publicVlanTag = parsePublicVlanTag(rule.getSrcVlanTag()); if (publicVlanTag.equals("untagged")) { publicInterfaceName = genPublicInterfaceName(new Long("9999")); xml += "<nat-type>ipv4</nat-type>"; xml += "<to-interface>" + publicInterfaceName + "</to-interface>"; xml += "<destination-translation><translated-address>" + rule.getDstIp() + "</translated-address></destination-translation>";
final NatRule[] rulepair = niciraNvpResource.generateStaticNatRulePair(rule.getDstIp(), rule.getSrcIp()); if (rule.revoked()) { s_logger.debug("Deleting incoming rule " + incoming.getUuid()); niciraNvpApi.deleteLogicalRouterNatRule(command.getLogicalRouterUuid(), incoming.getUuid()); if (rule.revoked()) { s_logger.warn("Tried deleting a rule that does not exist, " + rule.getSrcIp() + " -> " + rule.getDstIp()); break;
for (StaticNat rule : rules) { IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId()); StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false); rulesTO.add(ruleTO); StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false); rulesTO.add(ruleTO);
private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) { StaticNatRuleTO[] rules = cmd.getRules(); try { ArrayList<IPaloAltoCommand> commandList = new ArrayList<IPaloAltoCommand>(); for (StaticNatRuleTO rule : rules) { if (!rule.revoked()) { manageStcNatRule(commandList, PaloAltoPrimative.ADD, rule); } else { manageStcNatRule(commandList, PaloAltoPrimative.DELETE, rule); } } boolean status = requestWithCommit(commandList); return new Answer(cmd); } catch (ExecutionException e) { s_logger.error(e); if (numRetries > 0 && refreshPaloAltoConnection()) { int numRetriesRemaining = numRetries - 1; s_logger.debug("Retrying SetStaticNatRulesCommand. Number of retries remaining: " + numRetriesRemaining); return execute(cmd, numRetriesRemaining); } else { return new Answer(cmd, e); } } }
final String srcIp = rule.getSrcIp(); final String dstIP = rule.getDstIp(); final String iNatRuleName = generateInatRuleName(srcIp, dstIP); final String rNatRuleName = generateRnatRuleName(srcIp, dstIP); rnat rnatRule = null; if (!rule.revoked()) { try { iNatRule = inat.get(_netscalerService, iNatRuleName); results[i++] = "Static nat rule from " + srcIp + " to " + dstIP + " successfully " + (rule.revoked() ? " revoked." : " created.");
new StaticNatRuleTO(1, sourceIp.getAddress().addr(), MIN_PORT, MAX_PORT, rule.getDestIpAddress(), MIN_PORT, MAX_PORT, "any", rule.isForRevoke(), false); staticNatRules.add(ruleTO);
for (final StaticNatRuleTO rule : cmd.getRules()) { args = rule.revoked() ? " -D " : " -A "; args += " -l " + rule.getSrcIp(); args += " -r " + rule.getDstIp(); if (rule.getProtocol() != null) { args += " -P " + rule.getProtocol().toLowerCase(); args += " -d " + rule.getStringSrcPortRange(); args += " -G ";
public boolean applyStaticNatRules(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException { long zoneId = network.getDataCenterId(); DataCenterVO zone = _dcDao.findById(zoneId); ExternalFirewallDeviceVO fwDeviceVO = getExternalFirewallForNetwork(network); HostVO externalFirewall = _hostDao.findById(fwDeviceVO.getHostId()); assert (externalFirewall != null); if (network.getState() == Network.State.Allocated) { s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } List<StaticNatRuleTO> staticNatRules = new ArrayList<StaticNatRuleTO>(); for (StaticNat rule : rules) { IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); Vlan vlan = _vlanDao.findById(sourceIp.getVlanId()); StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, vlan.getVlanTag(), sourceIp.getAddress().addr(), -1, -1, rule.getDestIpAddress(), -1, -1, "any", rule.isForRevoke(), false); staticNatRules.add(ruleTO); } sendStaticNatRules(staticNatRules, zone, externalFirewall.getId()); return true; }
public void createApplyStaticNatRulesCommands(final List<? extends StaticNatRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) { final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>(); if (rules != null) { for (final StaticNatRule rule : rules) { final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); final StaticNatRuleTO ruleTO = new StaticNatRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getDestIpAddress()); rulesTO.add(ruleTO); } } final SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, router.getVpcId()); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); cmds.addCommand(cmd); }
public void createApplyStaticNatCommands(final List<? extends StaticNat> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) { final List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>(); if (rules != null) { for (final StaticNat rule : rules) { final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId()); final StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false); rulesTO.add(ruleTO); } } final SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, router.getVpcId()); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName()); final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId()); cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); cmds.addCommand(cmd); }