public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, boolean revokeState, boolean alreadyAdded) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose, rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall) && ((newRule.getPurpose() != rule.getPurpose()) || (!newRule.getProtocol() .equalsIgnoreCase(rule.getProtocol())))); if (newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO) && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())) { if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() && newRule.getIcmpType().longValue() == rule.getIcmpType().longValue() && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) { throw new InvalidParameterValueException("New rule conflicts with existing rule id=" + rule.getId()); if(nullPorts && duplicatedCidrs && (rule.getProtocol().equalsIgnoreCase(newRule.getProtocol())) && !newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO)) { throw new NetworkRuleConflictException("There is already a firewall rule specified with protocol = " +newRule.getProtocol()+ " and no ports"); (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.PortForwarding && !newRule.getProtocol().equalsIgnoreCase( rule.getProtocol())) || (rule.getPurpose() == Purpose.Vpn && newRule.getPurpose() == Purpose.PortForwarding && !newRule.getProtocol().equalsIgnoreCase( rule.getProtocol())); boolean allowStaticNat = (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, purpose, rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, FirewallRule.TrafficType trafficType) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, purpose, rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); this.trafficType = trafficType; }
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
public FirewallRuleTO(FirewallRule rule, String srcIp) { this(rule.getId(), null, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
public FirewallRuleTO(FirewallRule rule, String guestVlanTag, FirewallRule.TrafficType trafficType, String guestCidr, boolean defaultEgressPolicy, FirewallRule.FirewallRuleType type) { this(rule.getId(), guestVlanTag, null, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); this.trafficType = trafficType; this.defaultEgressPolicy = defaultEgressPolicy; this.guestCidr = guestCidr; this.type = type; }
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, FirewallRule.TrafficType trafficType, boolean defaultEgressPolicy) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, purpose, rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); this.destCidrList = rule.getDestinationCidrList(); this.trafficType = trafficType; this.defaultEgressPolicy = defaultEgressPolicy; }
@Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true) public FirewallRule createIngressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = CallContext.current().getCallingAccount(); Long sourceIpAddressId = rule.getSourceIpAddressId(); return createFirewallRule(sourceIpAddressId, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(), null, rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); } //Destination CIDR capability is currently implemented for egress rules only. For others, the field is passed as null.
@Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_EGRESS_OPEN, eventDescription = "creating egress firewall rule for network", create = true) public FirewallRule createEgressFirewallRule(FirewallRule rule) throws NetworkRuleConflictException { Account caller = CallContext.current().getCallingAccount(); Network network = _networkDao.findById(rule.getNetworkId()); if (network.getGuestType() == Network.GuestType.Shared) { throw new InvalidParameterValueException("Egress firewall rules are not supported for " + network.getGuestType() + " networks"); } List<String> sourceCidrs = rule.getSourceCidrList(); if (sourceCidrs != null && !sourceCidrs.isEmpty()) Collections.replaceAll(sourceCidrs, "0.0.0.0/0", network.getCidr()); return createFirewallRule(null, caller, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), sourceCidrs, rule.getDestinationCidrList(), rule.getIcmpCode(), rule.getIcmpType(), null, rule.getType(), rule.getNetworkId(), rule.getTrafficType(), rule.isDisplay()); }
public VspAclRule buildVspAclRule(FirewallRule firewallRule, Network network, IPAddressVO staticNat) { VspAclRule.Builder vspAclRuleBuilder = new VspAclRule.Builder() .uuid(firewallRule.getUuid()) .protocol(firewallRule.getProtocol()) .startPort(firewallRule.getSourcePortStart()) .endPort(firewallRule.getSourcePortEnd()) .sourceCidrList(firewallRule.getSourceCidrList()) .priority(-1) .type(VspAclRule.ACLType.Firewall) .state(getEnumValue(firewallRule.getState(), VspAclRule.ACLState.class)) .trafficType(getEnumValue(firewallRule.getTrafficType(), VspAclRule.ACLTrafficType.class)); NetworkOfferingVO networkOffering = _networkOfferingDao.findById(network.getNetworkOfferingId()); if (firewallRule.getTrafficType() == FirewallRule.TrafficType.Egress && networkOffering.isEgressDefaultPolicy()) { vspAclRuleBuilder.deny(); } else { vspAclRuleBuilder.allow(); } if (staticNat == null && firewallRule.getSourceIpAddressId() != null) { IPAddressVO staticNatIp = _ipAddressDao.findById(firewallRule.getSourceIpAddressId()); if (staticNatIp != null) { VlanVO staticNatVlan = _vlanDao.findById(staticNatIp.getVlanId()); NicVO nic = _nicDao.findByIp4AddressAndNetworkId(staticNatIp.getVmIp(), staticNatIp.getAssociatedWithNetworkId()); vspAclRuleBuilder.staticNat(buildVspStaticNat(null, staticNatIp, staticNatVlan, nic)); } } return vspAclRuleBuilder.build(); }
response.setProtocol(fwRule.getProtocol()); if (fwRule.getSourcePortStart() != null) { response.setStartPort(fwRule.getSourcePortStart());