List<PublicIp> publicIps = new ArrayList<PublicIp>(); if (!(rules.get(0).getPurpose() == FirewallRule.Purpose.Firewall && trafficType == FirewallRule.TrafficType.Egress)) {
((rule.getPurpose() == Purpose.Firewall || newRule.getPurpose() == Purpose.Firewall) && ((newRule.getPurpose() != rule.getPurpose()) || (!newRule.getProtocol() .equalsIgnoreCase(rule.getProtocol())))); boolean bothRulesFirewall = (rule.getPurpose() == newRule.getPurpose() && rule.getPurpose() == Purpose.Firewall); boolean duplicatedCidrs = false; if (bothRulesFirewall) { if (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() != Purpose.StaticNat) { throw new NetworkRuleConflictException("There is 1 to 1 Nat rule specified for the ip address id=" + newRule.getSourceIpAddressId()); } else if (rule.getPurpose() != Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat) { throw new NetworkRuleConflictException("There is already firewall rule specified for the ip address id=" + newRule.getSourceIpAddressId()); (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.PortForwarding && !newRule.getProtocol().equalsIgnoreCase( rule.getProtocol())) || (rule.getPurpose() == Purpose.Vpn && newRule.getPurpose() == Purpose.PortForwarding && !newRule.getProtocol().equalsIgnoreCase( rule.getProtocol())); boolean allowStaticNat = (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
return true; Purpose purpose = rules.get(0).getPurpose(); if (!_ipAddrMgr.applyRules(rules, purpose, this, continueOnError)) { s_logger.warn("Rules are not completely applied");
public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp) { this(rule.getId(), srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
public FirewallRuleTO(FirewallRule rule, String srcIp) { this(rule.getId(), null, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); }
public FirewallRuleTO(FirewallRule rule, String guestVlanTag, FirewallRule.TrafficType trafficType, String guestCidr, boolean defaultEgressPolicy, FirewallRule.FirewallRuleType type) { this(rule.getId(), guestVlanTag, null, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState() == State.Revoke, rule.getState() == State.Active, rule.getPurpose(), rule.getSourceCidrList(), rule.getIcmpType(), rule.getIcmpCode()); this.trafficType = trafficType; this.defaultEgressPolicy = defaultEgressPolicy; this.guestCidr = guestCidr; this.type = type; }
if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { _fwRulesDao.loadSourceCidrs((FirewallRuleVO)rule); if (rule.getPurpose() == Purpose.Firewall && rule.getTrafficType() == FirewallRule.TrafficType.Egress) { String guestVlanTag = BroadcastDomainType.getValue(network.getBroadcastUri()); String guestCidr = network.getCidr();
@Override public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException { _router = router; _purpose = _rules.get(0).getPurpose(); if (_purpose == Purpose.LoadBalancing) { LoadBalancerDao loadBalancerDao = visitor.getVirtualNetworkApplianceFactory().getLoadBalancerDao(); // for load balancer we have to resend all lb rules for the network final List<LoadBalancerVO> lbs = loadBalancerDao.listByNetworkIdAndScheme(_network.getId(), Scheme.Public); _loadbalancingRules = new ArrayList<LoadBalancingRule>(); LoadBalancingRulesManager lbMgr = visitor.getVirtualNetworkApplianceFactory().getLbMgr(); NetworkModel networkModel = visitor.getVirtualNetworkApplianceFactory().getNetworkModel(); for (final LoadBalancerVO lb : lbs) { final List<LbDestination> dstList = lbMgr.getExistingDestinations(lb.getId()); final List<LbStickinessPolicy> policyList = lbMgr.getStickinessPolicies(lb.getId()); final List<LbHealthCheckPolicy> hcPolicyList = lbMgr.getHealthCheckPolicies(lb.getId()); final LbSslCert sslCert = lbMgr.getLbSslCert(lb.getId()); final Ip sourceIp = networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress(); final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol()); _loadbalancingRules.add(loadBalancing); } } return visitor.visit(this); }
@SuppressWarnings("unchecked") @Override public boolean visit(final FirewallRules firewall) throws ResourceUnavailableException { final Network network = firewall.getNetwork(); final VirtualRouter router = firewall.getRouter(); final List<? extends FirewallRule> rules = firewall.getRules(); final List<LoadBalancingRule> loadbalancingRules = firewall.getLoadbalancingRules(); final Purpose purpose = firewall.getPurpose(); final Commands cmds = new Commands(Command.OnError.Continue); if (purpose == Purpose.LoadBalancing) { _commandSetupHelper.createApplyLoadBalancingRulesCommands(loadbalancingRules, router, cmds, network.getId()); return _networkGeneralHelper.sendCommandsToRouter(router, cmds); } else if (purpose == Purpose.PortForwarding) { _commandSetupHelper.createApplyPortForwardingRulesCommands((List<? extends PortForwardingRule>) rules, router, cmds, network.getId()); return _networkGeneralHelper.sendCommandsToRouter(router, cmds); } else if (purpose == Purpose.StaticNat) { _commandSetupHelper.createApplyStaticNatRulesCommands((List<StaticNatRule>) rules, router, cmds, network.getId()); return _networkGeneralHelper.sendCommandsToRouter(router, cmds); } else if (purpose == Purpose.Firewall) { _commandSetupHelper.createApplyFirewallRulesCommands(rules, router, cmds, network.getId()); return _networkGeneralHelper.sendCommandsToRouter(router, cmds); } s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose()); return false; }