private boolean revokeStaticNatRuleInternal(long ruleId, Account caller, long userId, boolean apply) { FirewallRuleVO rule = _firewallDao.findById(ruleId); _firewallMgr.revokeRule(rule, caller, userId, true); boolean success = false; if (apply) { success = applyStaticNatRulesForIp(rule.getSourceIpAddressId(), _ipAddrMgr.RulesContinueOnError.value(), caller, true); } else { success = true; } return success; }
ipsToReprogram.add(rule.getSourceIpAddressId());
public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) { id = rule.getId(); xid = rule.getXid(); uuid = rule.getUuid(); protocol = rule.getProtocol(); portStart = rule.getSourcePortStart().intValue(); portEnd = rule.getSourcePortEnd().intValue(); state = rule.getState(); accountId = rule.getAccountId(); domainId = rule.getDomainId(); networkId = rule.getNetworkId(); sourceIpAddressId = rule.getSourceIpAddressId(); destIpAddress = dstIp; forDisplay = rule.isDisplay(); }
final IpAddress ip = _ipAddressDao.findById(firewallStaticNatRule.getSourceIpAddressId()); final FirewallRuleVO ruleVO = _firewallDao.findById(firewallStaticNatRule.getId());
protected boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); } if (rule.getType() == FirewallRuleType.System && !_accountMgr.isRootAdmin(caller.getId())) { throw new InvalidParameterValueException("Only root admin can delete the system wide firewall rule"); } _accountMgr.checkAccess(caller, null, true, rule); revokeRule(rule, caller, userId, false); boolean success = false; Long networkId = rule.getNetworkId(); if (apply) { // ingress firewall rule if (rule.getSourceIpAddressId() != null) { //feteches ingress firewall, ingress firewall rules associated with the ip List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(rule.getSourceIpAddressId(), Purpose.Firewall); return applyFirewallRules(rules, false, caller); //egress firewall rule } else if (networkId != null) { List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress); return applyFirewallRules(rules, false, caller); } } else { success = true; } return success; }
throw (NetworkRuleConflictException)e; throw new CloudRuntimeException("Unable to add static nat rule for the ip id=" + newRule.getSourceIpAddressId(), e);
@Override public List<FirewallRuleVO> listStaticNatByVmId(long vmId) { if (VmSearch == null) { SearchBuilder<IPAddressVO> IpSearch = _ipDao.createSearchBuilder(); IpSearch.and("associatedWithVmId", IpSearch.entity().getAssociatedWithVmId(), SearchCriteria.Op.EQ); IpSearch.and("oneToOneNat", IpSearch.entity().isOneToOneNat(), SearchCriteria.Op.NNULL); VmSearch = createSearchBuilder(); VmSearch.and("purpose", VmSearch.entity().getPurpose(), Op.EQ); VmSearch.join("ipSearch", IpSearch, VmSearch.entity().getSourceIpAddressId(), IpSearch.entity().getId(), JoinBuilder.JoinType.INNER); VmSearch.done(); } SearchCriteria<FirewallRuleVO> sc = VmSearch.create(); sc.setParameters("purpose", Purpose.StaticNat); sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId); return listBy(sc); }
originalFirewallRule.getSourceIpAddressId(), originalFirewallRule.getSourcePortStart(), originalFirewallRule.getSourcePortEnd(),
sb.and("trafficType", sb.entity().getTrafficType(), Op.EQ); sb.and("networkId", sb.entity().getNetworkId(), Op.EQ); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); sb.and("display", sb.entity().isDisplay(), Op.EQ);
AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ); AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); NotRevokedSearch.and("ipId", NotRevokedSearch.entity().getSourceIpAddressId(), Op.EQ); NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ); NotRevokedSearch.and("purpose", NotRevokedSearch.entity().getPurpose(), Op.EQ); ReleaseSearch.and("ipId", ReleaseSearch.entity().getSourceIpAddressId(), Op.EQ); ReleaseSearch.and("purpose", ReleaseSearch.entity().getPurpose(), Op.EQ); ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN); SystemRuleSearch.and("ipId", SystemRuleSearch.entity().getSourceIpAddressId(), Op.NULL); SystemRuleSearch.done(); RulesByIpCount.and("ipAddressId", RulesByIpCount.entity().getSourceIpAddressId(), Op.EQ); RulesByIpCount.and("state", RulesByIpCount.entity().getState(), Op.EQ); RulesByIpCount.done();
_accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); sb.and("id", sb.entity().getId(), Op.EQ); SearchBuilder<IPAddressVO> ipSearch = _ipAddressDao.createSearchBuilder(); ipSearch.and("associatedWithVmId", ipSearch.entity().getAssociatedWithVmId(), Op.EQ); sb.join("ipSearch", ipSearch, sb.entity().getSourceIpAddressId(), ipSearch.entity().getId(), JoinBuilder.JoinType.INNER);