private void applySecurityGroupsAcls(Map<String, Configuration> cfgNodes) { for (Entry<String, Set<SecurityGroup>> entry : _configurationSecurityGroups.entrySet()) { Configuration cfgNode = cfgNodes.get(entry.getKey()); List<IpAccessListLine> inboundRules = new LinkedList<>(); List<IpAccessListLine> outboundRules = new LinkedList<>(); entry .getValue() .forEach( securityGroup -> securityGroup.addInOutAccessLines(inboundRules, outboundRules, this)); // create ACLs from inboundRules and outboundRules IpAccessList inAcl = IpAccessList.builder().setName(SG_INGRESS_ACL_NAME).setLines(inboundRules).build(); IpAccessList outAcl = IpAccessList.builder().setName(SG_EGRESS_ACL_NAME).setLines(outboundRules).build(); cfgNode.getIpAccessLists().put(SG_INGRESS_ACL_NAME, inAcl); cfgNode.getIpAccessLists().put(SG_EGRESS_ACL_NAME, outAcl); // applying the filters to all interfaces in the node cfgNode .getAllInterfaces() .values() .forEach( iface -> { iface.setIncomingFilter(inAcl); iface.setOutgoingFilter(outAcl); }); } }
if (oldOutgoingFilterName == null && allowsIntraZoneTraffic(zoneName)) { newIface.setOutgoingFilter(zoneOutgoingAcl); return; .build(); newIface.setOutgoingFilter(combinedOutgoingAcl);
for (Interface iface : _c.getDefaultVrf().getInterfaces().values()) { iface.setIncomingFilter(_c.getIpAccessLists().get(FILTER_INPUT)); iface.setOutgoingFilter(_c.getIpAccessLists().get(FILTER_OUTPUT));
outAcl = _c.getIpAccessLists().get(outAclName); newIface.setOutgoingFilter(outAcl);
.setLines(new LinkedList<>()) .build())); instanceIface.setOutgoingFilter( instanceCfgNode .getIpAccessLists()
iface.setOspfPassive(_ospfPassive); iface.setOspfPointToPoint(_ospfPointToPoint); iface.setOutgoingFilter(_outgoingFilter); iface.setOutgoingTransformation(_outgoingTransformation); iface.setOwner(_owner);
subnetToVpc.setOutgoingFilter(outAcl);
if (zone != null) { newIface.setZoneName(zone.getName()); newIface.setOutgoingFilter( IpAccessList.builder() .setOwner(_c) } else { newIface.setOutgoingFilter( IpAccessList.builder() .setOwner(_c)
newIface.setOutgoingFilter(ipAccessLists.get(outgoingFilterName));