public Set<FirewallRule> apply(PublicIPAddress ip, String protocol, Iterable<Integer> ports) { checkState(ip.getVirtualMachineId() != null, "ip %s should be static NATed to a virtual machine before applying rules", ip); if (Iterables.size(ports) == 0) return ImmutableSet.<FirewallRule> of(); Builder<AsyncCreateResponse> responses = ImmutableSet.builder(); for (int port : ports) { AsyncCreateResponse response = client.getFirewallClient().createFirewallRuleForIpAndProtocol(ip.getId(), FirewallRule.Protocol.fromValue(protocol), CreateFirewallRuleOptions.Builder.startPort(port).endPort(port)); logger.debug(">> creating firewall rule IPAddress(%s) for protocol(%s), port(%s); response(%s)", ip.getId(), protocol, port, response); responses.add(response); } Builder<FirewallRule> rules = ImmutableSet.builder(); for (AsyncCreateResponse response : responses.build()) { FirewallRule rule = blockUntilJobCompletesAndReturnResult.<FirewallRule> apply(response); rules.add(rule); getFirewallRulesByVirtualMachine.asMap().put(ip.getVirtualMachineId(), ImmutableSet.of(rule)); } return rules.build(); } }
startPort(publicPort).endPort(publicPort).CIDRs(ImmutableSet.of(cidr.toString())); AsyncCreateResponse job = client.getCloudstackGlobalClient().getFirewallApi().createFirewallRuleForIpAndProtocol( publicIpId, FirewallRule.Protocol.TCP, options);
protected boolean systemOpenFirewall(String publicIpId, Cidr cidr, int lowerBoundPort, int upperBoundPort, FirewallRule.Protocol protocol) { try { boolean success = true; CreateFirewallRuleOptions options = CreateFirewallRuleOptions.Builder. startPort(lowerBoundPort).endPort(upperBoundPort).CIDRs(ImmutableSet.of(cidr.toString())); AsyncCreateResponse job = cloudstackClient.getCloudstackGlobalClient().getFirewallApi().createFirewallRuleForIpAndProtocol( publicIpId, protocol, options); success &= cloudstackClient.waitForJobsSuccess(Arrays.asList(job.getJobId())); if (!success) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } } catch (Exception e) { log.error("Failed creating firewall rule on "+this+" to "+publicIpId+":"+lowerBoundPort+"-"+upperBoundPort); // it might already be created, so don't crash and burn too hard! return false; } return true; }
public Set<FirewallRule> apply(PublicIPAddress ip, String protocol, Iterable<Integer> ports) { checkState(ip.getVirtualMachineId() != null, "ip %s should be static NATed to a virtual machine before applying rules", ip); if (Iterables.size(ports) == 0) return ImmutableSet.<FirewallRule> of(); Builder<AsyncCreateResponse> responses = ImmutableSet.builder(); for (int port : ports) { AsyncCreateResponse response = client.getFirewallClient().createFirewallRuleForIpAndProtocol(ip.getId(), FirewallRule.Protocol.fromValue(protocol), CreateFirewallRuleOptions.Builder.startPort(port).endPort(port)); logger.debug(">> creating firewall rule IPAddress(%s) for protocol(%s), port(%s); response(%s)", ip.getId(), protocol, port, response); responses.add(response); } Builder<FirewallRule> rules = ImmutableSet.builder(); for (AsyncCreateResponse response : responses.build()) { FirewallRule rule = blockUntilJobCompletesAndReturnResult.<FirewallRule> apply(response); rules.add(rule); getFirewallRulesByVirtualMachine.asMap().put(ip.getVirtualMachineId(), ImmutableSet.of(rule)); } return rules.build(); } }
public Set<FirewallRule> apply(PublicIPAddress ip, String protocol, Iterable<Integer> ports) { checkState(ip.getVirtualMachineId() != null, "ip %s should be static NATed to a virtual machine before applying rules", ip); if (Iterables.isEmpty(ports)) return ImmutableSet.<FirewallRule> of(); Builder<AsyncCreateResponse> responses = ImmutableSet.builder(); for (int port : ports) { AsyncCreateResponse response = client.getFirewallApi().createFirewallRuleForIpAndProtocol(ip.getId(), FirewallRule.Protocol.fromValue(protocol), CreateFirewallRuleOptions.Builder.startPort(port).endPort(port)); logger.debug(">> creating firewall rule IPAddress(%s) for protocol(%s), port(%s); response(%s)", ip.getId(), protocol, port, response); responses.add(response); } Builder<FirewallRule> rules = ImmutableSet.builder(); for (AsyncCreateResponse response : responses.build()) { FirewallRule rule = blockUntilJobCompletesAndReturnResult.<FirewallRule> apply(response); rules.add(rule); getFirewallRulesByVirtualMachine.asMap().put(ip.getVirtualMachineId(), ImmutableSet.of(rule)); } return rules.build(); } }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateEgressFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallApi().createEgressFirewallRuleForNetworkAndProtocol( network.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); egressFirewallRule = client.getFirewallApi().getEgressFirewallRule(job.getId()); assertEquals(egressFirewallRule.getStartPort(), 30); assertEquals(egressFirewallRule.getEndPort(), 35); assertEquals(egressFirewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkEgressFirewallRule(egressFirewallRule); }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallApi().createFirewallRuleForIpAndProtocol( ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); firewallRule = client.getFirewallApi().getFirewallRule(job.getId()); assertEquals(firewallRule.getStartPort(), 30); assertEquals(firewallRule.getEndPort(), 35); assertEquals(firewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkFirewallRule(firewallRule); }
@Test(dependsOnMethods = "testCreatePortForwardingRule") public void testCreateFirewallRule() { if (networksDisabled) return; AsyncCreateResponse job = client.getFirewallClient().createFirewallRuleForIpAndProtocol( ip.getId(), FirewallRule.Protocol.TCP, CreateFirewallRuleOptions.Builder.startPort(30).endPort(35)); assertTrue(jobComplete.apply(job.getJobId())); firewallRule = client.getFirewallClient().getFirewallRule(job.getId()); assertEquals(firewallRule.getStartPort(), 30); assertEquals(firewallRule.getEndPort(), 35); assertEquals(firewallRule.getProtocol(), FirewallRule.Protocol.TCP); checkFirewallRule(firewallRule); }