public boolean manageFirewallRule(ArrayList<IPaloAltoCommand> cmdList, PaloAltoPrimative prim, FirewallRuleTO rule) throws ExecutionException { String ruleName; if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) { ruleName = genFirewallRuleName(rule.getId(), rule.getSrcVlanTag()); } else { ruleName = genFirewallRuleName(rule.getId()); if (ruleSrcCidrList.get(i).trim().equals("0.0.0.0/0")) { // allow any if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) { srcCidrXML += "<member>" + getPrivateSubnet(rule.getSrcVlanTag()) + "</member>"; } else { srcCidrXML += "<member>any</member>"; srcCidrXML = "<member>" + getPrivateSubnet(rule.getSrcVlanTag()) + "</member>"; } else { srcCidrXML = "<member>any</member>"; e_params.put("type", "config"); e_params.put("action", "get"); e_params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_0_" + rule.getSrcVlanTag() + "']"); String e_response = request(PaloAltoMethod.GET, e_params); has_default = (validResponse(e_response) && responseNotEmpty(e_response)); dd_params.put("type", "config"); dd_params.put("action", "delete"); dd_params.put("xpath", "/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_0_" + rule.getSrcVlanTag() + "']"); cmdList.add(new DefaultPaloAltoCommand(PaloAltoMethod.POST, dd_params)); da_params.put("type", "config");
@Override public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) { final SetFirewallRulesCommand command = (SetFirewallRulesCommand) cmd; final List<FirewallRule> rules = new ArrayList<FirewallRule>(); for (final FirewallRuleTO rule : command.getRules()) { final FirewallRule fwRule = new FirewallRule(rule.getId(), rule.getSrcVlanTag(), rule.getSrcIp(), rule.getProtocol(), rule.getSrcPortRange(), rule.revoked(), rule.isAlreadyAdded(), rule.getSourceCidrList(), rule.getDestCidrList(), rule.getPurpose().toString(), rule.getIcmpType(), rule.getIcmpCode(), rule.getTrafficType().toString(), rule.getGuestCidr(), rule.isDefaultEgressPolicy()); rules.add(fwRule); } final FirewallRules ruleSet = new FirewallRules(rules.toArray(new FirewallRule[rules.size()])); return generateConfigItems(ruleSet); }