@Override public FirewallRule getFirewallRule(long ruleId) { return _firewallDao.findById(ruleId); }
public static FirewallRuleVO findFirewallRuleById(long ruleId) { return s_firewallRuleDao.findById(ruleId); }
private boolean revokeStaticNatRuleInternal(long ruleId, Account caller, long userId, boolean apply) { FirewallRuleVO rule = _firewallDao.findById(ruleId); _firewallMgr.revokeRule(rule, caller, userId, true); boolean success = false; if (apply) { success = applyStaticNatRulesForIp(rule.getSourceIpAddressId(), _ipAddrMgr.RulesContinueOnError.value(), caller, true); } else { success = true; } return success; }
protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); } if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule"); } _accountMgr.checkAccess(caller, null, true, rule); if (customId != null) { rule.setUuid(customId); } if (forDisplay != null) { rule.setDisplay(forDisplay); } _firewallDao.update(ruleId, rule); return _firewallDao.findById(ruleId); }
s_logger.trace("Marking static nat rule " + firewallStaticNatRule + " with Revoke state"); final IpAddress ip = _ipAddressDao.findById(firewallStaticNatRule.getSourceIpAddressId()); final FirewallRuleVO ruleVO = _firewallDao.findById(firewallStaticNatRule.getId());
FirewallRuleVO lbRule = _firewallDao.findById(lb.getLoadBalancerId()); if (lbRule.getNetworkId() == nic.getNetworkId()) { result.add(lbRule);
@Override @ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true) public boolean revokeStaticNatRule(long ruleId, boolean apply) { CallContext ctx = CallContext.current(); Account caller = ctx.getCallingAccount(); FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null) { throw new InvalidParameterValueException("Unable to find " + ruleId); } _accountMgr.checkAccess(caller, null, true, rule); if (!revokeStaticNatRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) { throw new CloudRuntimeException("Failed to revoke forwarding rule"); } return true; }
FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId()); ruleVO.setState(FirewallRule.State.Active); _firewallDao.update(ruleVO.getId(), ruleVO);
@Override public StaticNatRule buildStaticNatRule(FirewallRule rule, boolean forRevoke) { IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId()); FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId()); if (ip == null || !ip.isOneToOneNat() || ip.getAssociatedWithVmId() == null) { InvalidParameterValueException ex = new InvalidParameterValueException("Source ip address of the specified firewall rule id is not static nat enabled"); ex.addProxyObject(ruleVO.getUuid(), "ruleId"); throw ex; } String dstIp = ip.getVmIp(); if (dstIp == null) { InvalidParameterValueException ex = new InvalidParameterValueException("VM ip address of the specified public ip is not set "); ex.addProxyObject(ruleVO.getUuid(), "ruleId"); throw ex; } return new StaticNatRuleImpl(ruleVO, dstIp); }
protected boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); } if (rule.getType() == FirewallRuleType.System && !_accountMgr.isRootAdmin(caller.getId())) { throw new InvalidParameterValueException("Only root admin can delete the system wide firewall rule"); } _accountMgr.checkAccess(caller, null, true, rule); revokeRule(rule, caller, userId, false); boolean success = false; Long networkId = rule.getNetworkId(); if (apply) { // ingress firewall rule if (rule.getSourceIpAddressId() != null) { //feteches ingress firewall, ingress firewall rules associated with the ip List<FirewallRuleVO> rules = _firewallDao.listByIpAndPurpose(rule.getSourceIpAddressId(), Purpose.Firewall); return applyFirewallRules(rules, false, caller); //egress firewall rule } else if (networkId != null) { List<FirewallRuleVO> rules = _firewallDao.listByNetworkPurposeTrafficType(rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress); return applyFirewallRules(rules, false, caller); } } else { success = true; } return success; }