@Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true) public boolean revokeAllFirewallRulesForNetwork(long networkId, long userId, Account caller) throws ResourceUnavailableException { List<FirewallRule> rules = new ArrayList<FirewallRule>(); List<FirewallRuleVO> fwRules = _firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall); if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + fwRules.size() + " firewall rules for network id=" + networkId); } for (FirewallRuleVO rule : fwRules) { // Mark all Firewall rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no // need to send them one by one revokeFirewallRule(rule.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM); } // now send everything to the backend List<FirewallRuleVO> rulesToApply = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.Firewall); boolean success = applyFirewallRules(rulesToApply, true, caller); // Now we check again in case more rules have been inserted. rules.addAll(_firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall)); if (s_logger.isDebugEnabled()) { s_logger.debug("Successfully released firewall rules for network id=" + networkId + " and # of rules now = " + rules.size()); } return success && rules.size() == 0; }
@Override public boolean applyStaticNatRulesForNetwork(long networkId, boolean continueOnError, Account caller) { List<FirewallRuleVO> rules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat); List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>(); if (rules.size() == 0) { s_logger.debug("There are no static nat rules to apply for network id=" + networkId); return true; } if (caller != null) { _accountMgr.checkAccess(caller, null, true, rules.toArray(new FirewallRule[rules.size()])); } for (FirewallRuleVO rule : rules) { staticNatRules.add(buildStaticNatRule(rule, false)); } try { if (!_firewallMgr.applyRules(staticNatRules, continueOnError, true)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply static nat rules for network due to ", ex); return false; } return true; }
List<FirewallRuleVO> staticNatRules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat); if (s_logger.isDebugEnabled()) { s_logger.debug("Releasing " + staticNatRules.size() + " static nat rules for network id=" + networkId);
final List<FirewallRuleVO> firewallStaticNatRules = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.StaticNat); final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>(); if (s_logger.isDebugEnabled()) {
List<FirewallRuleVO> fwRulesList = _firewallDao.listByNetworkAndPurpose(network.getId(), Purpose.PortForwarding);