public StaticNatRuleImpl(FirewallRuleVO rule, String dstIp) { id = rule.getId(); xid = rule.getXid(); uuid = rule.getUuid(); protocol = rule.getProtocol(); portStart = rule.getSourcePortStart().intValue(); portEnd = rule.getSourcePortEnd().intValue(); state = rule.getState(); accountId = rule.getAccountId(); domainId = rule.getDomainId(); networkId = rule.getNetworkId(); sourceIpAddressId = rule.getSourceIpAddressId(); destIpAddress = dstIp; forDisplay = rule.isDisplay(); }
.equalsIgnoreCase(rule.getProtocol())))); if (newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO) && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())) { if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() && newRule.getIcmpType().longValue() == rule.getIcmpType().longValue() && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) { throw new InvalidParameterValueException("New rule conflicts with existing rule id=" + rule.getId()); if(nullPorts && duplicatedCidrs && (rule.getProtocol().equalsIgnoreCase(newRule.getProtocol())) && !newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO)) { throw new NetworkRuleConflictException("There is already a firewall rule specified with protocol = " +newRule.getProtocol()+ " and no ports"); rule.getProtocol())) || (rule.getPurpose() == Purpose.Vpn && newRule.getPurpose() == Purpose.PortForwarding && !newRule.getProtocol().equalsIgnoreCase( rule.getProtocol())); boolean allowStaticNat = (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())); (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
@Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true) public boolean addSystemFirewallRules(IPAddressVO ip, Account acct) { List<FirewallRuleVO> systemRules = _firewallDao.listSystemRules(); for (FirewallRuleVO rule : systemRules) { try { if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { _firewallDao.loadSourceCidrs(rule); } createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),null, rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true); } catch (Exception e) { s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString()); } } return true; }
acl.setId(rule.getUuid()); acl.setPriority((int)rule.getId()); // CloudStack Firewall interface does not have priority acl.setIpProto(rule.getProtocol()); String cidr = null; Integer port = rule.getSourcePortStart();
originalFirewallRule.getSourcePortStart(), originalFirewallRule.getSourcePortEnd(), originalFirewallRule.getProtocol(), dstNetworkId, srcNetwork.getAccountId(),
AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ); NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ); NotRevokedSearch.and("purpose", NotRevokedSearch.entity().getPurpose(), Op.EQ); NotRevokedSearch.and("protocol", NotRevokedSearch.entity().getProtocol(), Op.EQ); NotRevokedSearch.and("sourcePortStart", NotRevokedSearch.entity().getSourcePortStart(), Op.EQ); NotRevokedSearch.and("sourcePortEnd", NotRevokedSearch.entity().getSourcePortEnd(), Op.EQ); ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ); ReleaseSearch.and("ipId", ReleaseSearch.entity().getSourceIpAddressId(), Op.EQ); ReleaseSearch.and("purpose", ReleaseSearch.entity().getPurpose(), Op.EQ);