@Override @ActionEvent(eventType = EventTypes.EVENT_FIREWALL_OPEN, eventDescription = "creating firewall rule", create = true) public boolean addSystemFirewallRules(IPAddressVO ip, Account acct) { List<FirewallRuleVO> systemRules = _firewallDao.listSystemRules(); for (FirewallRuleVO rule : systemRules) { try { if (rule.getSourceCidrList() == null && (rule.getPurpose() == Purpose.Firewall || rule.getPurpose() == Purpose.NetworkACL)) { _firewallDao.loadSourceCidrs(rule); } createFirewallRule(ip.getId(), acct, rule.getXid(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getProtocol(), rule.getSourceCidrList(),null, rule.getIcmpCode(), rule.getIcmpType(), rule.getRelated(), FirewallRuleType.System, rule.getNetworkId(), rule.getTrafficType(), true); } catch (Exception e) { s_logger.debug("Failed to add system wide firewall rule, due to:" + e.toString()); } } return true; }
@Override @DB public FirewallRuleVO persist(FirewallRuleVO firewallRule) { TransactionLegacy txn = TransactionLegacy.currentTxn(); txn.start(); FirewallRuleVO dbfirewallRule = super.persist(firewallRule); //Fill the firewall_rules_cidrs table saveSourceCidrs(firewallRule, firewallRule.getSourceCidrList()); //Fill the firewall_ruls_dcidrs table saveDestinationCidrs(firewallRule, firewallRule.getDestinationCidrList()); //Add the source and dest cidrs into the dbfirewall rule to be returned. //Have to read again from DB as the fields are transient. loadSourceCidrs(dbfirewallRule); loadDestinationCidrs(dbfirewallRule); txn.commit(); return dbfirewallRule; }
_firewallDao.loadDestinationCidrs((FirewallRuleVO) newRule); if (rule.getSourceCidrList() == null || newRule.getSourceCidrList() == null) { continue; duplicatedCidrs = (detectConflictingCidrs(rule.getSourceCidrList(), newRule.getSourceCidrList()) && detectConflictingCidrs(rule.getDestinationCidrList(), newRule.getDestinationCidrList()));
srcNetwork.getDomainId(), originalFirewallRule.getPurpose(), originalFirewallRule.getSourceCidrList(), originalFirewallRule.getDestinationCidrList(), originalFirewallRule.getIcmpCode(),