@Override public boolean revoke(FirewallRuleVO rule) { rule.setState(State.Revoke); return update(rule.getId(), rule); }
@Override public boolean applyDefaultEgressFirewallRule(Long networkId, boolean defaultPolicy, boolean add) throws ResourceUnavailableException { s_logger.debug("applying default firewall egress rules "); NetworkVO network = _networkDao.findById(networkId); List<String> sourceCidr = new ArrayList<String>(); List<String> destCidr = new ArrayList<String>(); sourceCidr.add(network.getCidr()); destCidr.add(NetUtils.ALL_IP4_CIDRS); FirewallRuleVO ruleVO = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, destCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRuleType.System); ruleVO.setState(add ? State.Add : State.Revoke); List<FirewallRuleVO> rules = new ArrayList<FirewallRuleVO>(); rules.add(ruleVO); try { //this is not required to store in db because we don't to add this rule along with the normal rules if (!applyRules(rules, false, false)) { return false; } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to apply default egress rules for guest network due to ", ex); return false; } return true; }
@Override public boolean setStateToAdd(FirewallRuleVO rule) { SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create(); sc.setParameters("id", rule.getId()); sc.setParameters("state", State.Staged); rule.setState(State.Add); return update(rule, sc) > 0; }
@Override public void doInTransactionWithoutResult(TransactionStatus status) { boolean generateUsageEvent = false; if (rule.getState() == State.Staged) { if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); } removeRule(rule); generateUsageEvent = true; } else if (rule.getState() == State.Add || rule.getState() == State.Active) { rule.setState(State.Revoke); _firewallDao.update(rule.getId(), rule); generateUsageEvent = true; } if (generateUsageEvent && needUsageEvent) { UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_RULE_DELETE, rule.getAccountId(), 0, rule.getId(), null, rule.getClass().getName(), rule.getUuid()); } } });
ruleVO.setState(FirewallRule.State.Active); _firewallDao.update(ruleVO.getId(), ruleVO);