Examples with FirewallRuleTO com.cloud.agent.api.to.FirewallRuleTO used on opensource projects

Example 26 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createApplyFirewallRulesCommands.

public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.getEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findOne(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}

Example 27 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.

the class SetFirewallRulesConfigItem method generateConfig.

@Override
public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
    final SetFirewallRulesCommand command = (SetFirewallRulesCommand) cmd;
    final List<FirewallRule> rules = new ArrayList<>();
    for (final FirewallRuleTO rule : command.getRules()) {
        final FirewallRule fwRule = new FirewallRule(rule.getId(), rule.getSrcVlanTag(), rule.getSrcIp(), rule.getProtocol(), rule.getSrcPortRange(), rule.revoked(), rule.isAlreadyAdded(), rule.getSourceCidrList(), rule.getPurpose().toString(), rule.getIcmpType(), rule.getIcmpCode(), rule.getTrafficType().toString(), rule.getGuestCidr(), rule.isDefaultEgressPolicy());
        rules.add(fwRule);
    }
    final FirewallRules ruleSet = new FirewallRules(rules.toArray(new FirewallRule[rules.size()]));
    return generateConfigItems(ruleSet);
}

Example 28 with FirewallRuleTO

use of com.cloud.agent.api.to.FirewallRuleTO in project cosmic by MissionCriticalCloud.

the class SetFirewallRulesCommand method generateFwRules.

public String[][] generateFwRules() {
    final String[][] result = new String[2][];
    final Set<String> toAdd = new HashSet<>();
    for (final FirewallRuleTO fwTO : rules) {
        /* example  :  172.16.92.44:tcp:80:80:0.0.0.0/0:,200.16.92.44:tcp:220:220:0.0.0.0/0:,
             *  each entry format      <ip>:protocol:srcport:destport:scidr:
             *  reverted entry format  <ip>:reverted:0:0:0:
             */
        if (fwTO.revoked()) {
            final StringBuilder sb = new StringBuilder();
            /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
            sb.append(fwTO.getSrcIp()).append(":reverted:0:0:0:");
            final String fwRuleEntry = sb.toString();
            toAdd.add(fwRuleEntry);
            continue;
        }
        final List<String> cidr;
        final StringBuilder sb = new StringBuilder();
        sb.append(fwTO.getSrcIp()).append(":").append(fwTO.getProtocol()).append(":");
        if ("icmp".compareTo(fwTO.getProtocol()) == 0) {
            sb.append(fwTO.getIcmpType()).append(":").append(fwTO.getIcmpCode()).append(":");
        } else if (fwTO.getStringSrcPortRange() == null) {
            sb.append("0:0").append(":");
        } else {
            sb.append(fwTO.getStringSrcPortRange()).append(":");
        }
        cidr = fwTO.getSourceCidrList();
        if (cidr == null || cidr.isEmpty()) {
            sb.append("0.0.0.0/0");
        } else {
            boolean firstEntry = true;
            for (final String tag : cidr) {
                if (!firstEntry) {
                    sb.append("-");
                }
                sb.append(tag);
                firstEntry = false;
            }
        }
        sb.append(":");
        final String fwRuleEntry = sb.toString();
        toAdd.add(fwRuleEntry);
    }
    result[0] = toAdd.toArray(new String[toAdd.size()]);
    return result;
}