Examples with FirewallRule com.cloud.network.rules.FirewallRule used on opensource projects

Example 46 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerImpl method revokeRelatedFirewallRule.

@Override
public boolean revokeRelatedFirewallRule(final long ruleId, final boolean apply) {
    final FirewallRule fwRule = _firewallDao.findByRelatedId(ruleId);
    if (fwRule == null) {
        s_logger.trace("No related firewall rule exists for rule id=" + ruleId + " so returning true here");
        return true;
    }
    s_logger.debug("Revoking Firewall rule id=" + fwRule.getId() + " as a part of rule delete id=" + ruleId + " with apply=" + apply);
    return revokeIngressFirewallRule(fwRule.getId(), apply);
}

Example 47 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerImpl method applyRules.

@Override
public boolean applyRules(final List<? extends FirewallRule> rules, final boolean continueOnError, final boolean updateRulesInDB) throws ResourceUnavailableException {
    boolean success = true;
    if (rules == null || rules.size() == 0) {
        s_logger.debug("There are no rules to forward to the network elements");
        return true;
    }
    final Purpose purpose = rules.get(0).getPurpose();
    if (!_ipAddrMgr.applyRules(rules, purpose, this, continueOnError)) {
        s_logger.warn("Rules are not completely applied");
        return false;
    } else {
        if (updateRulesInDB) {
            for (final FirewallRule rule : rules) {
                if (rule.getState() == FirewallRule.State.Revoke) {
                    final FirewallRuleVO relatedRule = _firewallDao.findByRelatedId(rule.getId());
                    if (relatedRule != null) {
                        s_logger.warn("Can't remove the firewall rule id=" + rule.getId() + " as it has related firewall rule id=" + relatedRule.getId() + "; leaving it in Revoke state");
                        success = false;
                    } else {
                        removeRule(rule);
                        if (rule.getSourceIpAddressId() != null) {
                            // if the rule is the last one for the ip address assigned to VPC, unassign it from the network
                            final IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
                            _vpcMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
                        }
                    }
                } else if (rule.getState() == FirewallRule.State.Add) {
                    final FirewallRuleVO ruleVO = _firewallDao.findById(rule.getId());
                    ruleVO.setState(FirewallRule.State.Active);
                    _firewallDao.update(ruleVO.getId(), ruleVO);
                }
            }
        }
    }
    return success;
}

Example 48 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class CreateEgressFirewallRuleCmd method create.

@Override
public void create() {
    if (getSourceCidrList() != null) {
        final String guestCidr = _networkService.getNetwork(getNetworkId()).getCidr();
        for (final String cidr : getSourceCidrList()) {
            if (!NetUtils.isValidIp4Cidr(cidr) && !NetUtils.isValidIp6Cidr(cidr)) {
                throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Source cidrs formatting error " + cidr);
            }
            if (cidr.equals(NetUtils.ALL_IP4_CIDRS)) {
                continue;
            }
            if (!NetUtils.isNetworkAWithinNetworkB(cidr, guestCidr)) {
                throw new ServerApiException(ApiErrorCode.PARAM_ERROR, cidr + " is not within the guest cidr " + guestCidr);
            }
        }
    }
    if (getProtocol().equalsIgnoreCase(NetUtils.ALL_PROTO)) {
        if (getSourcePortStart() != null && getSourcePortEnd() != null) {
            throw new InvalidParameterValueException("Do not pass ports to protocol ALL, protocol ALL do not require ports. Unable to create " + "firewall rule for the network id=" + networkId);
        }
    }
    if (getVpcId() != null) {
        throw new InvalidParameterValueException("Unable to create firewall rule for the network id=" + networkId + " as firewall egress rule can be created only for non vpc networks.");
    }
    try {
        final FirewallRule result = _firewallService.createEgressFirewallRule(this);
        if (result != null) {
            setEntityId(result.getId());
            setEntityUuid(result.getUuid());
        }
    } catch (final NetworkRuleConflictException ex) {
        s_logger.info("Network rule conflict: " + ex.getMessage());
        s_logger.trace("Network Rule Conflict: ", ex);
        throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
    }
}

Example 49 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerTest method testDetectRulesConflict.

@Test
public void testDetectRulesConflict() {
    final List<FirewallRuleVO> ruleList = new ArrayList<>();
    final FirewallRuleVO rule1 = spy(new FirewallRuleVO("rule1", 3, 500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    final FirewallRuleVO rule2 = spy(new FirewallRuleVO("rule2", 3, 1701, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    final FirewallRuleVO rule3 = spy(new FirewallRuleVO("rule3", 3, 4500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
    ruleList.add(rule1);
    ruleList.add(rule2);
    ruleList.add(rule3);
    final FirewallManagerImpl firewallMgr = (FirewallManagerImpl) _firewallMgr;
    when(firewallMgr._firewallDao.listByIpAndPurposeAndNotRevoked(3, null)).thenReturn(ruleList);
    when(rule1.getId()).thenReturn(1L);
    when(rule2.getId()).thenReturn(2L);
    when(rule3.getId()).thenReturn(3L);
    final FirewallRule newRule1 = new FirewallRuleVO("newRule1", 3, 500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    final FirewallRule newRule2 = new FirewallRuleVO("newRule2", 3, 1701, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    final FirewallRule newRule3 = new FirewallRuleVO("newRule3", 3, 4500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
    try {
        firewallMgr.detectRulesConflict(newRule1);
        firewallMgr.detectRulesConflict(newRule2);
        firewallMgr.detectRulesConflict(newRule3);
    } catch (final NetworkRuleConflictException ex) {
        Assert.fail();
    }
}

Example 50 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.

the class ListEgressFirewallRulesCmd method execute.

@Override
public void execute() {
    Pair<List<? extends FirewallRule>, Integer> result = _firewallService.listFirewallRules(this);
    ListResponse<FirewallResponse> response = new ListResponse<FirewallResponse>();
    List<FirewallResponse> fwResponses = new ArrayList<FirewallResponse>();
    if (result != null) {
        for (FirewallRule fwRule : result.first()) {
            FirewallResponse ruleData = _responseGenerator.createFirewallResponse(fwRule);
            ruleData.setObjectName("firewallrule");
            fwResponses.add(ruleData);
        }
        response.setResponses(fwResponses, result.second());
    }
    response.setResponseName(getCommandName());
    setResponseObject(response);
}