Example 31 with FirewallRule
use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.
the class ApiResponseHelper method createFirewallResponse.
@Override
public FirewallResponse createFirewallResponse(FirewallRule fwRule) {
FirewallResponse response = new FirewallResponse();
response.setId(fwRule.getUuid());
response.setProtocol(fwRule.getProtocol());
if (fwRule.getSourcePortStart() != null) {
response.setStartPort(fwRule.getSourcePortStart());
}
if (fwRule.getSourcePortEnd() != null) {
response.setEndPort(fwRule.getSourcePortEnd());
}
List<String> cidrs = ApiDBUtils.findFirewallSourceCidrs(fwRule.getId());
response.setCidrList(StringUtils.join(cidrs, ","));
if (fwRule.getTrafficType() == FirewallRule.TrafficType.Ingress) {
IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
response.setPublicIpAddressId(ip.getUuid());
response.setPublicIpAddress(ip.getAddress().addr());
}
Network network = ApiDBUtils.findNetworkById(fwRule.getNetworkId());
response.setNetworkId(network.getUuid());
FirewallRule.State state = fwRule.getState();
String stateToSet = state.toString();
if (state.equals(FirewallRule.State.Revoke)) {
stateToSet = "Deleting";
}
response.setIcmpCode(fwRule.getIcmpCode());
response.setIcmpType(fwRule.getIcmpType());
response.setForDisplay(fwRule.isDisplay());
// set tag information
List<? extends ResourceTag> tags = ApiDBUtils.listByResourceTypeAndId(ResourceObjectType.FirewallRule, fwRule.getId());
List<ResourceTagResponse> tagResponses = new ArrayList<ResourceTagResponse>();
for (ResourceTag tag : tags) {
ResourceTagResponse tagResponse = createResourceTagResponse(tag, true);
CollectionUtils.addIgnoreNull(tagResponses, tagResponse);
}
response.setTags(tagResponses);
response.setState(stateToSet);
response.setObjectName("firewallrule");
return response;
}
Also used :
ResourceTag(com.cloud.server.ResourceTag)
Network(com.cloud.network.Network)
PhysicalNetwork(com.cloud.network.PhysicalNetwork)
ArrayList(java.util.ArrayList)
ResourceTagResponse(org.apache.cloudstack.api.response.ResourceTagResponse)
IpAddress(com.cloud.network.IpAddress)
FirewallRule(com.cloud.network.rules.FirewallRule)
FirewallResponse(org.apache.cloudstack.api.response.FirewallResponse)
Example 32 with FirewallRule
use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.
the class CommandSetupHelper method createApplyFirewallRulesCommands.
public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
final List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
String systemRule = null;
Boolean defaultEgressPolicy = false;
if (rules != null) {
if (rules.size() > 0) {
if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
}
}
for (final FirewallRule rule : rules) {
_rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
final FirewallRule.TrafficType traffictype = rule.getTrafficType();
if (traffictype == FirewallRule.TrafficType.Ingress) {
final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
rulesTO.add(ruleTO);
} else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
final NetworkVO network = _networkDao.findById(guestNetworkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
defaultEgressPolicy = offering.getEgressDefaultPolicy();
assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
rulesTO.add(ruleTO);
}
}
}
final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
final DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
if (systemRule != null) {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
} else {
cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
}
cmds.addCommand(cmd);
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
NetworkVO(com.cloud.network.dao.NetworkVO)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
PrivateIpAddress(com.cloud.network.vpc.PrivateIpAddress)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO)
FirewallRule(com.cloud.network.rules.FirewallRule)
SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)
Example 33 with FirewallRule
use of com.cloud.network.rules.FirewallRule in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImpl method createDefaultEgressFirewallRule.
private void createDefaultEgressFirewallRule(final List<FirewallRule> rules, final long networkId) {
final NetworkVO network = _networkDao.findById(networkId);
final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
final Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy();
// The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here
if (defaultEgressPolicy) {
final List<String> sourceCidr = new ArrayList<String>();
sourceCidr.add(NetUtils.ALL_CIDRS);
final FirewallRule rule = new FirewallRuleVO(null, null, null, null, "all", networkId, network.getAccountId(), network.getDomainId(), Purpose.Firewall, sourceCidr, null, null, null, FirewallRule.TrafficType.Egress, FirewallRule.FirewallRuleType.System);
rules.add(rule);
} else {
s_logger.debug("Egress policy for the Network " + networkId + " is already defined as Deny. So, no need to default the rule to Allow. ");
}
}
Also used :
NetworkVO(com.cloud.network.dao.NetworkVO)
ArrayList(java.util.ArrayList)
NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO)
FirewallRule(com.cloud.network.rules.FirewallRule)
FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO)
Aggregations
FirewallRule (com.cloud.network.rules.FirewallRule)33
ArrayList (java.util.ArrayList)18
IpAddress (com.cloud.network.IpAddress)7
FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)7
FirewallResponse (org.apache.cloudstack.api.response.FirewallResponse)7
FirewallRuleTO (com.cloud.agent.api.to.FirewallRuleTO)5
NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)5
PublicIpAddress (com.cloud.network.PublicIpAddress)5
StaticNatRule (com.cloud.network.rules.StaticNatRule)5
List (java.util.List)5
ServerApiException (org.apache.cloudstack.api.ServerApiException)5
SetFirewallRulesCommand (com.cloud.agent.api.routing.SetFirewallRulesCommand)4
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)4
HostVO (com.cloud.host.HostVO)4
NetworkVO (com.cloud.network.dao.NetworkVO)4
NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)4
Answer (com.cloud.agent.api.Answer)3
ServerApiException (com.cloud.api.ServerApiException)3
DataCenterVO (com.cloud.dc.DataCenterVO)3
ActionEvent (com.cloud.event.ActionEvent)3
