Examples with FirewallRule com.cloud.network.rules.FirewallRule used on opensource projects

Search in sources :

Example 41 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project CloudStack-archive by CloudStack-extras.

the class ListIpForwardingRulesCmd method execute.

@Override
public void execute() {
    List<? extends FirewallRule> result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId(), this.getProjectId(), this.isRecursive(), this.listAll());
    ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
    List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
    for (FirewallRule rule : result) {
        StaticNatRule staticNatRule = _rulesService.buildStaticNatRule(rule, false);
        IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(staticNatRule);
        if (resp != null) {
            ipForwardingResponses.add(resp);
        }
    }
    response.setResponses(ipForwardingResponses);
    response.setResponseName(getCommandName());
    this.setResponseObject(response);
}
Also used : ListResponse(com.cloud.api.response.ListResponse) ArrayList(java.util.ArrayList) StaticNatRule(com.cloud.network.rules.StaticNatRule) FirewallRule(com.cloud.network.rules.FirewallRule) IpForwardingRuleResponse(com.cloud.api.response.IpForwardingRuleResponse)

Example 42 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createFirewallRulesCommands.

public void createFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.getEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findOne(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}
Also used : NetworkVO(com.cloud.network.dao.NetworkVO) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) FirewallRule(com.cloud.network.rules.FirewallRule) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)

Example 43 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class CommandSetupHelper method createApplyFirewallRulesCommands.

public void createApplyFirewallRulesCommands(final List<? extends FirewallRule> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId) {
    final List<FirewallRuleTO> rulesTO = new ArrayList<>();
    String systemRule = null;
    Boolean defaultEgressPolicy = false;
    if (rules != null) {
        if (rules.size() > 0) {
            if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) {
                systemRule = String.valueOf(FirewallRule.FirewallRuleType.System);
            }
        }
        for (final FirewallRule rule : rules) {
            _rulesDao.loadSourceCidrs((FirewallRuleVO) rule);
            final FirewallRule.TrafficType traffictype = rule.getTrafficType();
            if (traffictype == FirewallRule.TrafficType.Ingress) {
                final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), Purpose.Firewall, traffictype);
                rulesTO.add(ruleTO);
            } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress) {
                final NetworkVO network = _networkDao.findById(guestNetworkId);
                final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
                defaultEgressPolicy = offering.getEgressDefaultPolicy();
                assert rule.getSourceIpAddressId() == null : "ipAddressId should be null for egress firewall rule. ";
                final FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, "", Purpose.Firewall, traffictype, defaultEgressPolicy);
                rulesTO.add(ruleTO);
            }
        }
    }
    final SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
    cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
    final Zone zone = zoneRepository.findOne(router.getDataCenterId());
    cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, zone.getNetworkType().toString());
    if (systemRule != null) {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, systemRule);
    } else {
        cmd.setAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT, String.valueOf(defaultEgressPolicy));
    }
    cmds.addCommand(cmd);
}
Also used : NetworkVO(com.cloud.network.dao.NetworkVO) Zone(com.cloud.db.model.Zone) ArrayList(java.util.ArrayList) NetworkOfferingVO(com.cloud.offerings.NetworkOfferingVO) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) FirewallRuleTO(com.cloud.agent.api.to.FirewallRuleTO) FirewallRule(com.cloud.network.rules.FirewallRule) SetFirewallRulesCommand(com.cloud.agent.api.routing.SetFirewallRulesCommand)

Example 44 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerImpl method revokeFirewallRulesForIp.

@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true)
public boolean revokeFirewallRulesForIp(final long ipId, final long userId, final Account caller) throws ResourceUnavailableException {
    final List<FirewallRule> rules = new ArrayList<>();
    final List<FirewallRuleVO> fwRules = _firewallDao.listByIpAndPurposeAndNotRevoked(ipId, Purpose.Firewall);
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Releasing " + fwRules.size() + " firewall rules for ip id=" + ipId);
    }
    for (final FirewallRuleVO rule : fwRules) {
        // Mark all Firewall rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no
        // need to send them one by one
        revokeFirewallRule(rule.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM);
    }
    // now send everything to the backend
    final List<FirewallRuleVO> rulesToApply = _firewallDao.listByIpAndPurpose(ipId, Purpose.Firewall);
    applyFirewallRules(rulesToApply, true, caller);
    // Now we check again in case more rules have been inserted.
    rules.addAll(_firewallDao.listByIpAndPurposeAndNotRevoked(ipId, Purpose.Firewall));
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Successfully released firewall rules for ip id=" + ipId + " and # of rules now = " + rules.size());
    }
    return rules.size() == 0;
}
Also used : ArrayList(java.util.ArrayList) FirewallRule(com.cloud.network.rules.FirewallRule) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) ActionEvent(com.cloud.event.ActionEvent)

Example 45 with FirewallRule

use of com.cloud.network.rules.FirewallRule in project cosmic by MissionCriticalCloud.

the class FirewallManagerImpl method revokeAllFirewallRulesForNetwork.

@Override
@ActionEvent(eventType = EventTypes.EVENT_FIREWALL_CLOSE, eventDescription = "revoking firewall rule", async = true)
public boolean revokeAllFirewallRulesForNetwork(final long networkId, final long userId, final Account caller) throws ResourceUnavailableException {
    final List<FirewallRule> rules = new ArrayList<>();
    final List<FirewallRuleVO> fwRules = _firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall);
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Releasing " + fwRules.size() + " firewall rules for network id=" + networkId);
    }
    for (final FirewallRuleVO rule : fwRules) {
        // Mark all Firewall rules as Revoke, but don't revoke them yet - we have to revoke all rules for ip, no
        // need to send them one by one
        revokeFirewallRule(rule.getId(), false, caller, Account.ACCOUNT_ID_SYSTEM);
    }
    // now send everything to the backend
    final List<FirewallRuleVO> rulesToApply = _firewallDao.listByNetworkAndPurpose(networkId, Purpose.Firewall);
    final boolean success = applyFirewallRules(rulesToApply, true, caller);
    // Now we check again in case more rules have been inserted.
    rules.addAll(_firewallDao.listByNetworkAndPurposeAndNotRevoked(networkId, Purpose.Firewall));
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Successfully released firewall rules for network id=" + networkId + " and # of rules now = " + rules.size());
    }
    return success && rules.size() == 0;
}
Also used : ArrayList(java.util.ArrayList) FirewallRule(com.cloud.network.rules.FirewallRule) FirewallRuleVO(com.cloud.network.rules.FirewallRuleVO) ActionEvent(com.cloud.event.ActionEvent)

Aggregations

FirewallRule (com.cloud.network.rules.FirewallRule)59 ArrayList (java.util.ArrayList)32 FirewallRuleVO (com.cloud.network.rules.FirewallRuleVO)16 IpAddress (com.cloud.network.IpAddress)13 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)10 FirewallResponse (com.cloud.api.response.FirewallResponse)9 List (java.util.List)9 ServerApiException (com.cloud.api.ServerApiException)8 PublicIpAddress (com.cloud.network.PublicIpAddress)8 NetworkVO (com.cloud.network.dao.NetworkVO)8 StaticNatRule (com.cloud.network.rules.StaticNatRule)8 FirewallRuleTO (com.cloud.agent.api.to.FirewallRuleTO)7 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)7 NetworkOfferingVO (com.cloud.offerings.NetworkOfferingVO)7 FirewallResponse (org.apache.cloudstack.api.response.FirewallResponse)7 SetFirewallRulesCommand (com.cloud.agent.api.routing.SetFirewallRulesCommand)6 ActionEvent (com.cloud.event.ActionEvent)6 ListResponse (com.cloud.api.response.ListResponse)5 ServerApiException (org.apache.cloudstack.api.ServerApiException)5 IpForwardingRuleResponse (com.cloud.api.response.IpForwardingRuleResponse)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial