From 102a2b0a645486b9ac31bd0e8806c4696025c4fd Mon Sep 17 00:00:00 2001
From: Harikrishna Patnala <harikrishna.patnala@gmail.com>
Date: Wed, 13 May 2026 12:19:16 +0530
Subject: [PATCH] DB and response changes

---
 .../api/response/FirewallResponse.java        |  8 +++++
 .../META-INF/db/schema-42210to42300.sql       |  3 ++
 .../java/com/cloud/api/ApiResponseHelper.java | 31 +++++++++++++++++--
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/response/FirewallResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/FirewallResponse.java
index 5986c16dc8c..f6cc9e5d949 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/FirewallResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/FirewallResponse.java
@@ -51,6 +51,10 @@ public class FirewallResponse extends BaseResponse {
     @Param(description = "The Network ID of the firewall rule")
     private String networkId;
 
+    @SerializedName(ApiConstants.VPC_ID)
+    @Param(description = "The VPC ID of the firewall rule")
+    private String vpcId;
+
     @SerializedName(ApiConstants.IP_ADDRESS)
     @Param(description = "The public IP address for the firewall rule")
     private String publicIpAddress;
@@ -115,6 +119,10 @@ public class FirewallResponse extends BaseResponse {
         this.networkId = networkId;
     }
 
+    public void setVpcId(String vpcId) {
+        this.vpcId = vpcId;
+    }
+
     public void setState(String state) {
         this.state = state;
     }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql b/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
index c99f798d3d5..eaf6f55bb20 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
@@ -131,3 +131,6 @@ CREATE TABLE IF NOT EXISTS `cloud_usage`.`quota_tariff_usage` (
 -- Add the 'keep_mac_address_on_public_nic' column to the 'cloud.networks' and 'cloud.vpc' tables
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.networks', 'keep_mac_address_on_public_nic', 'TINYINT(1) NOT NULL DEFAULT 1');
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vpc', 'keep_mac_address_on_public_nic', 'TINYINT(1) NOT NULL DEFAULT 1');
+
+-- This is part of allowing firewall rules on public IP addresses in VPC network
+ALTER TABLE `cloud`.`firewall_rules` MODIFY COLUMN `network_id` BIGINT UNSIGNED NULL;
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 4bde863ca85..1c1d685dda0 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -2965,6 +2965,14 @@ public class ApiResponseHelper implements ResponseGenerator, ResourceIdSupport {
             }
         }
 
+        Long vpcId = fwRule.getVpcId();
+        if (vpcId != null) {
+            Vpc vpc = ApiDBUtils.findVpcById(vpcId);
+            if (vpc != null) {
+                response.setVpcId(vpc.getUuid());
+            }
+        }
+
         FirewallRule.State state = fwRule.getState();
         String stateToSet = state.toString();
         if (state.equals(FirewallRule.State.Revoke)) {
@@ -5410,8 +5418,27 @@ public class ApiResponseHelper implements ResponseGenerator, ResourceIdSupport {
         response.setIcmpCode(fwRule.getIcmpCode());
         response.setIcmpType(fwRule.getIcmpType());
 
-        Network network = ApiDBUtils.findNetworkById(fwRule.getNetworkId());
-        response.setNetworkId(network.getUuid());
+        Long networkId = fwRule.getNetworkId();
+        if (networkId != null) {
+            Network network = ApiDBUtils.findNetworkById(networkId);
+            if (network != null) {
+                response.setNetworkId(network.getUuid());
+            }
+        }
+
+        Long vpcId = fwRule.getVpcId();
+        if (vpcId == null && networkId != null) {
+            Network network = ApiDBUtils.findNetworkById(networkId);
+            if (network != null) {
+                vpcId = network.getVpcId();
+            }
+        }
+        if (vpcId != null) {
+            Vpc vpc = ApiDBUtils.findVpcById(vpcId);
+            if (vpc != null) {
+                response.setVpcId(vpc.getUuid());
+            }
+        }
 
         FirewallRule.State state = fwRule.getState();
         String stateToSet = state.toString();