diff --git a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java index 29d9c6f8a57..8c7b5529ed9 100644 --- a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java +++ b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java @@ -109,6 +109,12 @@ public class FirewallRuleTO implements InternalIdentity { this.trafficType = trafficType; } + public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, FirewallRule.TrafficType trafficType, boolean defaultEgressPolicy) { + this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode()); + this.trafficType = trafficType; + this.defaultEgressPolicy = defaultEgressPolicy; + } + public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, FirewallRule.Purpose purpose, boolean revokeState, boolean alreadyAdded) { this(rule.getId(),srcVlanTag, srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), revokeState, alreadyAdded, purpose,rule.getSourceCidrList(),rule.getIcmpType(),rule.getIcmpCode()); } diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index d2a3c6b10a6..b07b6f8629e 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -3680,6 +3680,7 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V private void createFirewallRulesCommands(List rules, VirtualRouter router, Commands cmds, long guestNetworkId) { List rulesTO = null; String systemRule = null; + Boolean defaultEgressPolicy = false; if (rules != null) { if (rules.size() > 0) { if (rules.get(0).getTrafficType() == FirewallRule.TrafficType.Egress && rules.get(0).getType() == FirewallRule.FirewallRuleType.System) { @@ -3694,17 +3695,17 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(),Purpose.Firewall,traffictype); rulesTO.add(ruleTO); } else if (rule.getTrafficType() == FirewallRule.TrafficType.Egress){ + NetworkVO network = _networkDao.findById(guestNetworkId); + NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); + defaultEgressPolicy = offering.getEgressDefaultPolicy(); assert (rule.getSourceIpAddressId()==null) : "ipAddressId should be null for egress firewall rule. "; - FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null,"",Purpose.Firewall, traffictype); + FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null,"",Purpose.Firewall, traffictype, defaultEgressPolicy); rulesTO.add(ruleTO); } } } - NetworkVO network = _networkDao.findById(guestNetworkId); - NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); - Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy(); SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO); cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, getRouterControlIp(router.getId())); cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, getRouterIpInNetwork(guestNetworkId, router.getId()));