diff --git a/api/src/com/cloud/agent/api/to/IpAddressTO.java b/api/src/com/cloud/agent/api/to/IpAddressTO.java index 750757ffa54..f41f8f203ca 100644 --- a/api/src/com/cloud/agent/api/to/IpAddressTO.java +++ b/api/src/com/cloud/agent/api/to/IpAddressTO.java @@ -39,7 +39,7 @@ public class IpAddressTO { private TrafficType trafficType; private String[] networkTags; - public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate) { + public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate, boolean isOneToOneNat) { this.publicIp = ipAddress; this.add = add; this.firstIP = firstIP; @@ -50,6 +50,7 @@ public class IpAddressTO { this.vifMacAddress = vifMacAddress; this.guestIp = guestIp; this.networkRate = networkRate; + this.oneToOneNat = isOneToOneNat; } protected IpAddressTO() { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 44eca6d0586..6393947a4a0 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1410,11 +1410,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian List pfRules = new ArrayList(); List staticNatFirewallRules = new ArrayList(); List staticNats = new ArrayList(); + List firewallRules = new ArrayList(); //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) for (PublicIpAddress ip : publicIps) { pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); + firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); if (vpn != null) { @@ -1433,6 +1435,12 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (!staticNats.isEmpty()) { createApplyStaticNatCommands(staticNats, router, cmds); } + + //Re-apply firewall rules + s_logger.debug("Found " + staticNats.size() + " firewall rule(s) to apply as a part of domR " + router + " start."); + if (!firewallRules.isEmpty()) { + createFirewallRulesCommands(firewallRules, router, cmds); + } // Re-apply port forwarding rules s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); @@ -1892,7 +1900,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian String vmGuestAddress = null; - IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate); + IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate, ipAddr.isOneToOneNat()); ip.setTrafficType(network.getTrafficType()); ip.setNetworkTags(network.getTags()); ipsToSend[i++] = ip;