From 891f02f4d459980aea31071e6fd894880f6bf891 Mon Sep 17 00:00:00 2001 From: alena Date: Fri, 12 Aug 2011 12:38:17 -0700 Subject: [PATCH] Resend firewall rules on domR restart --- api/src/com/cloud/agent/api/to/IpAddressTO.java | 3 ++- .../router/VirtualNetworkApplianceManagerImpl.java | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/api/src/com/cloud/agent/api/to/IpAddressTO.java b/api/src/com/cloud/agent/api/to/IpAddressTO.java index 750757ffa54..f41f8f203ca 100644 --- a/api/src/com/cloud/agent/api/to/IpAddressTO.java +++ b/api/src/com/cloud/agent/api/to/IpAddressTO.java @@ -39,7 +39,7 @@ public class IpAddressTO { private TrafficType trafficType; private String[] networkTags; - public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate) { + public IpAddressTO(String ipAddress, boolean add, boolean firstIP, boolean sourceNat, String vlanId, String vlanGateway, String vlanNetmask, String vifMacAddress, String guestIp, Integer networkRate, boolean isOneToOneNat) { this.publicIp = ipAddress; this.add = add; this.firstIP = firstIP; @@ -50,6 +50,7 @@ public class IpAddressTO { this.vifMacAddress = vifMacAddress; this.guestIp = guestIp; this.networkRate = networkRate; + this.oneToOneNat = isOneToOneNat; } protected IpAddressTO() { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index ed7d5fdcbc0..531473a2014 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1419,11 +1419,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian List pfRules = new ArrayList(); List staticNatFirewallRules = new ArrayList(); List staticNats = new ArrayList(); + List firewallRules = new ArrayList(); //Get information about all the rules (StaticNats and StaticNatRules; PFVPN to reapply on domR start) for (PublicIpAddress ip : publicIps) { pfRules.addAll(_pfRulesDao.listForApplication(ip.getId())); staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat)); + firewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall)); RemoteAccessVpn vpn = _vpnDao.findById(ip.getId()); if (vpn != null) { @@ -1442,6 +1444,12 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (!staticNats.isEmpty()) { createApplyStaticNatCommands(staticNats, router, cmds); } + + //Re-apply firewall rules + s_logger.debug("Found " + staticNats.size() + " firewall rule(s) to apply as a part of domR " + router + " start."); + if (!firewallRules.isEmpty()) { + createFirewallRulesCommands(firewallRules, router, cmds); + } // Re-apply port forwarding rules s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start."); @@ -1901,7 +1909,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian String vmGuestAddress = null; - IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate); + IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress, networkRate, ipAddr.isOneToOneNat()); ip.setTrafficType(network.getTrafficType()); ip.setNetworkTags(network.getTags()); ipsToSend[i++] = ip;