From d80b58fe1d41955f6f69f929375c07d40ddbf1e2 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Fri, 23 Mar 2012 19:06:25 -0700
Subject: [PATCH] bug 14484: Apply existed firewall rules when associating IP

It's not a elegant fix. The status for firewall rules should remain unchanged
before/after ip association/disassociation. But the related change is tricky
than this fix, may not get enough test for 3.0.1. So we would apply existed
firewall rules again, which would work, just result in some unnecessary
commands.

status 14484: resolved fixed

Reviewed-by: Edison Su
---
 .../src/com/cloud/network/NetworkManagerImpl.java | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 894dd457ece..7df6e461bdf 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -253,6 +253,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     @Inject
     NicDao _nicDao = null;
     @Inject
+    FirewallRulesDao _fwRulesDao = null;
+    @Inject
     RulesManager _rulesMgr;
     @Inject
     LoadBalancingRulesManager _lbMgr;
@@ -894,14 +896,27 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 } else {
                     throw new CloudRuntimeException("Fail to get ip deployer for element: " + element);
                 }
+                //We would apply all the existed firewall rules for this IP, since the rule maybe discard by revoke PF/LB rules
+                List<FirewallRule> firewallRules = new ArrayList<FirewallRule>();
+                boolean applyFirewallRules = false;
+                if (element instanceof FirewallServiceProvider &&
+                        isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider)) {
+                    applyFirewallRules = true;
+                }
                 Set<Service> services = new HashSet<Service>();
                 for (PublicIp ip : ips) {
                     if (!ipToServices.containsKey(ip)) {
                         continue;
                     }
                     services.addAll(ipToServices.get(ip));
+                    if (applyFirewallRules) {
+                        firewallRules.addAll(_fwRulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
+                    }
                 }
                 deployer.applyIps(network, ips, services);
+                if (applyFirewallRules && !firewallRules.isEmpty()) {
+                    ((FirewallServiceProvider) element).applyFWRules(network, firewallRules);
+                }
             } catch (ResourceUnavailableException e) {
                 success = false;
                 if (!continueOnError) {