status 11029: resolved fixed
Commit also includes the following:
* map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation
* when delete firewall rules, also delete related firewall rule
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
Fixed couple of other problems along:
* when expunge PF/Static nat rules as a part of vmExpunge/IpRelease process, first mark all rules as Revoke, and then send commands to the backend. Group commands by Ip address.
Before we used to do Revoke/Send per rule basis.
* When release source nat rule, make sure that corresponding vpn (if exists) is being expunged.
* to enable 1-1 nat for ip/vm use enalbeOneToOneNat api
* to open port range (or multiple port ranges) use createIpForwardingRule api.
* to delete one port range use deleteIpForwardingRule api.
* to disable 1-1 nat use disableOneToOneNat api.
alena
Alex Huang
abhishek