CLOUDSTACK-9669:egress destination cidr VR python script changes
CLOUDSTACK-9669:egress destination API and orchestration changes
CLOUDSTACK-9669: Added the ipset package in systemvm template
CLOUDSTACK-9669:Added licence header for new files
CLOUDSTACK-9669: replacing 0.0.0.0/0 with the network cidr
ipset member add with 0.0.0.0/0 fails. So 0.0.0.0/0 replaced with the network cidr.
In source cidr 0.0.0.0/0 is nothing but network cidr.
updated the default egress all cidr with network cidr
Entities correlated to the Identity and carry a uuid and those
correlated to InternalIdentity carry an id. Those entities that carry
both will correlated to Identity and InternalIdentity.
This refactors entities wherever possible to ensure the VO only
implements the first class entity.
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
status 11029: resolved fixed
Commit also includes the following:
* map firewall rule to pf/lb/staticNat/vpn when the firewall rule is created as a part of pf/lb/staticNat/vpn rule creation
* when delete firewall rules, also delete related firewall rule
1) Added new apis: createFirewallRule, deleteFirewallRule, listFirewallRules
2) Modified existing apis - added boolean openFirewall parameter to createPortForwardingRule/createIpForwardingRule/createRemoteAccessVpn. If parameter is set to true, open firewall on the domR before creating an actual PF rule there
Modified backend calls appropriately.
3) Schema changes for firewall_rules table:
* startPort/endPort can be null now
* added icmp_type, icmp_code fields (can be not null only when protocol is icmp)
4) Added new manager - FirewallManagerImpl
* added new fields to createIpForwardingRule api: startPort/protocol - required, endPort is optional
* updated "firewall_rules" table with a new field "is_one_to_one_nat" (being set when new rule is created)
Jayapal
Nitin Mehta
Alena Prokharchyk
Daan Hoogland
Alex Huang
Rohit Yadav
Prasanna Santhanam
Min Chen
David Nalley
frank
Edison Su
alena
Abhinandan Prateek
Alex Huang