@Override
public boolean applyEgressFirewallRules(FirewallRule rule, Account caller)
throws ResourceUnavailableException {
List<FirewallRuleVO> rules =
_firewallDao.listByNetworkPurposeTrafficType(
rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress);
applyDefaultEgressFirewallRule(rule.getNetworkId(), true);
return applyFirewallRules(rules, false, caller);
}
protected boolean revokeFirewallRule(long ruleId, boolean apply, Account caller, long userId) {
FirewallRuleVO rule = _firewallDao.findById(ruleId);
if (rule == null || rule.getPurpose() != Purpose.Firewall) {
throw new InvalidParameterValueException(
"Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
}
if (rule.getType() == FirewallRuleType.System
&& caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
throw new InvalidParameterValueException(
"Only root admin can delete the system wide firewall rule");
}
_accountMgr.checkAccess(caller, null, true, rule);
revokeRule(rule, caller, userId, false);
boolean success = false;
Long networkId = rule.getNetworkId();
if (apply) {
// ingress firewall rule
if (rule.getSourceIpAddressId() != null) {
// feteches ingress firewall, ingress firewall rules associated with the ip
List<FirewallRuleVO> rules =
_firewallDao.listByIpAndPurpose(rule.getSourceIpAddressId(), Purpose.Firewall);
return applyFirewallRules(rules, false, caller);
// egress firewall rule
} else if (networkId != null) {
List<FirewallRuleVO> rules =
_firewallDao.listByNetworkPurposeTrafficType(
rule.getNetworkId(), Purpose.Firewall, FirewallRule.TrafficType.Egress);
return applyFirewallRules(rules, false, caller);
}
} else {
success = true;
}
return success;
}
