Beispiel #1
0
 public static NetworkRule createEgress(
     final Protocol protocol,
     final Integer protocolNumber,
     final Integer lowPort,
     final Integer highPort,
     final Collection<NetworkPeer> peers,
     final Collection<String> ipRanges) {
   final NetworkRule rule =
       new NetworkRule(protocol, protocolNumber, lowPort, highPort, ipRanges, peers);
   rule.setEgress(true);
   return rule;
 }
Beispiel #2
0
 @Override
 public boolean equals(Object obj) {
   if (this == obj) {
     return true;
   }
   if (getClass() != obj.getClass()) {
     return false;
   }
   NetworkRule other = (NetworkRule) obj;
   if (this.highPort == null) {
     if (other.highPort != null) {
       return false;
     }
   } else if (!this.highPort.equals(other.highPort)) {
     return false;
   }
   if (this.ipRanges == null) {
     if (other.ipRanges != null) {
       return false;
     }
   } else if (!this.ipRanges.equals(other.ipRanges)) {
     return false;
   }
   if (this.lowPort == null) {
     if (other.lowPort != null) {
       return false;
     }
   } else if (!this.lowPort.equals(other.lowPort)) {
     return false;
   }
   if (this.networkPeers == null) {
     if (other.networkPeers != null) {
       return false;
     }
   } else if (!this.networkPeers.equals(other.networkPeers)) {
     return false;
   }
   if (this.protocol != other.protocol) {
     return false;
   }
   if (this.protocolNumber == null) {
     if (other.protocolNumber != null) {
       return false;
     }
   } else if (!this.protocolNumber.equals(other.protocolNumber)) {
     return false;
   }
   if (this.isEgress() != other.isEgress()) {
     return false;
   }
   return true;
 }
Beispiel #3
0
 /** Any imcp rules created without ports should have the values updated to -1 (any) */
 private void setPortsForIcmpRules() {
   try (final TransactionResource tx = Entities.distinctTransactionFor(NetworkRule.class)) {
     for (final NetworkRule rule :
         Entities.criteriaQuery(
                 Entities.restriction(NetworkRule.class)
                     .any(
                         Entities.restriction(NetworkRule.class)
                             .isNull(NetworkRule_.lowPort)
                             .build(),
                         Entities.restriction(NetworkRule.class)
                             .isNull(NetworkRule_.highPort)
                             .build())
                     .equal(NetworkRule_.protocol, Protocol.icmp))
             .list()) {
       logger.info(
           "Updating ports for icmp rule in group "
               + rule.getGroup().getGroupId()
               + "/"
               + rule.getGroup().getDisplayName());
       if (rule.getLowPort() == null) {
         rule.setLowPort(-1);
       }
       if (rule.getHighPort() == null) {
         rule.setHighPort(-1);
       }
     }
     tx.commit();
   } catch (Exception ex) {
     logger.error("Error updating ports for icmp rules", ex);
   }
 }
Beispiel #4
0
 private void addProtocolNumberToRules() {
   try (final TransactionResource tx = Entities.distinctTransactionFor(NetworkRule.class)) {
     for (final NetworkRule rule :
         Entities.query(
             NetworkRule.named(),
             false,
             Restrictions.and(
                 Restrictions.isNotNull("protocol"), Restrictions.isNull("protocolNumber")),
             Collections.<String, String>emptyMap())) {
       logger.info(
           "Updating protocol "
               + rule.getProtocol()
               + " for rule in group "
               + rule.getGroup().getGroupId()
               + "/"
               + rule.getGroup().getDisplayName());
       rule.setProtocolNumber(rule.getProtocol().getNumber());
     }
     tx.commit();
   } catch (Exception ex) {
     logger.error("Error adding protocol numbers to rules", ex);
   }
 }
Beispiel #5
0
 @Override
 public boolean apply(@Nullable final NetworkRule networkRule) {
   return networkRule != null && networkRule.isEgress();
 }
Beispiel #6
0
 public Integer extractHighPort(NetworkRule rule) {
   return rule.getHighPort();
 }
Beispiel #7
0
 @Override
 public Integer extractIcmpCode(final NetworkRule rule) {
   return rule.getHighPort();
 }
Beispiel #8
0
 @Override
 public Integer extractIcmpType(final NetworkRule rule) {
   return rule.getLowPort();
 }