@Override
public boolean applyDefaultEgressFirewallRule(Long networkId, boolean defaultPolicy)
throws ResourceUnavailableException {
if (defaultPolicy == false) {
// If default policy is false no need apply rules on backend because firewall provider blocks
// by default
return true;
}
s_logger.debug("applying default firewall egress rules ");
NetworkVO network = _networkDao.findById(networkId);
List<String> sourceCidr = new ArrayList<String>();
sourceCidr.add(NetUtils.ALL_CIDRS);
FirewallRuleVO ruleVO =
new FirewallRuleVO(
null,
null,
null,
null,
"all",
networkId,
network.getAccountId(),
network.getDomainId(),
Purpose.Firewall,
sourceCidr,
null,
null,
null,
FirewallRule.TrafficType.Egress,
FirewallRuleType.System);
List<FirewallRuleVO> rules = new ArrayList<FirewallRuleVO>();
rules.add(ruleVO);
try {
// this is not required to store in db because we don't to add this rule along with the normal
// rules
if (!applyRules(rules, false, false)) {
return false;
}
} catch (ResourceUnavailableException ex) {
s_logger.warn("Failed to apply default egress rules for guest network due to ", ex);
return false;
}
return true;
}
