public static NetworkRule createEgress(
final Protocol protocol,
final Integer protocolNumber,
final Integer lowPort,
final Integer highPort,
final Collection<NetworkPeer> peers,
final Collection<String> ipRanges) {
final NetworkRule rule =
new NetworkRule(protocol, protocolNumber, lowPort, highPort, ipRanges, peers);
rule.setEgress(true);
return rule;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (getClass() != obj.getClass()) {
return false;
}
NetworkRule other = (NetworkRule) obj;
if (this.highPort == null) {
if (other.highPort != null) {
return false;
}
} else if (!this.highPort.equals(other.highPort)) {
return false;
}
if (this.ipRanges == null) {
if (other.ipRanges != null) {
return false;
}
} else if (!this.ipRanges.equals(other.ipRanges)) {
return false;
}
if (this.lowPort == null) {
if (other.lowPort != null) {
return false;
}
} else if (!this.lowPort.equals(other.lowPort)) {
return false;
}
if (this.networkPeers == null) {
if (other.networkPeers != null) {
return false;
}
} else if (!this.networkPeers.equals(other.networkPeers)) {
return false;
}
if (this.protocol != other.protocol) {
return false;
}
if (this.protocolNumber == null) {
if (other.protocolNumber != null) {
return false;
}
} else if (!this.protocolNumber.equals(other.protocolNumber)) {
return false;
}
if (this.isEgress() != other.isEgress()) {
return false;
}
return true;
}
/** Any imcp rules created without ports should have the values updated to -1 (any) */
private void setPortsForIcmpRules() {
try (final TransactionResource tx = Entities.distinctTransactionFor(NetworkRule.class)) {
for (final NetworkRule rule :
Entities.criteriaQuery(
Entities.restriction(NetworkRule.class)
.any(
Entities.restriction(NetworkRule.class)
.isNull(NetworkRule_.lowPort)
.build(),
Entities.restriction(NetworkRule.class)
.isNull(NetworkRule_.highPort)
.build())
.equal(NetworkRule_.protocol, Protocol.icmp))
.list()) {
logger.info(
"Updating ports for icmp rule in group "
+ rule.getGroup().getGroupId()
+ "/"
+ rule.getGroup().getDisplayName());
if (rule.getLowPort() == null) {
rule.setLowPort(-1);
}
if (rule.getHighPort() == null) {
rule.setHighPort(-1);
}
}
tx.commit();
} catch (Exception ex) {
logger.error("Error updating ports for icmp rules", ex);
}
}
private void addProtocolNumberToRules() {
try (final TransactionResource tx = Entities.distinctTransactionFor(NetworkRule.class)) {
for (final NetworkRule rule :
Entities.query(
NetworkRule.named(),
false,
Restrictions.and(
Restrictions.isNotNull("protocol"), Restrictions.isNull("protocolNumber")),
Collections.<String, String>emptyMap())) {
logger.info(
"Updating protocol "
+ rule.getProtocol()
+ " for rule in group "
+ rule.getGroup().getGroupId()
+ "/"
+ rule.getGroup().getDisplayName());
rule.setProtocolNumber(rule.getProtocol().getNumber());
}
tx.commit();
} catch (Exception ex) {
logger.error("Error adding protocol numbers to rules", ex);
}
}
@Override
public boolean apply(@Nullable final NetworkRule networkRule) {
return networkRule != null && networkRule.isEgress();
}
public Integer extractHighPort(NetworkRule rule) {
return rule.getHighPort();
}
@Override
public Integer extractIcmpCode(final NetworkRule rule) {
return rule.getHighPort();
}
@Override
public Integer extractIcmpType(final NetworkRule rule) {
return rule.getLowPort();
}