Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: bfederle@apache.org
To: commits@cloudstack.apache.org
Date: Fri, 10 May 2013 20:33:43 -0000
Message-Id: <0a158904576a4523b5975ae133ab4ffe@git.apache.org>
In-Reply-To: <bfdb1702b79e415ebe721cc1480b8c0e@git.apache.org>
References: <bfdb1702b79e415ebe721cc1480b8c0e@git.apache.org>
Subject: [42/50] [abbrv] git commit: updated refs/heads/ui-vpc-redesign to
 d00077a

CLOUDSTACK-2417: NPE while creating Egress rules with Networking using Cisco ASA firewall provider

An input parameter was incorrectly interpreted during egress rule creation and so resulted in NPE. Created a new vnmc xml for handling creation of egress rule with protocol as 'All'


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/530b0beb
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/530b0beb
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/530b0beb

Branch: refs/heads/ui-vpc-redesign
Commit: 530b0beb3c8b172fbfaf89584cd24785b7513998
Parents: b4aff61
Author: Koushik Das <koushik.das@citrix.com>
Authored: Fri May 10 17:54:59 2013 +0530
Committer: Koushik Das <koushik.das@citrix.com>
Committed: Fri May 10 17:54:59 2013 +0530

----------------------------------------------------------------------
 .../network/cisco/create-egress-acl-rule.xml       |   53 ++-------
 .../create-generic-egress-acl-no-protocol-rule.xml |   94 +++++++++++++++
 .../cisco/create-generic-egress-acl-rule.xml       |    1 -
 .../network/cisco/create-ingress-acl-rule.xml      |   43 +------
 .../cloud/network/cisco/CiscoVnmcConnection.java   |   10 +-
 .../network/cisco/CiscoVnmcConnectionImpl.java     |   30 +++---
 .../cloud/network/element/CiscoVnmcElement.java    |    9 +-
 .../cloud/network/resource/CiscoVnmcResource.java  |   12 +-
 .../network/resource/CiscoVnmcResourceTest.java    |    4 +-
 9 files changed, 144 insertions(+), 112 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
index 930272e..05c066d 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -118,70 +118,38 @@ under the License.
       <policyNetworkExpression
         dn="%aclruledn%/rule-cond-4/nw-expr2"
         id="2"
-        opr="eq"
+        opr="range"
         status="created"/>
     </pair>
     <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
       <policyNwAttrQualifier
-        attrEp="source"
+        attrEp="destination"
         dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
         status="created"/>
     </pair>
-    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
-      <policyIPAddress
-        dataType="string"
-        descr=""
-        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
-        id="2"
-        name=""
-        placement="none"
-        status="created"
-        value="%sourceip%"/>
-    </pair>
-
-    <pair key="%aclruledn%/rule-cond-5">
-      <policyRuleCondition
-        dn="%aclruledn%/rule-cond-5"
-        id="5"
-        order="unspecified"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
-      <policyNetworkExpression
-        dn="%aclruledn%/rule-cond-5/nw-expr2"
-        id="2"
-        opr="range"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
-      <policyNwAttrQualifier
-        attrEp="source"
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
       <policyNetworkPort
         appType="Other"
         dataType="string"
         descr=""
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
         id="2"
         name=""
         placement="begin"
         status="created"
-        value="%sourcestartport%"/>
+        value="%deststartport%"/>
     </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
       <policyNetworkPort
         appType="Other"
         dataType="string"
         descr=""
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
         id="3"
         name=""
         placement="end"
         status="created"
-        value="%sourceendport%"/>
+        value="%destendport%"/>
     </pair>
 
   </inConfigs>
@@ -195,7 +163,6 @@ under the License.
     protocolvalue = "TCP" or "UDP"
     deststartip="destination start ip"
     destendip="destination end ip"
-    sourcestartport="start port at source"
-    sourceendport="end port at source"
-    sourceip="source ip"
+    deststartport="start port at destination"
+    destendport="end port at destination"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
new file mode 100755
index 0000000..17cfa54
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-no-protocol-rule.xml
@@ -0,0 +1,94 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+--!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
index 92c2504..436e3ea 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -118,5 +118,4 @@ under the License.
     protocolvalue = "TCP" or "UDP" or "ICMP"
     deststartip="destination start ip"
     destendip="destination end ip"
-    sourceip="source ip"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
index 1af30b4..f283ffe 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -118,7 +118,7 @@ under the License.
       <policyNetworkExpression
         dn="%aclruledn%/rule-cond-4/nw-expr2"
         id="2"
-        opr="eq"
+        opr="range"
         status="created"/>
     </pair>
     <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
@@ -127,56 +127,24 @@ under the License.
         dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
         status="created"/>
     </pair>
-    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
-      <policyIPAddress
-        dataType="string"
-        descr=""
-        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
-        id="2"
-        name=""
-        placement="none"
-        status="created"
-        value="%destip%"/>
-    </pair>
-
-    <pair key="%aclruledn%/rule-cond-5">
-      <policyRuleCondition
-        dn="%aclruledn%/rule-cond-5"
-        id="5"
-        order="unspecified"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
-      <policyNetworkExpression
-        dn="%aclruledn%/rule-cond-5/nw-expr2"
-        id="2"
-        opr="range"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
-      <policyNwAttrQualifier
-        attrEp="destination"
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
-        status="created"/>
-    </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
       <policyNetworkPort
         appType="Other"
         dataType="string"
         descr=""
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
         id="2"
         name=""
         placement="begin"
         status="created"
         value="%deststartport%"/>
     </pair>
-    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
       <policyNetworkPort
         appType="Other"
         dataType="string"
         descr=""
-        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
         id="3"
         name=""
         placement="end"
@@ -197,5 +165,4 @@ under the License.
     sourceendip="source end ip"
     deststartport="start port at destination"
     destendport="end port at destination"
-    destip="destination ip"
 --!>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index f137148..fed6724 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -140,23 +140,23 @@ public interface CiscoVnmcConnection {
     public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
-            String destStartPort, String destEndPort, String destIp)
+            String destStartPort, String destEndPort)
             throws ExecutionException;
 
     public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceStartIp, String sourceEndIp, String destIp)
+            String protocol, String sourceStartIp, String sourceEndIp)
             throws ExecutionException;
 
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
-            String destStartIp, String destEndIp)
+            String protocol, String destStartIp, String destEndIp,
+            String destStartPort, String destEndPort)
             throws ExecutionException;
 
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceIp, String destStartIp, String destEndIp)
+            String protocol, String destStartIp, String destEndIp)
             throws ExecutionException;
 
     public boolean deleteTenantVDCAclRule(String tenantName,

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index 714eb82..c7380ab 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -95,6 +95,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         CREATE_EGRESS_ACL_RULE("create-egress-acl-rule.xml", "policy-mgr"),
         CREATE_GENERIC_INGRESS_ACL_RULE("create-generic-ingress-acl-rule.xml", "policy-mgr"),
         CREATE_GENERIC_EGRESS_ACL_RULE("create-generic-egress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_EGRESS_ACL_NO_PROTOCOL_RULE("create-generic-egress-acl-no-protocol-rule.xml", "policy-mgr"),
 
         DELETE_RULE("delete-rule.xml", "policy-mgr"),
 
@@ -660,8 +661,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
         xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
-        //xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false));
-        xml = replaceXmlValue(xml, "egresspolicysetname", "default-egress");
+        xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false));
         xml = replaceXmlValue(xml, "ingresspolicysetname", getNameForAclPolicySet(tenantName, true));
         xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
 
@@ -673,7 +673,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String sourceStartIp, String sourceEndIp,
-            String destStartPort, String destEndPort, String destIp) throws ExecutionException {
+            String destStartPort, String destEndPort) throws ExecutionException {
         String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
 
@@ -687,7 +687,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
         xml = replaceXmlValue(xml, "deststartport", destStartPort);
         xml = replaceXmlValue(xml, "destendport", destEndPort);
-        xml = replaceXmlValue(xml, "destip", destIp);
 
         List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
         int order = 100;
@@ -703,8 +702,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     @Override
     public boolean createTenantVDCIngressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceStartIp, String sourceEndIp,
-            String destIp) throws ExecutionException {
+            String protocol, String sourceStartIp, String sourceEndIp) throws ExecutionException {
         String xml = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getService();
 
@@ -731,8 +729,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     @Override
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
-            String destStartIp, String destEndIp) throws ExecutionException {
+            String protocol, String destStartIp, String destEndIp,
+            String destStartPort, String destEndPort) throws ExecutionException {
         String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
 
@@ -744,9 +742,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "deststartip", destStartIp);
         xml = replaceXmlValue(xml, "destendip", destEndIp);
-        xml = replaceXmlValue(xml, "sourcestartport", sourceStartPort);
-        xml = replaceXmlValue(xml, "sourceendport", sourceEndPort);
-        xml = replaceXmlValue(xml, "sourceip", sourceIp);
+        xml = replaceXmlValue(xml, "deststartport", destStartPort);
+        xml = replaceXmlValue(xml, "destendport", destEndPort);
 
         List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
         int order = 100;
@@ -762,17 +759,20 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
     @Override
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
-            String protocol, String sourceIp,
-            String destStartIp, String destEndIp) throws ExecutionException {
+            String protocol, String destStartIp, String destEndIp) throws ExecutionException {
         String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
-
+        if (protocol.equalsIgnoreCase("all")) { // any protocol
+            xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_NO_PROTOCOL_RULE.getXml();
+            service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_NO_PROTOCOL_RULE.getService();
+        } else { // specific protocol
+            xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        }
         xml = replaceXmlValue(xml, "cookie", _cookie);
         xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
         xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
         xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "actiontype", "permit");
-        xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "deststartip", destStartIp);
         xml = replaceXmlValue(xml, "destendip", destEndIp);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index 33cc40a..b335edb 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -105,6 +105,7 @@ import com.cloud.network.dao.PhysicalNetworkServiceProviderDao;
 import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
 import com.cloud.network.resource.CiscoVnmcResource;
 import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.FirewallRule.TrafficType;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.offering.NetworkOffering;
@@ -677,8 +678,12 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
 
         List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
         for (FirewallRule rule : rules) {
-            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
-            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
+            String address = "0.0.0.0";
+            if (rule.getTrafficType() == TrafficType.Ingress) {
+                IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+                address = sourceIp.getAddress().addr();
+            }
+            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, address, rule.getPurpose(), rule.getTrafficType());
             rulesTO.add(ruleTO);
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 9155978..906e0ae 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -368,29 +368,29 @@ public class CiscoVnmcResource implements ServerResource {
                                 if (!_connection.createTenantVDCIngressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
                                         rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
-                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
                                     throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             } else {
                                 if (!_connection.createTenantVDCIngressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
-                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1])) {
                                     throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             }
                         } else {
-                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                            if (rule.getProtocol().equalsIgnoreCase("tcp") || rule.getProtocol().equalsIgnoreCase("udp")) {
                                 if (!_connection.createTenantVDCEgressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
                                         rule.getProtocol().toUpperCase(),
-                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
-                                        externalIpRange[0], externalIpRange[1])) {
+                                        externalIpRange[0], externalIpRange[1],
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
                                     throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             } else {
                                 if (!_connection.createTenantVDCEgressAclRule(tenant,
                                         Long.toString(rule.getId()), policyIdentifier,
-                                        rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1])) {
                                     throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
                                 }
                             }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/530b0beb/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
index e814fdc..acfc5eb 100755
--- a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
@@ -171,11 +171,11 @@ public class CiscoVnmcResourceTest {
         when(_connection.createTenantVDCIngressAclRule(
                 anyString(), anyString(), anyString(),
                 anyString(), anyString(), anyString(),
-                anyString(), anyString(), anyString())).thenReturn(true);
+                anyString(), anyString())).thenReturn(true);
         when(_connection.createTenantVDCEgressAclRule(
                 anyString(), anyString(), anyString(),
                 anyString(), anyString(), anyString(),
-                anyString(), anyString(), anyString())).thenReturn(true);
+                anyString(), anyString())).thenReturn(true);
         when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
 
         Answer answer = _resource.executeRequest(cmd);