cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [05/19] git commit: updated refs/heads/4.9 to 20986ba
Date Fri, 23 Dec 2016 12:21:34 GMT
CLOUDSTACK-9617: Fixed enabling remote access after PF or LB  configured on vpn tcp ports


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d2ca30a1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d2ca30a1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d2ca30a1

Branch: refs/heads/4.9
Commit: d2ca30a1330bdd5931b8a059a8db7a4cf1327d80
Parents: 7da95172
Author: Jayapalu <Jayapal@apache.org>
Authored: Mon Dec 12 11:57:12 2016 +0530
Committer: Jayapalu <Jayapal@apache.org>
Committed: Mon Dec 12 11:59:33 2016 +0530

----------------------------------------------------------------------
 .../src/com/cloud/network/firewall/FirewallManagerImpl.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d2ca30a1/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index b7e0d14..d633a8b 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -429,7 +429,13 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
                 boolean allowStaticNat =
                     (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose()
== Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
 
-                if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall)) {
+                boolean allowVpnPf =
+                        (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose()
== Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+                boolean allowVpnLb =
+                        (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose()
== Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+                if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall || allowVpnPf ||
allowVpnLb)) {
                     throw new NetworkRuleConflictException("The range specified, " + newRule.getSourcePortStart()
+ "-" + newRule.getSourcePortEnd() +
                         ", conflicts with rule " + rule.getId() + " which has " + rule.getSourcePortStart()
+ "-" + rule.getSourcePortEnd());
                 }


Mime
View raw message