You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2016/12/23 12:21:34 UTC
[05/19] git commit: updated refs/heads/4.9 to 20986ba
CLOUDSTACK-9617: Fixed enabling remote access after PF or LB configured on vpn tcp ports
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d2ca30a1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d2ca30a1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d2ca30a1
Branch: refs/heads/4.9
Commit: d2ca30a1330bdd5931b8a059a8db7a4cf1327d80
Parents: 7da95172
Author: Jayapalu <Ja...@apache.org>
Authored: Mon Dec 12 11:57:12 2016 +0530
Committer: Jayapalu <Ja...@apache.org>
Committed: Mon Dec 12 11:59:33 2016 +0530
----------------------------------------------------------------------
.../src/com/cloud/network/firewall/FirewallManagerImpl.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d2ca30a1/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index b7e0d14..d633a8b 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -429,7 +429,13 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
boolean allowStaticNat =
(rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
- if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall)) {
+ boolean allowVpnPf =
+ (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+ boolean allowVpnLb =
+ (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+ if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall || allowVpnPf || allowVpnLb)) {
throw new NetworkRuleConflictException("The range specified, " + newRule.getSourcePortStart() + "-" + newRule.getSourcePortEnd() +
", conflicts with rule " + rule.getId() + " which has " + rule.getSourcePortStart() + "-" + rule.getSourcePortEnd());
}