You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2016/12/23 12:21:34 UTC

[05/19] git commit: updated refs/heads/4.9 to 20986ba

CLOUDSTACK-9617: Fixed enabling remote access after PF or LB  configured on vpn tcp ports


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d2ca30a1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d2ca30a1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d2ca30a1

Branch: refs/heads/4.9
Commit: d2ca30a1330bdd5931b8a059a8db7a4cf1327d80
Parents: 7da95172
Author: Jayapalu <Ja...@apache.org>
Authored: Mon Dec 12 11:57:12 2016 +0530
Committer: Jayapalu <Ja...@apache.org>
Committed: Mon Dec 12 11:59:33 2016 +0530

----------------------------------------------------------------------
 .../src/com/cloud/network/firewall/FirewallManagerImpl.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d2ca30a1/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index b7e0d14..d633a8b 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -429,7 +429,13 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
                 boolean allowStaticNat =
                     (rule.getPurpose() == Purpose.StaticNat && newRule.getPurpose() == Purpose.StaticNat && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
 
-                if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall)) {
+                boolean allowVpnPf =
+                        (rule.getPurpose() == Purpose.PortForwarding && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+                boolean allowVpnLb =
+                        (rule.getPurpose() == Purpose.LoadBalancing && newRule.getPurpose() == Purpose.Vpn && !newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()));
+
+                if (!(allowPf || allowStaticNat || oneOfRulesIsFirewall || allowVpnPf || allowVpnLb)) {
                     throw new NetworkRuleConflictException("The range specified, " + newRule.getSourcePortStart() + "-" + newRule.getSourcePortEnd() +
                         ", conflicts with rule " + rule.getId() + " which has " + rule.getSourcePortStart() + "-" + rule.getSourcePortEnd());
                 }