Examples of IptablesFilterEntry

Examples of org.platformlayer.ops.firewall.scripts.IptablesFilterEntry

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
    String uuid = platformLayerClient.getOrCreateUuid(model).toString();

    // TODO: Rationalize between our complicated version that can open cloud ports, and this streamlined version
    for (Transport transport : Transport.all()) {
      {
        IptablesFilterEntry allowIKE = addChild(IptablesFilterEntry.class);
        allowIKE.port = 500;
        allowIKE.protocol = Protocol.Udp;
        allowIKE.ruleKey = transport.getKey() + "-ike-" + uuid;
        allowIKE.transport = transport;
      }

      {// TODO: Do we want to open NAT-T (4500?)
        IptablesFilterEntry allowEsp = addChild(IptablesFilterEntry.class);
        allowEsp.protocol = Protocol.Esp;
        allowEsp.ruleKey = transport.getKey() + "-esp-" + uuid;
        allowEsp.transport = transport;
      }
View Full Code Here

Examples of org.platformlayer.ops.firewall.scripts.IptablesFilterEntry

53
54
55
56
57
58
59
60
61
62
63
    public void handler() {
    }

    @Override
    protected void addChildren() throws OpsException {
      IptablesFilterEntry entry = addChild(IptablesFilterEntry.class);
      entry.ruleKey = KEY;
      entry.port = PORT;
      entry.transport = Transport.Ipv6;
      entry.protocol = Protocol.Tcp;
    }
View Full Code Here

Examples of org.platformlayer.ops.firewall.scripts.IptablesFilterEntry

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
      transports = Collections.singletonList(transport);
    }

    for (final Transport transport : transports) {
      if (!Strings.isNullOrEmpty(sourceCidr)) {
        IptablesFilterEntry entry = dest.addChild(IptablesFilterEntry.class);
        entry.port = port;
        entry.sourceCidr = sourceCidr;
        entry.protocol = protocol;
        entry.transport = transport;
        entry.ruleKey = uniqueId;
      } else if (sourceItemKey != null) {
        LateBound<IptablesFilterEntry> entry = new LateBound<IptablesFilterEntry>() {
          @Override
          public IptablesFilterEntry get() throws OpsException {
            ItemBase sourceItem = platformLayerHelpers.getItem(sourceItemKey);

            NetworkPoint targetNetworkPoint = NetworkPoint.forTargetInContext();

            boolean required = !OpsContext.isDelete();
            Machine sourceMachine = instanceHelpers.getMachine(sourceItem, required);
            if (sourceMachine == null) {
              // TODO: Store by key? Delete by key?
              log.warn("Source machine not found for firewall rule; assuming already deleted");
              return null;
            }

            String sourceCidr = null;

            List<InetAddress> addresses = sourceMachine.getNetworkPoint().findAddresses(targetNetworkPoint);
            if (transport == Transport.Ipv4) {
              Iterables.removeIf(addresses, InetAddressUtils.IS_IPV6);

              if (addresses.size() == 1) {
                sourceCidr = addresses.get(0).getHostAddress() + "/32";
              } else {
                if (addresses.isEmpty()) {
                  return null;
                }
                throw new IllegalStateException("Not implemented");
              }
            } else {
              Iterables.removeIf(addresses, InetAddressUtils.IS_IPV4);

              if (addresses.size() == 1) {
                sourceCidr = addresses.get(0).getHostAddress() + "/128";
              } else {
                if (addresses.isEmpty()) {
                  return null;
                }
                throw new IllegalStateException("Not implemented");
              }
            }

            IptablesFilterEntry entry = injected(IptablesFilterEntry.class);
            entry.port = port;
            entry.sourceCidr = sourceCidr;
            entry.protocol = protocol;
            entry.transport = transport;
            entry.ruleKey = uniqueId;

            return entry;
          }

          @Override
          public String getDescription() throws Exception {
            return "Firewall rules";
          }
        };

        dest.addChild(entry);
      } else {
        // Both empty => wildcard

        IptablesFilterEntry entry = dest.addChild(IptablesFilterEntry.class);
        entry.port = port;
        entry.protocol = protocol;
        entry.transport = transport;
        entry.ruleKey = uniqueId;
      }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.