def _delete_fwr_service(self, context, vdom, **fwr): LOG.debug("# _delete_fwr_service() fwr=%(fwr)s", {'fwr': fwr}) if fwr['protocol'] in ['any', None] and \ not fwr['destination_port'] and not fwr['source_port']: return None else: return utils.delete_fwservice( self, context, vdom=vdom, name=fwr['id'])
def _delete_fwr_service(self, context, vdom, **fwr): LOG.debug("# _delete_fwr_service() fwr=%(fwr)s", {'fwr': fwr}) if fwr['protocol'] in ['any', None] and \ not fwr['destination_port'] and not fwr['source_port']: return None else: return utils.delete_fwservice( self, context, vdom=vdom, name=fwr['id'])
def _update_firewall_rule(self, context, id, firewall_rule): LOG.debug("# _add_firewall_rule() called") fwps_int = fortinet_db.Fortinet_FW_Rule_Association.query_all( context, fwr_id=id, type=constants.TYPE_INT) fwps_ext = fortinet_db.Fortinet_FW_Rule_Association.query_all( context, fwr_id=id, type=constants.TYPE_EXT) if fwps_ext and fwps_int: fwps = fwps_int + fwps_ext else: fwps = fwps_int or fwps_ext if not fwps: return firewall_rule.setdefault('id', id) srcaddr = self._make_fortinet_fwaddress_dict( place='source_ip_address', **firewall_rule) dstaddr = self._make_fortinet_fwaddress_dict( place='destination_ip_address', **firewall_rule) service = self._make_fortinet_fwservice_dict(**firewall_rule) action = self._get_fwr_action(**firewall_rule) profiles = self._get_fwp_profiles(action) for fwp in fwps_int: vdom = fwp.fortinet_policy.vdom if service['name'] != 'ALL': utils.set_fwservice(self, context, vdom=vdom, **service) if srcaddr['name'] != 'all': utils.set_fwaddress(self, context, vdom=vdom, **srcaddr) if dstaddr['name'] != 'all': utils.set_fwaddress(self, context, vdom=vdom, **dstaddr) # check whether related firewall policies need to update fwp = fwps_int[0].fortinet_policy name = firewall_rule.setdefault('name', fwp.comments) if fwp.srcaddr == srcaddr['name'] and fwp.action == action and \ fwp.dstaddr == dstaddr['name'] and fwp.service == service['name']: return if action in ['accept']: for fwp in fwps: fortinet_fwp = utils.set_fwpolicy(self, context, id=fwp.fortinet_pid, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], service=service['name'], action=action, comments=name, **profiles) if not fwps_ext: inf_int, inf_ext = utils.get_vlink_intf( self, context, vdom=fortinet_fwp.vdom) utils.add_fwaas_subpolicy(self, context, before=fortinet_fwp.edit_id, vdom=fortinet_fwp.vdom, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], dstintf=inf_int, nat='enable', service=service['name'], action=action, comments=name, fwr_id=id, type=constants.TYPE_EXT, **profiles) elif action in ['deny']: for fwp_ext in fwps_ext: utils.delete_fwaas_subpolicy(self, context, fwr_id=fwp_ext.fwr_id, fortinet_pid=fwp_ext.fortinet_pid) for fwp in fwps_int: utils.set_fwpolicy(self, context, id=fwp.fortinet_pid, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], service=service['name'], action=action, comments=name, **profiles) for fwp in fwps_int: vdom = fwp.fortinet_policy.vdom if service['name'] == 'ALL': #delete all old services if exist utils.delete_fwservice(self, context, vdom=vdom, name=id) if srcaddr['name'] == 'all': name = constants.PREFIX['source_ip_address'] + id utils.delete_fwaddress(self, context, vdom=vdom, name=name) if dstaddr['name'] == 'all': name = constants.PREFIX['destination_ip_address'] + id utils.delete_fwaddress(self, context, vdom=vdom, name=name)
def _update_firewall_rule(self, context, id, firewall_rule): LOG.debug("# _add_firewall_rule() called") fwps_int = fortinet_db.Fortinet_FW_Rule_Association.query_all( context, fwr_id=id, type=constants.TYPE_INT) fwps_ext = fortinet_db.Fortinet_FW_Rule_Association.query_all( context, fwr_id=id, type=constants.TYPE_EXT) if fwps_ext and fwps_int: fwps = fwps_int + fwps_ext else: fwps = fwps_int or fwps_ext if not fwps: return firewall_rule.setdefault('id', id) srcaddr = self._make_fortinet_fwaddress_dict( place='source_ip_address', **firewall_rule) dstaddr = self._make_fortinet_fwaddress_dict( place='destination_ip_address', **firewall_rule) service = self._make_fortinet_fwservice_dict(**firewall_rule) action = self._get_fwr_action(**firewall_rule) profiles = self._get_fwp_profiles(action) for fwp in fwps_int: vdom = fwp.fortinet_policy.vdom if service['name'] != 'ALL': utils.set_fwservice(self, context, vdom=vdom, **service) if srcaddr['name'] != 'all': utils.set_fwaddress(self, context, vdom=vdom, **srcaddr) if dstaddr['name'] != 'all': utils.set_fwaddress(self, context, vdom=vdom, **dstaddr) # check whether related firewall policies need to update fwp = fwps_int[0].fortinet_policy name = firewall_rule.setdefault('name', fwp.comments) if fwp.srcaddr == srcaddr['name'] and fwp.action == action and \ fwp.dstaddr == dstaddr['name'] and fwp.service == service['name']: return if action in ['accept']: for fwp in fwps: fortinet_fwp = utils.set_fwpolicy(self, context, id=fwp.fortinet_pid, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], service=service['name'], action=action, comments=name, **profiles) if not fwps_ext: inf_int, inf_ext = utils.get_vlink_intf( self, context, vdom=fortinet_fwp.vdom) utils.add_fwaas_subpolicy(self, context, before=fortinet_fwp.edit_id, vdom=fortinet_fwp.vdom, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], dstintf=inf_int, nat='enable', service=service['name'], action=action, comments=name, fwr_id=id, type=constants.TYPE_EXT, **profiles) elif action in ['deny']: for fwp_ext in fwps_ext: utils.delete_fwaas_subpolicy(self, context, fwr_id=fwp_ext.fwr_id, fortinet_pid=fwp_ext.fortinet_pid) for fwp in fwps_int: utils.set_fwpolicy(self, context, id=fwp.fortinet_pid, srcaddr=srcaddr['name'], dstaddr=dstaddr['name'], service=service['name'], action=action, comments=name, **profiles) for fwp in fwps_int: vdom = fwp.fortinet_policy.vdom if service['name'] == 'ALL': #delete all old services if exist utils.delete_fwservice(self, context, vdom=vdom, name=id) if srcaddr['name'] == 'all': name = constants.PREFIX['source_ip_address'] + id utils.delete_fwaddress(self, context, vdom=vdom, name=name) if dstaddr['name'] == 'all': name = constants.PREFIX['destination_ip_address'] + id utils.delete_fwaddress(self, context, vdom=vdom, name=name)