x/vmware-nsx
Code Issues Proposed changes

Merge "NSX|V3: support ranges in fw rules ports"

Browse Source
This commit is contained in:
Jenkins
2017-07-09 18:05:12 +00:00
committed by Gerrit Code Review
parent c82752506e 11f9f56505
commit a1c3613031
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py
View File

@@ -116,15 +116,21 @@ class EdgeFwaasV3Driver(fwaas_base.FwaasDriverBase):
# This will cover icmpv6 too, when adding the rule. # This will cover icmpv6 too, when adding the rule.
return consts.ICMPV4 return consts.ICMPV4
@staticmethod
def _translate_ports(ports):
return [ports.replace(':', '-')]
def _translate_services(self, fwaas_rule): def _translate_services(self, fwaas_rule):
l4_protocol = self._translate_protocol(fwaas_rule['protocol']) l4_protocol = self._translate_protocol(fwaas_rule['protocol'])
if l4_protocol in [consts.TCP, consts.UDP]: if l4_protocol in [consts.TCP, consts.UDP]:
source_ports = [] source_ports = []
destination_ports = [] destination_ports = []
if fwaas_rule.get('source_port'): if fwaas_rule.get('source_port'):
source_ports = [fwaas_rule['source_port']] source_ports = self._translate_ports(
fwaas_rule['source_port'])
if fwaas_rule.get('destination_port'): if fwaas_rule.get('destination_port'):
destination_ports = [fwaas_rule['destination_port']] destination_ports = self._translate_ports(
fwaas_rule['destination_port'])
return [self.nsx_firewall.get_nsservice( return [self.nsx_firewall.get_nsservice(
consts.L4_PORT_SET_NSSERVICE, consts.L4_PORT_SET_NSSERVICE,

7
vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py
View File

@@ -73,7 +73,8 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):
'action': 'reject', 'action': 'reject',
'ip_version': 4, 'ip_version': 4,
'protocol': 'tcp', 'protocol': 'tcp',
'destination_port': '22', 'destination_port': '22:24',
'source_port': '1:65535',
'id': 'fake-fw-rule2'} 'id': 'fake-fw-rule2'}
rule3 = {'enabled': True, rule3 = {'enabled': True,
'action': 'deny', 'action': 'deny',
@@ -101,8 +102,8 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):
'notes': 'first rule'} 'notes': 'first rule'}
service2 = {'l4_protocol': 'TCP', service2 = {'l4_protocol': 'TCP',
'resource_type': 'L4PortSetNSService', 'resource_type': 'L4PortSetNSService',
'destination_ports': ['22'], 'destination_ports': ['22-24'],
'source_ports': []} 'source_ports': ['1-65535']}
rule2 = {'action': 'DROP', # Reject is replaced with deny rule2 = {'action': 'DROP', # Reject is replaced with deny
'services': [{'service': service2}], 'services': [{'service': service2}],
'display_name': 'Fwaas-fake-fw-rule2'} 'display_name': 'Fwaas-fake-fw-rule2'}