This patch lays the infrastructure to add logging to the
fwaas rules both in NSX-V and NSX-V3, and for FWaaS v1+v2
In the future we should set the "logged" flag from the
configured user objects
Change-Id: Ie12e326ac8a166912908ae038760a682fd46e8af
Adding a range of source/destination ports in a firewall rule should
not be done by adding each specific port, but sending it to the NSX as
a range.
Change-Id: Icbfbb7b02a4dff4863a1e69ccea2777f538fc7c4
As of patch I677721aeada6fd74e8201c7f308771c887b2a1e9, the exception
module has been removed from upstream neutron-fwaas repo. This
breaks our neutron_fwaas driver and unit tests. Remove dependency
of that module in this patch and use the exception defined in
vmware_nsx common instead.
Change-Id: I9fb9df6505fb7493be98723988dc4f6288af1603
The NSX-V FWaaS driver updated the backend router firewall using a different
code than the plugin uses when the router is updated.
This causes code duplication, and ,ultiple bugs.
Now the driver will call the plugin in order to recreate all firewall rules.
Change-Id: I3651cfc0ceafc81b28747476f98a82e30e41a2af
When attaching a firewall to an unsupported router type, we should
raise an exception, causing the firewall to become inactive.
Change-Id: Ia32ac4e7092138794825b9692d98073745dbb426
previous patch took care of the rule order when recreating the edge fw rules.
This patch takes care of the same when the rotuer is added to the firewall.
The FWaaS rules should be added at the correct location between the
rest of the router rules.
Change-Id: I8ac52e6e476b214ded7342d1473670c1d31befef
Reorder the FW rules on the edge, so that internal & MD proxy traffic
will always be allowed, but other traffic will go through the FWaaS rules.
In additon support the case of firewall policy with no rules,
and do not add the firewall rules if the router has no external gateway.
Change-Id: Ia4afad53a4b68f87947eec9d0d25007128b174e9
The nsx-v FWaaS driver will add the configured firewall rules to
the router edges.
Currently there is not support for shared routers.
The rules will be edded after the current rules (NAT, LBaaS, external traffic)
for exclusive routers edges and distributed routers PLR edged.
Change-Id: I82ba90070ef4e739a0b5c4463ef03a807e26adfb