}
for (FirewallRule rule : rulesToApply) {
if (rule.getState() == FirewallRule.State.Revoke || rule.getState() == FirewallRule.State.Add) {
IpAddress dstIp = _networkModel.getIp(rule.getSourceIpAddressId());
FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, dstIp.getAddress().addr());
// Convert to string representation
SimpleFirewallRule fwRule = new SimpleFirewallRule(ruleTO);
String[] ruleStrings = fwRule.toStringArray();
if (rule.getState() == FirewallRule.State.Revoke) {
// Lookup in existingRules, delete if present
for(String revokeRuleString : ruleStrings){
Rule foundRule = existingRules.get(revokeRuleString);
if(foundRule != null){
foundRule.delete();
}
}
} else if (rule.getState() == FirewallRule.State.Add) {
// Lookup in existingRules, add if not present
for(int i = 0; i < ruleStrings.length; i++){
String ruleString = ruleStrings[i];
Rule foundRule = existingRules.get(ruleString);
if(foundRule == null){
// Get the cidr for the related entry in the Source Cidrs list
String relatedCidr = fwRule.sourceCidrs.get(i);
Pair<String,Integer> cidrParts = NetUtils.getCidr(relatedCidr);
// Create rule with correct proto, cidr, ACCEPT, dst IP
Rule toApply = preFilter.addRule()
.type(DtoRule.Jump)
.jumpChainId(preNat.getId())
.position(1)
.nwSrcAddress(cidrParts.first())
.nwSrcLength(cidrParts.second())
.nwDstAddress(ruleTO.getSrcIp())
.nwDstLength(32)
.nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol()));
if(rule.getProtocol().equals("icmp")){
// ICMP rules - reuse port fields