From 2dc076f232181c7534f743c1dec7416c069f7066 Mon Sep 17 00:00:00 2001
From: Kishan Kavala <kishan@cloud.com>
Date: Wed, 15 May 2013 12:51:08 +0530
Subject: [PATCH] CLOUDSTACK-2487: Show error while adding acl_item to default
 ACL

---
 .../src/com/cloud/network/vpc/NetworkACLServiceImpl.java  | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index ac59fab7ba2..00c90d5164e 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -216,8 +216,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             throw new InvalidParameterValueException("Network ACL can be created just for networks of type " + Networks.TrafficType.Guest);
         }
 
-        if(aclId != NetworkACL.DEFAULT_DENY) {
-            //ACL is not default DENY
+        if(aclId != NetworkACL.DEFAULT_DENY && aclId != NetworkACL.DEFAULT_ALLOW) {
+            //ACL is not default DENY/ALLOW
             // ACL should be associated with a VPC
             Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
             if(vpc == null){
@@ -254,6 +254,10 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
             throw new InvalidParameterValueException("Unable to find specified ACL");
         }
 
+        if((aclId == NetworkACL.DEFAULT_DENY) || (aclId == NetworkACL.DEFAULT_ALLOW)){
+            throw new InvalidParameterValueException("Default ACL cannot be modified");
+        }
+
         Vpc vpc = _vpcMgr.getVpc(acl.getVpcId());
         if(vpc == null){
             throw new InvalidParameterValueException("Unable to find Vpc associated with the NetworkACL");