CLOUDSTACK-1241: Network apply rules logic is broken

added logic to check if the network element is configured service provider for the network before applying rules
2025-10-26 08:42:29 +01:00 · 2013-02-12 15:25:07 +05:30 · 2013-02-12 15:25:07 +05:30 · c809d057ef
commit c809d057ef
parent 733ec50d46
2 changed files with 25 additions and 0 deletions
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@ -536,12 +536,22 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
        switch (purpose){
        case Firewall:
            for (FirewallServiceProvider fwElement: _firewallElements) {
+                Network.Provider provider = fwElement.getProvider();
+                boolean  isFwProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider);
+                if (!isFwProvider) {
+                    continue;
+                }
                handled = fwElement.applyFWRules(network, rules);
                if (handled)
                    break;
            }
        case PortForwarding:
            for (PortForwardingServiceProvider element: _pfElements) {
+                Network.Provider provider = element.getProvider();
+                boolean  isPfProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, provider);
+                if (!isPfProvider) {
+                    continue;
+                }
                handled = element.applyPFRules(network, (List<PortForwardingRule>) rules);
                if (handled)
                    break;
@ -549,6 +559,11 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
            break;
        case StaticNat:
            for (StaticNatServiceProvider element: _staticNatElements) {
+                Network.Provider provider = element.getProvider();
+                boolean  isSnatProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, provider);
+                if (!isSnatProvider) {
+                    continue;
+                }
                handled = element.applyStaticNats(network, (List<? extends StaticNat>) rules);
                if (handled)
                    break;
@ -556,6 +571,11 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
            break;
        case NetworkACL:
            for (NetworkACLServiceProvider element: _networkAclElements) {
+                Network.Provider provider = element.getProvider();
+                boolean  isAclProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.NetworkACL, provider);
+                if (!isAclProvider) {
+                    continue;
+                }
                handled = element.applyNetworkACLs(network, rules);
                if (handled)
                    break;
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@ -1158,6 +1158,11 @@ public class LoadBalancingRulesManagerImpl<Type> extends ManagerBase implements
        assert(purpose == Purpose.LoadBalancing): "LB Manager asked to handle non-LB rules";
        boolean handled = false;
        for (LoadBalancingServiceProvider lbElement: _lbProviders) {
+            Provider provider = lbElement.getProvider();
+            boolean  isLbProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Lb, provider);
+            if (!isLbProvider) {
+                continue;
+            }
            handled = lbElement.applyLBRules(network, (List<LoadBalancingRule>) rules);
            if (handled)
                break;