bug 10617: Intermediate checking

Changes : - Fixing API doc +response name + errorMessage - Adding seperate events to Egress rules - Egress rules Using the same database table as that of ingress with new column type. Pending Tasks: - db upgrade - database table rename from security_ingress_rule to generic name, renaming some of the jave class from ingress to generic name. - Retesting on kvm
2025-11-03 04:12:31 +01:00 · 2011-09-09 18:07:18 +05:30 · 2011-09-09 18:07:18 +05:30 · f9b0962ad9
commit f9b0962ad9
parent 50efe56335
27 changed files with 177 additions and 753 deletions
--- a/api/src/com/cloud/api/ResponseGenerator.java
+++ b/api/src/com/cloud/api/ResponseGenerator.java
@ -180,7 +180,7 @@ public interface ResponseGenerator {
    SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules);
-    SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List<? extends EgressRule> egressRules);
+    SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List<? extends IngressRule> egressRules);
    SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group);
--- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java
+++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupEgressCmd.java
@ -37,17 +37,17 @@ import com.cloud.api.response.SecurityGroupResponse;
 import com.cloud.async.AsyncJob;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.security.EgressRule;
+import com.cloud.network.security.IngressRule;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 import com.cloud.utils.StringUtils;
-@Implementation(responseObject = EgressRuleResponse.class, description = "Authorizes a particular ingress rule for this security group")
+@Implementation(responseObject = EgressRuleResponse.class, description = "Authorizes a particular egress rule for this security group")
@SuppressWarnings("rawtypes")
 public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
    public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupEgressCmd.class.getName());
-    private static final String s_name = "authorizesecuritygroupingress";
+    private static final String s_name = "authorizesecuritygroupegress";
    // ///////////////////////////////////////////////////
    // ////////////// API parameters /////////////////////
@ -56,10 +56,10 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
    @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "TCP is default. UDP is the other supported protocol")
    private String protocol;
-    @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this ingress rule")
+    @Parameter(name = ApiConstants.START_PORT, type = CommandType.INTEGER, description = "start port for this egress rule")
    private Integer startPort;
-    @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this ingress rule")
+    @Parameter(name = ApiConstants.END_PORT, type = CommandType.INTEGER, description = "end port for this egress rule")
    private Integer endPort;
    @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
@ -177,7 +177,7 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
    @Override
    public String getEventType() {
-        return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS;
+        return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS;
    }
    @Override
@ -203,20 +203,20 @@ public class AuthorizeSecurityGroupEgressCmd extends BaseAsyncCmd {
            sb.append("cidr list: ");
            sb.append(StringUtils.join(getCidrList(), ", "));
        } else {
-            sb.append("<error:  no ingress parameters>");
+            sb.append("<error:  no egress parameters>");
        }
-        return "authorizing ingress to group: " + getSecurityGroupId() + " to " + sb.toString();
+        return "authorizing egress to group: " + getSecurityGroupId() + " to " + sb.toString();
    }
    @Override
    public void execute() {
-        List<? extends EgressRule> egressRules = _securityGroupService.authorizeSecurityGroupEgress(this);
+        List<? extends IngressRule> egressRules = _securityGroupService.authorizeSecurityGroupEgress(this);
        if (egressRules != null && !egressRules.isEmpty()) {
            SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromEgressRule(egressRules);
            this.setResponseObject(response);
        } else {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)");
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group egress rule(s)");
        }
    }
--- a/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/com/cloud/api/commands/RevokeSecurityGroupEgressCmd.java
@ -32,17 +32,17 @@ import com.cloud.event.EventTypes;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.user.Account;
-@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular ingress rule from this security group")
+@Implementation(responseObject = SuccessResponse.class, description = "Deletes a particular egress rule from this security group")
 public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
    public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupEgressCmd.class.getName());
-    private static final String s_name = "revokesecuritygroupingress";
+    private static final String s_name = "revokesecuritygroupegress";
    // ///////////////////////////////////////////////////
    // ////////////// API parameters /////////////////////
    // ///////////////////////////////////////////////////
-    @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the ingress rule")
+    @Parameter(name = ApiConstants.ID, type = CommandType.LONG, required = true, description = "The ID of the egress rule")
    private Long id;
    // ///////////////////////////////////////////////////
@ -63,7 +63,7 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
    }
    public static String getResultObjectName() {
-        return "revokesecuritygroupingress";
+        return "revokesecuritygroupegress";
    }
    @Override
@ -78,12 +78,12 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
    @Override
    public String getEventType() {
-        return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS;
+        return EventTypes.EVENT_SECURITY_GROUP_REVOKE_EGRESS;
    }
    @Override
    public String getEventDescription() {
-        return "revoking ingress rule id: " + getId();
+        return "revoking egress rule id: " + getId();
    }
    @Override
@ -93,7 +93,7 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
            SuccessResponse response = new SuccessResponse(getCommandName());
            this.setResponseObject(response);
        } else {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group ingress rule");
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to revoke security group egress rule");
        }
    }
--- a/api/src/com/cloud/api/response/EgressRuleResponse.java
+++ b/api/src/com/cloud/api/response/EgressRuleResponse.java
@ -22,10 +22,10 @@ import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 public class EgressRuleResponse extends BaseResponse {
-    @SerializedName("ruleid") @Param(description="the id of the ingress rule")
+    @SerializedName("ruleid") @Param(description="the id of the egress rule")
    private Long ruleId;
-    @SerializedName("protocol") @Param(description="the protocol of the ingress rule")
+    @SerializedName("protocol") @Param(description="the protocol of the egress rule")
    private String protocol;
    @SerializedName(ApiConstants.ICMP_TYPE) @Param(description="the type of the ICMP message response")
@ -34,19 +34,19 @@ public class EgressRuleResponse extends BaseResponse {
    @SerializedName(ApiConstants.ICMP_CODE) @Param(description="the code for the ICMP message response")
    private Integer icmpCode;
-    @SerializedName(ApiConstants.START_PORT) @Param(description="the starting IP of the ingress rule")
+    @SerializedName(ApiConstants.START_PORT) @Param(description="the starting IP of the egress rule")
    private Integer startPort;
-    @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the ingress rule ")
+    @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the egress rule ")
    private Integer endPort;
    @SerializedName(ApiConstants.SECURITY_GROUP_NAME) @Param(description="security group name")
    private String securityGroupName;
-    @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the ingress rule")
+    @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the egress rule")
    private String accountName;
-    @SerializedName(ApiConstants.CIDR) @Param(description="the CIDR notation for the base IP address of the ingress rule")
+    @SerializedName(ApiConstants.CIDR) @Param(description="the CIDR notation for the base IP address of the egress rule")
    private String cidr;
    public Long getRuleId() {
--- a/api/src/com/cloud/api/response/SecurityGroupResponse.java
+++ b/api/src/com/cloud/api/response/SecurityGroupResponse.java
@ -51,8 +51,8 @@ public class SecurityGroupResponse extends BaseResponse {
    @SerializedName("ingressrule")  @Param(description="the list of ingress rules associated with the security group", responseObject = IngressRuleResponse.class)
    private List<IngressRuleResponse> ingressRules;
-    @SerializedName("egressrule")  @Param(description="the list of ingress rules associated with the security group", responseObject = EgressRuleResponse.class)
+    @SerializedName("egressrule")  @Param(description="the list of egress rules associated with the security group", responseObject = EgressRuleResponse.class)
-    private List<EgressRuleResponse> egressRules;
+    private List<IngressRuleResponse> egressRules;
    public Long getId() {
        return id;
@ -106,7 +106,7 @@ public class SecurityGroupResponse extends BaseResponse {
        return ingressRules;
    }
-    public List<EgressRuleResponse> getEgressRules() {
+    public List<IngressRuleResponse> getEgressRules() {
        return egressRules;
    }
@ -114,7 +114,7 @@ public class SecurityGroupResponse extends BaseResponse {
        this.ingressRules = ingressRules;
    }
-    public void setEgressRules(List<EgressRuleResponse> egressRules) {
+    public void setEgressRules(List<IngressRuleResponse> egressRules) {
        this.egressRules = egressRules;
    }
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@ -170,8 +170,10 @@ public class EventTypes {
 	public static final String EVENT_CONFIGURATION_VALUE_EDIT = "CONFIGURATION.VALUE.EDIT";
 	// Security Groups
-	public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS";
+    public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS";
    public static final String EVENT_SECURITY_GROUP_REVOKE_INGRESS = "SG.REVOKE.INGRESS";
    public static final String EVENT_SECURITY_GROUP_AUTHORIZE_EGRESS = "SG.AUTH.EGRESS";
    public static final String EVENT_SECURITY_GROUP_REVOKE_EGRESS = "SG.REVOKE.EGRESS";
    public static final String EVENT_SECURITY_GROUP_CREATE = "SG.CREATE";
    public static final String EVENT_SECURITY_GROUP_DELETE = "SG.DELETE";
--- a/api/src/com/cloud/network/security/IngressRule.java
+++ b/api/src/com/cloud/network/security/IngressRule.java
@ -25,6 +25,8 @@ import com.cloud.async.AsyncInstanceCreateStatus;
 */
 public interface IngressRule {
    long getId();
    public int getType();
    long getSecurityGroupId();
--- a/api/src/com/cloud/network/security/SecurityGroupRules.java
+++ b/api/src/com/cloud/network/security/SecurityGroupRules.java
@ -39,4 +39,6 @@ public interface SecurityGroupRules {
    Long getAllowedNetworkId();
    String getAllowedSourceIpCidr();
    int getType();
 }
--- a/api/src/com/cloud/network/security/SecurityGroupService.java
+++ b/api/src/com/cloud/network/security/SecurityGroupService.java
@ -50,6 +50,6 @@ public interface SecurityGroupService {
    public List<? extends SecurityGroupRules> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
    public List<? extends IngressRule> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd);
-    public List<? extends EgressRule> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd);
+    public List<? extends IngressRule> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd);
 }
--- a/core/src/com/cloud/network/security/EgressRuleVO.java
+++ b/core/src/com/cloud/network/security/EgressRuleVO.java
@ -1,126 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.EnumType;
 import javax.persistence.Enumerated;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import com.cloud.async.AsyncInstanceCreateStatus;
 import com.google.gson.annotations.Expose;
@Entity
@Table(name = ("security_egress_rule"))
 public class EgressRuleVO implements EgressRule {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id")
    private long id;
    @Column(name = "security_group_id")
    private long securityGroupId;
    @Column(name = "start_port")
    private int startPort;
    @Column(name = "end_port")
    private int endPort;
    @Column(name = "protocol")
    private String protocol;
    @Column(name = "allowed_network_id", nullable = true)
    private Long allowedNetworkId = null;
    @Column(name = "allowed_ip_cidr", nullable = true)
    private String allowedDestinationIpCidr = null;
    @Expose
    @Column(name = "create_status", updatable = true, nullable = false)
    @Enumerated(value = EnumType.STRING)
    private AsyncInstanceCreateStatus createStatus;
    public EgressRuleVO() {
    }
    public EgressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId) {
        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
        this.allowedNetworkId = allowedNetworkId;
    }
    public EgressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
        this.allowedDestinationIpCidr = allowedIpCidr;
    }
    @Override
    public long getId() {
        return id;
    }
    @Override
    public long getSecurityGroupId() {
        return securityGroupId;
    }
    @Override
    public int getStartPort() {
        return startPort;
    }
    @Override
    public int getEndPort() {
        return endPort;
    }
    @Override
    public String getProtocol() {
        return protocol;
    }
    @Override
    public AsyncInstanceCreateStatus getCreateStatus() {
        return createStatus;
    }
    public void setCreateStatus(AsyncInstanceCreateStatus createStatus) {
        this.createStatus = createStatus;
    }
    @Override
    public Long getAllowedNetworkId() {
        return allowedNetworkId;
    }
    @Override
    public String getAllowedDestinationIpCidr() {
        return allowedDestinationIpCidr;
    }
 }
--- a/core/src/com/cloud/network/security/IngressRuleVO.java
+++ b/core/src/com/cloud/network/security/IngressRuleVO.java
@ -46,6 +46,9 @@ public class IngressRuleVO implements IngressRule {
    @Column(name = "end_port")
    private int endPort;
    @Column(name = "type")
    private int type;
    @Column(name = "protocol")
    private String protocol;
@ -64,20 +67,22 @@ public class IngressRuleVO implements IngressRule {
    public IngressRuleVO() {
    }
-    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId) {
+    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, int type) {
        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
        this.allowedNetworkId = allowedNetworkId;
        this.type = type;
    }
-    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
+    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr, int type) {
        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
        this.allowedSourceIpCidr = allowedIpCidr;
        this.type = type;
    }
    @Override
@ -100,6 +105,11 @@ public class IngressRuleVO implements IngressRule {
        return endPort;
    }
    @Override
    public int getType() {
        return type;
    } 
    @Override
    public String getProtocol() {
        return protocol;
--- a/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupEgressRulesVO.java
@ -1,141 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.PrimaryKeyJoinColumn;
 import javax.persistence.SecondaryTable;
 import javax.persistence.Table;
@Entity
@Table(name = ("security_group"))
@SecondaryTable(name = "security_egress_rule", join = "left", pkJoinColumns = { @PrimaryKeyJoinColumn(name = "id", referencedColumnName = "security_group_id") })
 public class SecurityGroupEgressRulesVO implements SecurityGroupRules {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id")
    private long id;
    @Column(name = "name")
    private String name;
    @Column(name = "description")
    private String description;
    @Column(name = "domain_id")
    private Long domainId;
    @Column(name = "account_id")
    private Long accountId;
    @Column(name = "id", table = "security_egress_rule", insertable = false, updatable = false)
    private Long ruleId;
    @Column(name = "start_port", table = "security_egress_rule", insertable = false, updatable = false)
    private int startPort;
    @Column(name = "end_port", table = "security_egress_rule", insertable = false, updatable = false)
    private int endPort;
    @Column(name = "protocol", table = "security_egress_rule", insertable = false, updatable = false)
    private String protocol;
    @Column(name = "allowed_network_id", table = "security_egress_rule", insertable = false, updatable = false, nullable = true)
    private Long allowedNetworkId = null;
    @Column(name = "allowed_ip_cidr", table = "security_egress_rule", insertable = false, updatable = false, nullable = true)
    private String allowedDestinationIpCidr = null;
    public SecurityGroupEgressRulesVO() {
    }
    public SecurityGroupEgressRulesVO(long id, String name, String description, Long domainId, Long accountId, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId,
            String allowedDestinationIpCidr) {
        this.id = id;
        this.name = name;
        this.description = description;
        this.domainId = domainId;
        this.accountId = accountId;
        this.ruleId = ruleId;
        this.startPort = startPort;
        this.endPort = endPort;
        this.protocol = protocol;
        this.allowedNetworkId = allowedNetworkId;
        this.allowedDestinationIpCidr = allowedDestinationIpCidr;
    }
    @Override
    public long getId() {
        return id;
    }
    @Override
    public String getName() {
        return name;
    }
    @Override
    public String getDescription() {
        return description;
    }
    @Override
    public Long getDomainId() {
        return domainId;
    }
    @Override
    public Long getAccountId() {
        return accountId;
    }
    @Override
    public Long getRuleId() {
        return ruleId;
    }
    @Override
    public int getStartPort() {
        return startPort;
    }
    @Override
    public int getEndPort() {
        return endPort;
    }
    @Override
    public String getProtocol() {
        return protocol;
    }
    @Override
    public Long getAllowedNetworkId() {
        return allowedNetworkId;
    }
    @Override
    public String getAllowedSourceIpCidr() { /* FIXME: need to rename the method name, for this the interface need to change or need create a new interface */
        return allowedDestinationIpCidr;
    }
 }
--- a/core/src/com/cloud/network/security/SecurityGroupRulesVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java
@ -35,7 +35,7 @@ public class SecurityGroupRulesVO implements SecurityGroupRules {
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id")
    private long id;
-
+    
    @Column(name = "name")
    private String name;
@ -51,6 +51,9 @@ public class SecurityGroupRulesVO implements SecurityGroupRules {
    @Column(name = "id", table = "security_ingress_rule", insertable = false, updatable = false)
    private Long ruleId;
    @Column(name = "type", table = "security_ingress_rule", insertable = false, updatable = false)
    private int type;
    @Column(name = "start_port", table = "security_ingress_rule", insertable = false, updatable = false)
    private int startPort;
@ -88,6 +91,11 @@ public class SecurityGroupRulesVO implements SecurityGroupRules {
    public long getId() {
        return id;
    }
    @Override
    public int getType() {
        return type;
    }
    @Override
    public String getName() {
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@ -1056,12 +1056,12 @@ def network_rules(session, args):
            if protocol == 'all':
                if type == 'egress':
-                    iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT']
+                    iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP']
                else:
                    iptables = ['iptables', '-I', vmchain, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
            elif protocol != 'icmp':
                if type == 'egress':
-                    iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT']
+                    iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP']
                else:
                    iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
            else:
@ -1069,7 +1069,7 @@ def network_rules(session, args):
                if start == "-1":
                    range = "any"
                    if type == 'egress':
-                        iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'ACCEPT']
+                        iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'dst', '-j', 'DROP']
                    else:
                        iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
            util.pread2(iptables)
@ -1077,16 +1077,25 @@ def network_rules(session, args):
        if allow_any and protocol != 'all':
            if protocol != 'icmp':
-                iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'ACCEPT']
+                if type == 'egress':
                    iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'DROP']
                else:
                    iptables = ['iptables', '-I', vmchain, '-p',  protocol, '-m', protocol, '--dport', range, '-m', 'state', '--state', 'NEW', '-j', 'ACCEPT']
            else:
                range = start + "/" + end
                if start == "-1":
                    range = "any"
-                    iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
+                    if type == 'egress':
                        iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'DROP']
                    else:
                        iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
            util.pread2(iptables)
            util.SMlog(iptables)
-    util.pread2(['iptables', '-A', vmchain, '-j', 'DROP'])
+    if type == 'egress':
        util.pread2(['iptables', '-A', vmchain, '-j', 'ACCEPT'])
    else:
        util.pread2(['iptables', '-A', vmchain, '-j', 'DROP'])
    if write_rule_log_for_vm(vm_name, vm_id, vm_ip, domid, signature, seqno) == False:
        return 'false'
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@ -578,8 +578,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
    if ruletype == 'egress':
        vmchain = vm_name + "-egress"
        action = "DROP"
    else:
        vmchain = vm_name
        action = "ACCEPT"
    changes = []
@ -621,13 +623,13 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
            if protocol == 'all':
                for ip in ips:
                    if ruletype == 'egress':
-                        execute("iptables -I " + vmchain + " -m state --state NEW -d " + ip + " -j ACCEPT")
+                        execute("iptables -I " + vmchain + " -m state --state NEW -d " + ip + " -j DROP")
                    else:
                        execute("iptables -I " + vmchain + " -m state --state NEW -s " + ip + " -j ACCEPT")
            elif protocol != 'icmp':
                for ip in ips:
                    if ruletype == 'egress':
-                        execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -d " + ip + " -j ACCEPT")
+                        execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -d " + ip + " -j DROP")
                    else:
                        execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -s " + ip + " -j ACCEPT")
            else:
@ -636,20 +638,23 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
                    range = "any"
                    for ip in ips:
                        if ruletype == 'egress':
-                            execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -d " + ip + " -j ACCEPT")
+                            execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -d " + ip + " -j DROP")
                        else:
                            execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -s " + ip + " -j ACCEPT")
        if allow_any and protocol != 'all':
            if protocol != 'icmp':
-                execute("iptables -I " + vmchain + " -p " + protocol + " -m " +  protocol + " --dport " + range + " -m state --state NEW -j ACCEPT")
+                execute("iptables -I " + vmchain + " -p " + protocol + " -m " +  protocol + " --dport " + range + " -m state --state NEW -j " + action)
            else:
                range = start + "/" + end
                if start == "-1":
                    range = "any"
-                    execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -j ACCEPT")
+                    execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " -j "+action)
-    iptables =  "iptables -A " + vmchain + " -j DROP"       
+    if ruletype == 'egress':
        iptables =  "iptables -A " + vmchain + " -j ACCEPT"       
    else:
        iptables =  "iptables -A " + vmchain + " -j DROP"       
    execute(iptables)
    if write_rule_log_for_vm(vmName, vm_id, vm_ip, domId, signature, seqno) == False:
        return 'false'
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@ -1585,7 +1585,8 @@ public class ApiResponseHelper implements ResponseGenerator {
            List<IngressRuleResultObject> ingressRules = networkGroup.getIngressRules();
            if ((ingressRules != null) && !ingressRules.isEmpty()) {
                List<IngressRuleResponse> ingressRulesResponse = new ArrayList<IngressRuleResponse>();
-
+                List<IngressRuleResponse> egressRulesResponse = new ArrayList<IngressRuleResponse>();
                for (IngressRuleResultObject ingressRule : ingressRules) {
                    IngressRuleResponse ingressData = new IngressRuleResponse();
@ -1606,38 +1607,18 @@ public class ApiResponseHelper implements ResponseGenerator {
                        ingressData.setCidr(ingressRule.getAllowedSourceIpCidr());
                    }
-                    ingressData.setObjectName("ingressrule");
+                    if (ingressRule.getType() == 1)
-                    ingressRulesResponse.add(ingressData);
+                    {
                        ingressData.setObjectName("ingressrule");
                        ingressRulesResponse.add(ingressData);
                    }
                    else
                    {
                    	ingressData.setObjectName("egressrule");
                        egressRulesResponse.add(ingressData);
                    }
                }
                netGrpResponse.setIngressRules(ingressRulesResponse);
            }
            List<EgressRuleResultObject> egressRules = networkGroup.getEgressRules();
            if ((egressRules != null) && !egressRules.isEmpty()) {
                List<EgressRuleResponse> egressRulesResponse = new ArrayList<EgressRuleResponse>();
                for (EgressRuleResultObject egressRule : egressRules) {
                    EgressRuleResponse egressData = new EgressRuleResponse();
                    egressData.setRuleId(egressRule.getId());
                    egressData.setProtocol(egressRule.getProtocol());
                    if ("icmp".equalsIgnoreCase(egressRule.getProtocol())) {
                        egressData.setIcmpType(egressRule.getStartPort());
                        egressData.setIcmpCode(egressRule.getEndPort());
                    } else {
                        egressData.setStartPort(egressRule.getStartPort());
                        egressData.setEndPort(egressRule.getEndPort());
                    }
                    if (egressRule.getAllowedSecurityGroup() != null) {
                        egressData.setSecurityGroupName(egressRule.getAllowedSecurityGroup());
                        egressData.setAccountName(egressRule.getAllowedSecGroupAcct());
                    } else {
                        egressData.setCidr(egressRule.getAllowedDestinationIpCidr());
                    }
                    egressData.setObjectName("egressrule");
                    egressRulesResponse.add(egressData);
                }
                netGrpResponse.setEgressRules(egressRulesResponse);
            }
            netGrpResponse.setObjectName("securitygroup");
@ -1662,7 +1643,6 @@ public class ApiResponseHelper implements ResponseGenerator {
        response.setObjectName("securitygroup");
        return response;
    }
    @Override
@ -2040,7 +2020,7 @@ public class ApiResponseHelper implements ResponseGenerator {
    }
    @Override
-    public SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List<? extends EgressRule> egressRules) {
+    public SecurityGroupResponse createSecurityGroupResponseFromEgressRule(List<? extends IngressRule> egressRules) {
        SecurityGroupResponse response = new SecurityGroupResponse();
        Map<Long, Account> securiytGroupAccounts = new HashMap<Long, Account>();
        Map<Long, SecurityGroup> allowedSecurityGroups = new HashMap<Long, SecurityGroup>();
@ -2063,9 +2043,9 @@ public class ApiResponseHelper implements ResponseGenerator {
            response.setDomainId(account.getDomainId());
            response.setDomainName(ApiDBUtils.findDomainById(securityGroup.getDomainId()).getName());
-            List<EgressRuleResponse> responses = new ArrayList<EgressRuleResponse>();
+            List<IngressRuleResponse> responses = new ArrayList<IngressRuleResponse>();
-            for (EgressRule egressRule : egressRules) {
+            for (IngressRule egressRule : egressRules) {
-                EgressRuleResponse egressData = new EgressRuleResponse();
+                IngressRuleResponse egressData = new IngressRuleResponse();
                egressData.setRuleId(egressRule.getId());
                egressData.setProtocol(egressRule.getProtocol());
@ -2095,7 +2075,7 @@ public class ApiResponseHelper implements ResponseGenerator {
                    egressData.setAccountName(allowedAccount.getAccountName());
                } else {
-                    egressData.setCidr(egressRule.getAllowedDestinationIpCidr());
+                    egressData.setCidr(egressRule.getAllowedSourceIpCidr());
                }
                egressData.setObjectName("egressrule");
--- a/server/src/com/cloud/api/response/IngressRuleResultObject.java
+++ b/server/src/com/cloud/api/response/IngressRuleResultObject.java
@ -31,7 +31,10 @@ public class IngressRuleResultObject {
    private int endPort;
    @Param(name="protocol")
-    private String protocol;
+    private String protocol;
    @Param(name="type")
    private int type;
    @Param(name="securitygroup")
    private String allowedSecurityGroup = null;
@ -60,6 +63,14 @@ public class IngressRuleResultObject {
    public void setId(Long id) {
        this.id = id;
    }
    public int getType() {
        return type;
    }
    public void setType(int type) {
        this.type = type;
    }
    public int getStartPort() {
--- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java
+++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java
@ -27,7 +27,6 @@ import com.cloud.api.ApiDBUtils;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.network.security.SecurityGroupRules;
 import com.cloud.network.security.SecurityGroupRulesVO;
 import com.cloud.network.security.SecurityGroupEgressRulesVO;
 import com.cloud.serializer.Param;
 import com.cloud.user.Account;
@ -38,6 +37,9 @@ public class SecurityGroupResultObject {
    @Param(name = "name")
    private String name;
    @Param(name = "type")
    private int type;
    @Param(name = "description")
    private String description;
@ -77,6 +79,14 @@ public class SecurityGroupResultObject {
        this.id = id;
    }
    public Long getType() {
        return id;
    }
    public void setType(int type) {
        this.type = type;
    }
    public String getName() {
        return name;
    }
@ -163,6 +173,7 @@ public class SecurityGroupResultObject {
                    groupResult.setName(netGroupRule.getName());
                    groupResult.setDescription(netGroupRule.getDescription());
                    groupResult.setDomainId(netGroupRule.getDomainId());
                    groupResult.setType(netGroupRule.getType());
                    Account account = accounts.get(netGroupRule.getAccountId());
                    if (account == null) {
@ -183,6 +194,7 @@ public class SecurityGroupResultObject {
                    ingressData.setStartPort(netGroupRule.getStartPort());
                    ingressData.setId(netGroupRule.getRuleId());
                    ingressData.setProtocol(netGroupRule.getProtocol());
                    ingressData.setType(netGroupRule.getType());
                    Long allowedSecurityGroupId = netGroupRule.getAllowedNetworkId();
                    if (allowedSecurityGroupId != null) {
--- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java
+++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java
@ -98,10 +98,8 @@ import com.cloud.network.router.VirtualNetworkApplianceManagerImpl;
 import com.cloud.network.rules.RulesManagerImpl;
 import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl;
 import com.cloud.network.security.SecurityGroupManagerImpl;
 import com.cloud.network.security.dao.EgressRuleDaoImpl;
 import com.cloud.network.security.dao.IngressRuleDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupEgressRulesDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl;
@ -204,10 +202,8 @@ public class DefaultComponentLibrary extends ComponentLibraryBase implements Com
        addDao("DataCenterIpAddressDao", DataCenterIpAddressDaoImpl.class);
        addDao("SecurityGroupDao", SecurityGroupDaoImpl.class);
        addDao("IngressRuleDao", IngressRuleDaoImpl.class);
        addDao("EgressRuleDao", EgressRuleDaoImpl.class);
        addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class);
        addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class);
        addDao("SecurityGroupEgressRulesDao", SecurityGroupEgressRulesDaoImpl.class);
        addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class);
        addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class);
        addDao("AlertDao", AlertDaoImpl.class);
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@ -69,11 +69,9 @@ import com.cloud.exception.ResourceInUseException;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.security.SecurityGroupWorkVO.Step;
 import com.cloud.network.security.dao.EgressRuleDao;
 import com.cloud.network.security.dao.IngressRuleDao;
 import com.cloud.network.security.dao.SecurityGroupDao;
 import com.cloud.network.security.dao.SecurityGroupRulesDao;
 import com.cloud.network.security.dao.SecurityGroupEgressRulesDao;
 import com.cloud.network.security.dao.SecurityGroupVMMapDao;
 import com.cloud.network.security.dao.SecurityGroupWorkDao;
 import com.cloud.network.security.dao.VmRulesetLogDao;
@ -120,14 +118,10 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
    @Inject
    IngressRuleDao _ingressRuleDao;
    @Inject
    EgressRuleDao _egressRuleDao;
    @Inject
    SecurityGroupVMMapDao _securityGroupVMMapDao;
    @Inject
    SecurityGroupRulesDao _securityGroupRulesDao;
    @Inject
    SecurityGroupEgressRulesDao _securityGroupEgressRulesDao;
    @Inject
    UserVmDao _userVMDao;
    @Inject
    AccountDao _accountDao;
@ -151,7 +145,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
    NetworkManager _networkMgr;
    @Inject
    AccountManager _accountMgr;
-
+    public static final int INGRESS_RULE = 1 ;
    public static final int EGRESS_RULE = 2 ;
    ScheduledExecutorService _executorPool;
    ScheduledExecutorService _cleanupExecutor;
@ -332,8 +327,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
        List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId);
        for (SecurityGroupVMMapVO mapVO : groupsForVm) {
-            List<EgressRuleVO> rules = _egressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId());
+            List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId(),EGRESS_RULE);
-            for (EgressRuleVO rule : rules) {
+            for (IngressRuleVO rule : rules) {
                PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort());
                Set<String> cidrs = allowed.get(portAndProto);
                if (cidrs == null) {
@ -349,8 +344,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
                            cidrs.add(cidr);
                        }
                    }
-                } else if (rule.getAllowedDestinationIpCidr() != null) {
+                } else if (rule.getAllowedSourceIpCidr() != null) {
-                    cidrs.add(rule.getAllowedDestinationIpCidr());
+                    cidrs.add(rule.getAllowedSourceIpCidr());
                }
                if (cidrs.size() > 0) {
                    allowed.put(portAndProto, cidrs);
@ -366,7 +361,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
        List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId);
        for (SecurityGroupVMMapVO mapVO : groupsForVm) {
-            List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId());
+            List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId(), INGRESS_RULE);
            for (IngressRuleVO rule : rules) {
                PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort());
                Set<String> cidrs = allowed.get(portAndProto);
@ -718,21 +713,21 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
                        return null;
                    }
                }
-                IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId());
+                IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId(), INGRESS_RULE);
                if (ingressRule != null) {
                    continue; // rule already exists.
                }
-                ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId());
+                ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId(),INGRESS_RULE);
                ingressRule = _ingressRuleDao.persist(ingressRule);
                newRules.add(ingressRule);
            }
            if (cidrList != null) {
                for (String cidr : cidrList) {
-                    IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr);
+                    IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr, INGRESS_RULE);
                    if (ingressRule != null) {
                        continue;
                    }
-                    ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr);
+                    ingressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr,INGRESS_RULE);
                    ingressRule = _ingressRuleDao.persist(ingressRule);
                    newRules.add(ingressRule);
                }
@ -806,7 +801,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
    @Override
    @DB
    @SuppressWarnings("rawtypes")
-    public List<EgressRuleVO> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd) {
+    public List<IngressRuleVO> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd) {
        Long securityGroupId = cmd.getSecurityGroupId();
        String protocol = cmd.getProtocol();
        Integer startPort = cmd.getStartPort();
@ -931,7 +926,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
            s_logger.warn("Could not acquire lock on network security group: id= " + securityGroupId);
            return null;
        }
-        List<EgressRuleVO> newRules = new ArrayList<EgressRuleVO>();
+        List<IngressRuleVO> newRules = new ArrayList<IngressRuleVO>();
        try {
            for (final SecurityGroupVO ngVO : authorizedGroups2) {
                final Long ngId = ngVO.getId();
@ -944,22 +939,22 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
                        return null;
                    }
                }
-                EgressRuleVO egressRule = _egressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId());
+                IngressRuleVO egressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, ngVO.getId(), EGRESS_RULE);
                if (egressRule != null) {
                    continue; // rule already exists.
                }
-                egressRule = new EgressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId());
+                egressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, ngVO.getId(), EGRESS_RULE);
-                egressRule = _egressRuleDao.persist(egressRule);
+                egressRule = _ingressRuleDao.persist(egressRule);
                newRules.add(egressRule);
            }
            if (cidrList != null) {
                for (String cidr : cidrList) {
-                    EgressRuleVO egressRule = _egressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr);
+                    IngressRuleVO egressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(), protocol, startPortOrType, endPortOrCode, cidr, EGRESS_RULE);
                    if (egressRule != null) {
                        continue;
                    }
-                    egressRule = new EgressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr);
+                    egressRule = new IngressRuleVO(securityGroup.getId(), startPortOrType, endPortOrCode, protocol, cidr, EGRESS_RULE);
-                    egressRule = _egressRuleDao.persist(egressRule);
+                    egressRule = _ingressRuleDao.persist(egressRule);
                    newRules.add(egressRule);
                }
            }
@ -988,7 +983,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
        Account caller = UserContext.current().getCaller();
        Long id = cmd.getId();
-        EgressRuleVO rule = _egressRuleDao.findById(id);
+        IngressRuleVO rule = _ingressRuleDao.findById(id);
        if (rule == null) {
            s_logger.debug("Unable to find egress rule with id " + id);
            throw new InvalidParameterValueException("Unable to find egress rule with id " + id);
@ -1010,7 +1005,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
                return false;
            }
-            _egressRuleDao.remove(id);
+            _ingressRuleDao.remove(id);
            s_logger.debug("revokeSecurityGroupEgress succeeded for ingress rule id: " + id);
            final Set<Long> affectedVms = new HashSet<Long>();
@ -1389,7 +1384,6 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
        List<SecurityGroupVO> securityGroups = _securityGroupDao.search(sc, searchFilter);
        for (SecurityGroupVO group : securityGroups) {
            securityRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId()));
            securityRulesList.addAll(_securityGroupEgressRulesDao.listSecurityEgressRulesByGroupId(group.getId()));
        }
        return securityRulesList;
--- a/server/src/com/cloud/network/security/dao/EgressRuleDao.java
+++ b/server/src/com/cloud/network/security/dao/EgressRuleDao.java
@ -1,36 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import com.cloud.network.security.EgressRuleVO;
 import com.cloud.utils.db.GenericDao;
 public interface EgressRuleDao extends GenericDao<EgressRuleVO, Long> {
    List<EgressRuleVO> listBySecurityGroupId(long networkGroupId);
    List<EgressRuleVO> listByAllowedSecurityGroupId(long networkGroupId);
    EgressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr);
    EgressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup);
    EgressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId);
    int deleteBySecurityGroup(long securityGroupId);
 	int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id);
 	int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr);
 }
--- a/server/src/com/cloud/network/security/dao/EgressRuleDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/EgressRuleDaoImpl.java
@ -1,167 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import java.util.Map;
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
 import com.cloud.network.security.EgressRuleVO;
 import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@Local(value={EgressRuleDao.class})
 public class EgressRuleDaoImpl extends GenericDaoBase<EgressRuleVO, Long> implements EgressRuleDao {
 	@Inject SecurityGroupDao _securityGroupDao;
    protected SearchBuilder<EgressRuleVO> securityGroupIdSearch;
    protected SearchBuilder<EgressRuleVO> allowedSecurityGroupIdSearch;
    protected SearchBuilder<EgressRuleVO> protoPortsAndCidrSearch;
    protected SearchBuilder<EgressRuleVO> protoPortsAndSecurityGroupNameSearch;
    protected SearchBuilder<EgressRuleVO> protoPortsAndSecurityGroupIdSearch;
    protected EgressRuleDaoImpl() {
        securityGroupIdSearch  = createSearchBuilder();
        securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        securityGroupIdSearch.done();
        allowedSecurityGroupIdSearch  = createSearchBuilder();
        allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
        allowedSecurityGroupIdSearch.done();
        protoPortsAndCidrSearch = createSearchBuilder();
        protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedDestinationIpCidr(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.done();
        protoPortsAndSecurityGroupIdSearch = createSearchBuilder();
        protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);        
        protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
    }
    public List<EgressRuleVO> listBySecurityGroupId(long securityGroupId) {
        SearchCriteria<EgressRuleVO> sc = securityGroupIdSearch.create();
        sc.setParameters("securityGroupId", securityGroupId);
        return listBy(sc);
    }
    public int deleteBySecurityGroup(long securityGroupId) {
        SearchCriteria<EgressRuleVO> sc = securityGroupIdSearch.create();
        sc.setParameters("securityGroupId", securityGroupId);
        return expunge(sc);
    }
 	@Override
 	public List<EgressRuleVO> listByAllowedSecurityGroupId(long securityGroupId) {
 		 SearchCriteria<EgressRuleVO> sc = allowedSecurityGroupIdSearch.create();
 		 sc.setParameters("allowedNetworkId", securityGroupId);
 		 return listBy(sc);
 	}
 	@Override
 	public EgressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort,
 			int endPort, String cidr) {
 		SearchCriteria<EgressRuleVO> sc = protoPortsAndCidrSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("cidr", cidr);
 		return findOneIncludingRemovedBy(sc);
 	}
 	@Override
 	public EgressRuleVO findByProtoPortsAndGroup(String proto, int startPort,
 			int endPort, String securityGroup) {
 		SearchCriteria<EgressRuleVO> sc = protoPortsAndSecurityGroupNameSearch.create();
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setJoinParameters("groupName", "groupName", securityGroup);
 		return findOneIncludingRemovedBy(sc);
 	}
 	@Override
 	public boolean configure(String name, Map<String, Object> params)
 			throws ConfigurationException {
 		protoPortsAndSecurityGroupNameSearch = createSearchBuilder();
        protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
        SearchBuilder<SecurityGroupVO> ngSb = _securityGroupDao.createSearchBuilder();
        ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
        protoPortsAndSecurityGroupNameSearch.done();
 		return super.configure(name, params);
 	}
 	@Override
 	public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
 		SearchCriteria<EgressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("allowedNetworkId", allowedGroupId);
        return expunge(sc);
 	}
 	@Override
 	public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) {
 		SearchCriteria<EgressRuleVO> sc = protoPortsAndCidrSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("cidr", cidr);
 		return expunge(sc);
 	}
 	@Override
 	public EgressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto,
 			int startPort, int endPort, Long allowedGroupId) {
 		SearchCriteria<EgressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
 		sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("allowedNetworkId", allowedGroupId);
        return findOneIncludingRemovedBy(sc);
 	}
 }
--- a/server/src/com/cloud/network/security/dao/IngressRuleDao.java
+++ b/server/src/com/cloud/network/security/dao/IngressRuleDao.java
@ -24,13 +24,13 @@ import com.cloud.network.security.IngressRuleVO;
 import com.cloud.utils.db.GenericDao;
 public interface IngressRuleDao extends GenericDao<IngressRuleVO, Long> {
-    List<IngressRuleVO> listBySecurityGroupId(long networkGroupId);
+    List<IngressRuleVO> listBySecurityGroupId(long networkGroupId, int type);
    List<IngressRuleVO> listByAllowedSecurityGroupId(long networkGroupId);
-    IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr);
+    IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr,int type);
-    IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup);
+    IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup,int type);
-    IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId);
+    IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId,int type);
-    int deleteBySecurityGroup(long securityGroupId);
+    int deleteBySecurityGroup(long securityGroupId,int type);
-	int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id);
+	int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id,int type);
-	int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr);
+	int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr,int type);
 }
--- a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java
@ -47,7 +47,8 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
    protected IngressRuleDaoImpl() {
        securityGroupIdSearch  = createSearchBuilder();
-        securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
+        securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        securityGroupIdSearch.and("type", securityGroupIdSearch.entity().getType(), SearchCriteria.Op.EQ);
        securityGroupIdSearch.done();
        allowedSecurityGroupIdSearch  = createSearchBuilder();
@ -60,26 +61,31 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
        protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("type", protoPortsAndCidrSearch.entity().getType(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.done();
        protoPortsAndSecurityGroupIdSearch = createSearchBuilder();
        protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
-        protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);        
+        protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);   
        protoPortsAndSecurityGroupIdSearch.and("type", protoPortsAndSecurityGroupIdSearch.entity().getType(), SearchCriteria.Op.EQ);
        protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
    }
-    public List<IngressRuleVO> listBySecurityGroupId(long securityGroupId) {
+    public List<IngressRuleVO> listBySecurityGroupId(long securityGroupId, int type) {
        SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
-        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("type", type);
        return listBy(sc);
    }
-    public int deleteBySecurityGroup(long securityGroupId) {
+    public int deleteBySecurityGroup(long securityGroupId,int type) {
        SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
-        sc.setParameters("securityGroupId", securityGroupId);
+        sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("type", type);
        return expunge(sc);
    }
@ -87,29 +93,32 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
 	public List<IngressRuleVO> listByAllowedSecurityGroupId(long securityGroupId) {
 		 SearchCriteria<IngressRuleVO> sc = allowedSecurityGroupIdSearch.create();
 		 sc.setParameters("allowedNetworkId", securityGroupId);
 		 return listBy(sc);
 	}
 	@Override
 	public IngressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort,
-			int endPort, String cidr) {
+			int endPort, String cidr,int type) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("cidr", cidr);
 		sc.setParameters("type", type);
 		return findOneIncludingRemovedBy(sc);
 	}
 	@Override
 	public IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort,
-			int endPort, String securityGroup) {
+			int endPort, String securityGroup,int type) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupNameSearch.create();
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setJoinParameters("groupName", "groupName", securityGroup);
 		sc.setParameters("type", type);
 		return findOneIncludingRemovedBy(sc);
 	}
@ -128,39 +137,42 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
 	}
 	@Override
-	public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
+	public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId,int type) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("allowedNetworkId", allowedGroupId);
 		sc.setParameters("type", type);
        return expunge(sc);
 	}
 	@Override
-	public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) {
+	public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr,int type) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("cidr", cidr);
 		sc.setParameters("type", type);
 		return expunge(sc);
 	}
 	@Override
 	public IngressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto,
-			int startPort, int endPort, Long allowedGroupId) {
+			int startPort, int endPort, Long allowedGroupId,int type) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
 		sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
 		sc.setParameters("allowedNetworkId", allowedGroupId);
 		sc.setParameters("type", type);
        return findOneIncludingRemovedBy(sc);
 	}
--- a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDao.java
@ -1,53 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import com.cloud.network.security.SecurityGroupEgressRulesVO;
 import com.cloud.utils.db.GenericDao;
 public interface SecurityGroupEgressRulesDao extends GenericDao<SecurityGroupEgressRulesVO, Long> {
 	/**
 	 * List a security group and associated ingress rules
 	 * @param accountId the account id of the owner of the security group
 	 * @param groupName the name of the group for which to list rules
 	 * @return the list of ingress rules associated with the security group (and security group info)
 	 */
 	List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId, String groupName);
 	/**
 	 * List security groups and associated ingress rules
 	 * @param accountId the id of the account for which to list groups and associated rules
 	 * @return the list of security groups with associated ingress rules
 	 */
 	List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId);
    /**
     * List all security groups and associated ingress rules
     * @return the list of security groups with associated ingress rules
     */
    List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules();
    /**
     * List all security rules belonging to the specific group
     * @return the security group with associated ingress rules
     */
    List<SecurityGroupEgressRulesVO> listSecurityEgressRulesByGroupId(long groupId);
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupEgressRulesDaoImpl.java
@ -1,85 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import javax.ejb.Local;
 import com.cloud.network.security.SecurityGroupEgressRulesVO;
 import com.cloud.utils.db.Filter;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@Local(value={SecurityGroupEgressRulesDao.class})
 public class SecurityGroupEgressRulesDaoImpl extends GenericDaoBase<SecurityGroupEgressRulesVO, Long> implements SecurityGroupEgressRulesDao {
    private SearchBuilder<SecurityGroupEgressRulesVO> AccountGroupNameSearch;
    private SearchBuilder<SecurityGroupEgressRulesVO> AccountSearch;
    private SearchBuilder<SecurityGroupEgressRulesVO> GroupSearch;
    protected SecurityGroupEgressRulesDaoImpl() {
        AccountGroupNameSearch = createSearchBuilder();
        AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.done();
        AccountSearch = createSearchBuilder();
        AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountSearch.done();
        GroupSearch = createSearchBuilder();
        GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
        GroupSearch.done();
    }
    @Override
    public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules() {
        Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
        return listAll(searchFilter);
    }
    @Override
    public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId, String groupName) {
        Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupEgressRulesVO> sc = AccountGroupNameSearch.create();
        sc.setParameters("accountId", accountId);
        sc.setParameters("name", groupName);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<SecurityGroupEgressRulesVO> listSecurityGroupEgressRules(long accountId) {
        Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupEgressRulesVO> sc = AccountSearch.create();
        sc.setParameters("accountId", accountId);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<SecurityGroupEgressRulesVO> listSecurityEgressRulesByGroupId(long groupId) {
        Filter searchFilter = new Filter(SecurityGroupEgressRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupEgressRulesVO> sc = GroupSearch.create();
        sc.setParameters("groupId", groupId);
        return listBy(sc, searchFilter);
    }
 }
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@ -108,7 +108,6 @@ DROP TABLE IF EXISTS `cloud`.`ovs_work`;
 DROP TABLE IF EXISTS `cloud`.`remote_access_vpn`;
 DROP TABLE IF EXISTS `cloud`.`resource_count`;
 DROP TABLE IF EXISTS `cloud`.`security_ingress_rule`;
 DROP TABLE IF EXISTS `cloud`.`security_egress_rule`;
 DROP TABLE IF EXISTS `cloud`.`stack_maid`;
 DROP TABLE IF EXISTS `cloud`.`storage_pool_work`;
 DROP TABLE IF EXISTS `cloud`.`user_vm_details`;
@ -1423,6 +1422,7 @@ CREATE TABLE `cloud`.`security_group` (
 CREATE TABLE `cloud`.`security_ingress_rule` (
  `id` bigint unsigned NOT NULL auto_increment,
  `security_group_id` bigint unsigned NOT NULL,
  `type` bigint unsigned NOT NULL,
  `start_port` varchar(10) default NULL,
  `end_port` varchar(10) default NULL,
  `protocol` varchar(16) NOT NULL default 'TCP',
@ -1432,17 +1432,6 @@ CREATE TABLE `cloud`.`security_ingress_rule` (
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`security_egress_rule` (
  `id` bigint unsigned NOT NULL auto_increment,
  `security_group_id` bigint unsigned NOT NULL,
  `start_port` varchar(10) default NULL,
  `end_port` varchar(10) default NULL,
  `protocol` varchar(16) NOT NULL default 'TCP',
  `allowed_network_id` bigint unsigned,
  `allowed_ip_cidr`  varchar(44),
  `create_status` varchar(32) COMMENT 'rule creation status',
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`security_group_vm_map` (
  `id` bigint unsigned NOT NULL auto_increment,