From fce2880b9f20a372dd0a005c4575ffab526bac0b Mon Sep 17 00:00:00 2001
From: "namita.chaudhari" <namita.chaudhari@sungard.com>
Date: Tue, 5 Aug 2014 09:16:29 +0000
Subject: [PATCH] CLOUDSTACK-2694: Able to configure duplicate firewall rule
 with protocol and no ports

Signed-off-by: Jayapal <jayapal@apache.org>
---
 .../src/com/cloud/network/firewall/FirewallManagerImpl.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index dd928d8d6fa..50ac9d12d1b 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -404,6 +404,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
 
             boolean notNullPorts =
                 (newRule.getSourcePortStart() != null && newRule.getSourcePortEnd() != null && rule.getSourcePortStart() != null && rule.getSourcePortEnd() != null);
+            boolean nullPorts =
+                (newRule.getSourcePortStart() == null && newRule.getSourcePortEnd() == null && rule.getSourcePortStart() == null && rule.getSourcePortEnd() == null);
+            if(nullPorts && duplicatedCidrs && (rule.getProtocol().equalsIgnoreCase(newRule.getProtocol())))
+            {
+                throw new NetworkRuleConflictException("There is already a firewall rule specified with protocol = " +newRule.getProtocol()+ " and no ports");
+            }
             if (!notNullPorts) {
                 continue;
             } else if (!oneOfRulesIsFirewall &&