Fix error when applying port forwarding rules during restart with clean-up

Author: winterhazel

server/src/main/java/com/cloud/network/router/CommandSetupHelper.java

@@ -27,6 +27,7 @@
 
 import javax.inject.Inject;
 
+import com.cloud.network.rules.PortForwardingRuleVO;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -396,6 +397,7 @@ public void createApplyPortForwardingRulesCommands(final List<? extends PortForw
         final List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
         if (rules != null) {
             for (final PortForwardingRule rule : rules) {
+                _rulesDao.loadSourceCidrs((PortForwardingRuleVO) rule);
                 final IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
                 final PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, null, sourceIp.getAddress().addr());
                 rulesTO.add(ruleTO);

server/src/main/java/com/cloud/network/rules/RulesManagerImpl.java

@@ -898,7 +898,7 @@ protected boolean applyPortForwardingRules(long ipId, boolean continueOnError, A
             _accountMgr.checkAccess(caller, null, true, rules.toArray(new PortForwardingRuleVO[rules.size()]));
         }
 
-        for (PortForwardingRuleVO rule: rules){
+        for (PortForwardingRuleVO rule : rules) {
             rule.setSourceCidrList(firewallCidrsDao.getSourceCidrs(rule.getId()));
         }
 
@@ -955,6 +955,10 @@ public boolean applyPortForwardingRulesForNetwork(long networkId, boolean contin
             _accountMgr.checkAccess(caller, null, true, rules.toArray(new PortForwardingRuleVO[rules.size()]));
         }
 
+        for (PortForwardingRuleVO rule: rules) {
+            rule.setSourceCidrList(firewallCidrsDao.getSourceCidrs(rule.getId()));
+        }
+
         try {
             if (!_firewallMgr.applyRules(rules, continueOnError, true)) {
                 return false;

systemvm/debian/opt/cloud/bin/configure.py

@@ -1217,10 +1217,10 @@ def forward_vr(self, rule):
         self.fw.append(["filter", "", fw7])
 
     def forward_vpc(self, rule):
-        source_cidr_list = rule['source_cidr_list']
-        if source_cidr_list:
-            source_cidr_list = "-s " + source_cidr_list
-        fw_prerout_rule = "-A PREROUTING %s -d %s/32 " % (source_cidr_list, rule["public_ip"])
+        fw_prerout_rule = "-A PREROUTING"
+        if "source_cidr_list" in rule and rule["source_cidr_list"]:
+            fw_prerout_rule += " -s %s" % rule["source_cidr_list"]
+        fw_prerout_rule += " -d %s/32" % rule["public_ip"]
         if not rule["protocol"] == "any":
             fw_prerout_rule += " -m %s -p %s" % (rule["protocol"], rule["protocol"])
         if not rule["public_ports"] == "any":

systemvm/debian/opt/cloud/bin/cs_forwardingrules.py

@@ -35,7 +35,8 @@ def merge(dbag, rules):
             newrule["public_ports"] = rule["source_port_range"]
             newrule["internal_ports"] = rule["destination_port_range"]
             newrule["protocol"] = rule["protocol"]
-            newrule["source_cidr_list"] = rule["source_cidr_list"]
+            if "source_cidr_list" in rule:
+                newrule["source_cidr_list"] = rule["source_cidr_list"]
 
         if not revoke:
             if rules["type"] == "staticnatrules":