engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDaoImpl.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.network.dao;

 import java.util.List;

 import javax.inject.Inject;

 import org.springframework.stereotype.Component;

 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRule.FirewallRuleType;
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.FirewallRule.State;
 import com.cloud.network.rules.FirewallRule.TrafficType;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.server.ResourceTag.ResourceObjectType;
 import com.cloud.tags.dao.ResourceTagDao;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
 import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.SearchCriteria.Func;
 import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.utils.db.TransactionLegacy;

 @Component
 @DB
 public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> implements FirewallRulesDao {

     protected final SearchBuilder<FirewallRuleVO> AllFieldsSearch;
     protected final SearchBuilder<FirewallRuleVO> NotRevokedSearch;
     protected final SearchBuilder<FirewallRuleVO> ReleaseSearch;
     protected SearchBuilder<FirewallRuleVO> VmSearch;
     protected final SearchBuilder<FirewallRuleVO> SystemRuleSearch;
     protected final GenericSearchBuilder<FirewallRuleVO, Long> RulesByIpCount;

     @Inject
     protected FirewallRulesCidrsDao _firewallRulesCidrsDao;
     @Inject
     protected FirewallRulesDcidrsDao _firewallRulesDcidrsDao;
     @Inject
     ResourceTagDao _tagsDao;
     @Inject
     IPAddressDao _ipDao;

     protected FirewallRulesDaoImpl() {
         super();

         AllFieldsSearch = createSearchBuilder();
         AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ);
         AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
         AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ);
         AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
         AllFieldsSearch.and("account", AllFieldsSearch.entity().getAccountId(), Op.EQ);
         AllFieldsSearch.and("domain", AllFieldsSearch.entity().getDomainId(), Op.EQ);
         AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ);
         AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
         AllFieldsSearch.and("related", AllFieldsSearch.entity().getRelated(), Op.EQ);
         AllFieldsSearch.and("trafficType", AllFieldsSearch.entity().getTrafficType(), Op.EQ);
         AllFieldsSearch.done();

         NotRevokedSearch = createSearchBuilder();
         NotRevokedSearch.and("ipId", NotRevokedSearch.entity().getSourceIpAddressId(), Op.EQ);
         NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ);
         NotRevokedSearch.and("purpose", NotRevokedSearch.entity().getPurpose(), Op.EQ);
         NotRevokedSearch.and("protocol", NotRevokedSearch.entity().getProtocol(), Op.EQ);
         NotRevokedSearch.and("sourcePortStart", NotRevokedSearch.entity().getSourcePortStart(), Op.EQ);
         NotRevokedSearch.and("sourcePortEnd", NotRevokedSearch.entity().getSourcePortEnd(), Op.EQ);
         NotRevokedSearch.and("networkId", NotRevokedSearch.entity().getNetworkId(), Op.EQ);
         NotRevokedSearch.and("trafficType", NotRevokedSearch.entity().getTrafficType(), Op.EQ);
         NotRevokedSearch.done();

         ReleaseSearch = createSearchBuilder();
         ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ);
         ReleaseSearch.and("ipId", ReleaseSearch.entity().getSourceIpAddressId(), Op.EQ);
         ReleaseSearch.and("purpose", ReleaseSearch.entity().getPurpose(), Op.EQ);
         ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN);
         ReleaseSearch.done();

         SystemRuleSearch = createSearchBuilder();
         SystemRuleSearch.and("type", SystemRuleSearch.entity().getType(), Op.EQ);
         SystemRuleSearch.and("ipId", SystemRuleSearch.entity().getSourceIpAddressId(), Op.NULL);
         SystemRuleSearch.done();

         RulesByIpCount = createSearchBuilder(Long.class);
         RulesByIpCount.select(null, Func.COUNT, RulesByIpCount.entity().getId());
         RulesByIpCount.and("ipAddressId", RulesByIpCount.entity().getSourceIpAddressId(), Op.EQ);
         RulesByIpCount.and("state", RulesByIpCount.entity().getState(), Op.EQ);
         RulesByIpCount.done();
     }

     @Override
     public List<FirewallRuleVO> listSystemRules() {
         SearchCriteria<FirewallRuleVO> sc = SystemRuleSearch.create();
         sc.setParameters("type", FirewallRuleType.System.toString());
         return listBy(sc);
     }

     @Override
     public boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int[] ports) {
         SearchCriteria<FirewallRuleVO> sc = ReleaseSearch.create();
         sc.setParameters("protocol", protocol);
         sc.setParameters("ipId", ipId);
         sc.setParameters("purpose", purpose);
         sc.setParameters("ports", ports);

         int results = remove(sc);
         return results == ports.length;
     }

     @Override
     public List<FirewallRuleVO> listByIpAndPurpose(long ipId, FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("ipId", ipId);
         sc.setParameters("purpose", purpose);

         return listBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByIpAndPurposeAndNotRevoked(long ipId, FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
         sc.setParameters("ipId", ipId);
         sc.setParameters("state", State.Revoke);

         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }

         return listBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByNetworkAndPurposeAndNotRevoked(long networkId, FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
         sc.setParameters("networkId", networkId);
         sc.setParameters("state", State.Revoke);

         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }

         return listBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByNetworkAndPurpose(long networkId, FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("purpose", purpose);
         sc.setParameters("networkId", networkId);

         return listBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByNetworkPurposeTrafficTypeAndNotRevoked(long networkId, FirewallRule.Purpose purpose, TrafficType trafficType) {
         SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
         sc.setParameters("networkId", networkId);
         sc.setParameters("state", State.Revoke);
         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }
         sc.setParameters("trafficType", trafficType);

         return listBy(sc);
     }

     @Override
     public boolean setStateToAdd(FirewallRuleVO rule) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("id", rule.getId());
         sc.setParameters("state", State.Staged);

         rule.setState(State.Add);

         return update(rule, sc) > 0;
     }

     @Override
     public boolean revoke(FirewallRuleVO rule) {
         rule.setState(State.Revoke);
         return update(rule.getId(), rule);
     }

     @Override
     public List<FirewallRuleVO> listStaticNatByVmId(long vmId) {
         if (VmSearch == null) {
             SearchBuilder<IPAddressVO> IpSearch = _ipDao.createSearchBuilder();
             IpSearch.and("associatedWithVmId", IpSearch.entity().getAssociatedWithVmId(), SearchCriteria.Op.EQ);
             IpSearch.and("oneToOneNat", IpSearch.entity().isOneToOneNat(), SearchCriteria.Op.NNULL);

             VmSearch = createSearchBuilder();
             VmSearch.and("purpose", VmSearch.entity().getPurpose(), Op.EQ);
             VmSearch.join("ipSearch", IpSearch, VmSearch.entity().getSourceIpAddressId(), IpSearch.entity().getId(), JoinBuilder.JoinType.INNER);
             VmSearch.done();
         }

         SearchCriteria<FirewallRuleVO> sc = VmSearch.create();
         sc.setParameters("purpose", Purpose.StaticNat);
         sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId);

         return listBy(sc);
     }

     @Override
     @DB
     public FirewallRuleVO persist(FirewallRuleVO firewallRule) {
         TransactionLegacy txn = TransactionLegacy.currentTxn();
         txn.start();

         FirewallRuleVO dbfirewallRule = super.persist(firewallRule);

         //Fill the firewall_rules_cidrs table
         saveSourceCidrs(firewallRule, firewallRule.getSourceCidrList());

         //Fill the firewall_ruls_dcidrs table
         saveDestinationCidrs(firewallRule, firewallRule.getDestinationCidrList());

         //Add the source and dest cidrs into the dbfirewall rule to be returned.
         //Have to read again from DB as the fields are transient.
         loadSourceCidrs(dbfirewallRule);
         loadDestinationCidrs(dbfirewallRule);

         txn.commit();
         return dbfirewallRule;
     }

     public void saveSourceCidrs(FirewallRuleVO firewallRule, List<String> cidrList) {
         if (cidrList == null) {
             return;
         }
         _firewallRulesCidrsDao.persist(firewallRule.getId(), cidrList);
     }

     public void saveDestinationCidrs(FirewallRuleVO firewallRule, List<String> cidrList){
         if(cidrList == null){
             return;
         }
         _firewallRulesDcidrsDao.persist(firewallRule.getId(), cidrList);

     }

     @Override
     public List<FirewallRuleVO> listByIpPurposeAndProtocolAndNotRevoked(long ipAddressId, Integer startPort, Integer endPort, String protocol,
         FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
         sc.setParameters("ipId", ipAddressId);
         sc.setParameters("state", State.Revoke);

         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }

         if (protocol != null) {
             sc.setParameters("protocol", protocol);
         }

         sc.setParameters("sourcePortStart", startPort);

         sc.setParameters("sourcePortEnd", endPort);

         return listBy(sc);
     }

     @Override
     public FirewallRuleVO findByRelatedId(long ruleId) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("related", ruleId);
         sc.setParameters("purpose", Purpose.Firewall);

         return findOneBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByIp(long ipId) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("ipId", ipId);

         return listBy(sc);
     }

     @Override
     public List<FirewallRuleVO> listByIpAndNotRevoked(long ipId) {
         SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
         sc.setParameters("ipId", ipId);
         sc.setParameters("state", State.Revoke);

         return listBy(sc);
     }

     @Override
     public long countRulesByIpId(long sourceIpId) {
         SearchCriteria<Long> sc = RulesByIpCount.create();
         sc.setParameters("ipAddressId", sourceIpId);
         return customSearch(sc, null).get(0);
     }

     @Override
     public List<FirewallRuleVO> listByNetworkPurposeTrafficType(long networkId, Purpose purpose, TrafficType trafficType) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("networkId", networkId);

         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }

         sc.setParameters("trafficType", trafficType);

         return listBy(sc);
     }

     @Override
     @DB
     public boolean remove(Long id) {
         TransactionLegacy txn = TransactionLegacy.currentTxn();
         txn.start();
         FirewallRuleVO entry = findById(id);
         if (entry != null) {
             if (entry.getPurpose() == Purpose.LoadBalancing) {
                 _tagsDao.removeByIdAndType(id, ResourceObjectType.LoadBalancer);
             } else if (entry.getPurpose() == Purpose.PortForwarding) {
                 _tagsDao.removeByIdAndType(id, ResourceObjectType.PortForwardingRule);
             } else if (entry.getPurpose() == Purpose.Firewall) {
                 _tagsDao.removeByIdAndType(id, ResourceObjectType.FirewallRule);
             } else if (entry.getPurpose() == Purpose.NetworkACL) {
                 _tagsDao.removeByIdAndType(id, ResourceObjectType.NetworkACL);
             }
         }
         boolean result = super.remove(id);
         txn.commit();
         return result;
     }

     @Override
     public long countRulesByIpIdAndState(long sourceIpId, FirewallRule.State state) {
         SearchCriteria<Long> sc = RulesByIpCount.create();
         sc.setParameters("ipAddressId", sourceIpId);
         if (state != null) {
             sc.setParameters("state", state);
         }
         return customSearch(sc, null).get(0);
     }

     @Override
     public List<FirewallRuleVO> listByIpAndPurposeWithState(Long ipId, Purpose purpose, State state) {
         SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
         sc.setParameters("ipId", ipId);

         if (state != null) {
             sc.setParameters("state", state);
         }

         if (purpose != null) {
             sc.setParameters("purpose", purpose);
         }

         return listBy(sc);
     }

     @Override
     public void loadSourceCidrs(FirewallRuleVO rule) {
         List<String> sourceCidrs = _firewallRulesCidrsDao.getSourceCidrs(rule.getId());
         rule.setSourceCidrList(sourceCidrs);
     }

     @Override
     public void loadDestinationCidrs(FirewallRuleVO rule){
         List<String> destCidrs = _firewallRulesDcidrsDao.getDestCidrs(rule.getId());
         rule.setDestinationCidrsList(destCidrs);
     }

 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package com.cloud.network.dao;

	import java.util.List;

	import javax.inject.Inject;

	import org.springframework.stereotype.Component;

	import com.cloud.network.rules.FirewallRule;
	import com.cloud.network.rules.FirewallRule.FirewallRuleType;
	import com.cloud.network.rules.FirewallRule.Purpose;
	import com.cloud.network.rules.FirewallRule.State;
	import com.cloud.network.rules.FirewallRule.TrafficType;
	import com.cloud.network.rules.FirewallRuleVO;
	import com.cloud.server.ResourceTag.ResourceObjectType;
	import com.cloud.tags.dao.ResourceTagDao;
	import com.cloud.utils.db.DB;
	import com.cloud.utils.db.GenericDaoBase;
	import com.cloud.utils.db.GenericSearchBuilder;
	import com.cloud.utils.db.JoinBuilder;
	import com.cloud.utils.db.SearchBuilder;
	import com.cloud.utils.db.SearchCriteria;
	import com.cloud.utils.db.SearchCriteria.Func;
	import com.cloud.utils.db.SearchCriteria.Op;
	import com.cloud.utils.db.TransactionLegacy;

	@Component
	@DB
	public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> implements FirewallRulesDao {

	protected final SearchBuilder<FirewallRuleVO> AllFieldsSearch;
	protected final SearchBuilder<FirewallRuleVO> NotRevokedSearch;
	protected final SearchBuilder<FirewallRuleVO> ReleaseSearch;
	protected SearchBuilder<FirewallRuleVO> VmSearch;
	protected final SearchBuilder<FirewallRuleVO> SystemRuleSearch;
	protected final GenericSearchBuilder<FirewallRuleVO, Long> RulesByIpCount;

	@Inject
	protected FirewallRulesCidrsDao _firewallRulesCidrsDao;
	@Inject
	protected FirewallRulesDcidrsDao _firewallRulesDcidrsDao;
	@Inject
	ResourceTagDao _tagsDao;
	@Inject
	IPAddressDao _ipDao;

	protected FirewallRulesDaoImpl() {
	super();

	AllFieldsSearch = createSearchBuilder();
	AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ);
	AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
	AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ);
	AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
	AllFieldsSearch.and("account", AllFieldsSearch.entity().getAccountId(), Op.EQ);
	AllFieldsSearch.and("domain", AllFieldsSearch.entity().getDomainId(), Op.EQ);
	AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ);
	AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
	AllFieldsSearch.and("related", AllFieldsSearch.entity().getRelated(), Op.EQ);
	AllFieldsSearch.and("trafficType", AllFieldsSearch.entity().getTrafficType(), Op.EQ);
	AllFieldsSearch.done();

	NotRevokedSearch = createSearchBuilder();
	NotRevokedSearch.and("ipId", NotRevokedSearch.entity().getSourceIpAddressId(), Op.EQ);
	NotRevokedSearch.and("state", NotRevokedSearch.entity().getState(), Op.NEQ);
	NotRevokedSearch.and("purpose", NotRevokedSearch.entity().getPurpose(), Op.EQ);
	NotRevokedSearch.and("protocol", NotRevokedSearch.entity().getProtocol(), Op.EQ);
	NotRevokedSearch.and("sourcePortStart", NotRevokedSearch.entity().getSourcePortStart(), Op.EQ);
	NotRevokedSearch.and("sourcePortEnd", NotRevokedSearch.entity().getSourcePortEnd(), Op.EQ);
	NotRevokedSearch.and("networkId", NotRevokedSearch.entity().getNetworkId(), Op.EQ);
	NotRevokedSearch.and("trafficType", NotRevokedSearch.entity().getTrafficType(), Op.EQ);
	NotRevokedSearch.done();

	ReleaseSearch = createSearchBuilder();
	ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ);
	ReleaseSearch.and("ipId", ReleaseSearch.entity().getSourceIpAddressId(), Op.EQ);
	ReleaseSearch.and("purpose", ReleaseSearch.entity().getPurpose(), Op.EQ);
	ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN);
	ReleaseSearch.done();

	SystemRuleSearch = createSearchBuilder();
	SystemRuleSearch.and("type", SystemRuleSearch.entity().getType(), Op.EQ);
	SystemRuleSearch.and("ipId", SystemRuleSearch.entity().getSourceIpAddressId(), Op.NULL);
	SystemRuleSearch.done();

	RulesByIpCount = createSearchBuilder(Long.class);
	RulesByIpCount.select(null, Func.COUNT, RulesByIpCount.entity().getId());
	RulesByIpCount.and("ipAddressId", RulesByIpCount.entity().getSourceIpAddressId(), Op.EQ);
	RulesByIpCount.and("state", RulesByIpCount.entity().getState(), Op.EQ);
	RulesByIpCount.done();
	}

	@Override
	public List<FirewallRuleVO> listSystemRules() {
	SearchCriteria<FirewallRuleVO> sc = SystemRuleSearch.create();
	sc.setParameters("type", FirewallRuleType.System.toString());
	return listBy(sc);
	}

	@Override
	public boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int[] ports) {
	SearchCriteria<FirewallRuleVO> sc = ReleaseSearch.create();
	sc.setParameters("protocol", protocol);
	sc.setParameters("ipId", ipId);
	sc.setParameters("purpose", purpose);
	sc.setParameters("ports", ports);

	int results = remove(sc);
	return results == ports.length;
	}

	@Override
	public List<FirewallRuleVO> listByIpAndPurpose(long ipId, FirewallRule.Purpose purpose) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("ipId", ipId);
	sc.setParameters("purpose", purpose);

	return listBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByIpAndPurposeAndNotRevoked(long ipId, FirewallRule.Purpose purpose) {
	SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
	sc.setParameters("ipId", ipId);
	sc.setParameters("state", State.Revoke);

	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}

	return listBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByNetworkAndPurposeAndNotRevoked(long networkId, FirewallRule.Purpose purpose) {
	SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
	sc.setParameters("networkId", networkId);
	sc.setParameters("state", State.Revoke);

	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}

	return listBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByNetworkAndPurpose(long networkId, FirewallRule.Purpose purpose) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("purpose", purpose);
	sc.setParameters("networkId", networkId);

	return listBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByNetworkPurposeTrafficTypeAndNotRevoked(long networkId, FirewallRule.Purpose purpose, TrafficType trafficType) {
	SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
	sc.setParameters("networkId", networkId);
	sc.setParameters("state", State.Revoke);
	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}
	sc.setParameters("trafficType", trafficType);

	return listBy(sc);
	}

	@Override
	public boolean setStateToAdd(FirewallRuleVO rule) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("id", rule.getId());
	sc.setParameters("state", State.Staged);

	rule.setState(State.Add);

	return update(rule, sc) > 0;
	}

	@Override
	public boolean revoke(FirewallRuleVO rule) {
	rule.setState(State.Revoke);
	return update(rule.getId(), rule);
	}

	@Override
	public List<FirewallRuleVO> listStaticNatByVmId(long vmId) {
	if (VmSearch == null) {
	SearchBuilder<IPAddressVO> IpSearch = _ipDao.createSearchBuilder();
	IpSearch.and("associatedWithVmId", IpSearch.entity().getAssociatedWithVmId(), SearchCriteria.Op.EQ);
	IpSearch.and("oneToOneNat", IpSearch.entity().isOneToOneNat(), SearchCriteria.Op.NNULL);

	VmSearch = createSearchBuilder();
	VmSearch.and("purpose", VmSearch.entity().getPurpose(), Op.EQ);
	VmSearch.join("ipSearch", IpSearch, VmSearch.entity().getSourceIpAddressId(), IpSearch.entity().getId(), JoinBuilder.JoinType.INNER);
	VmSearch.done();
	}

	SearchCriteria<FirewallRuleVO> sc = VmSearch.create();
	sc.setParameters("purpose", Purpose.StaticNat);
	sc.setJoinParameters("ipSearch", "associatedWithVmId", vmId);

	return listBy(sc);
	}

	@Override
	@DB
	public FirewallRuleVO persist(FirewallRuleVO firewallRule) {
	TransactionLegacy txn = TransactionLegacy.currentTxn();
	txn.start();

	FirewallRuleVO dbfirewallRule = super.persist(firewallRule);

	//Fill the firewall_rules_cidrs table
	saveSourceCidrs(firewallRule, firewallRule.getSourceCidrList());

	//Fill the firewall_ruls_dcidrs table
	saveDestinationCidrs(firewallRule, firewallRule.getDestinationCidrList());

	//Add the source and dest cidrs into the dbfirewall rule to be returned.
	//Have to read again from DB as the fields are transient.
	loadSourceCidrs(dbfirewallRule);
	loadDestinationCidrs(dbfirewallRule);

	txn.commit();
	return dbfirewallRule;
	}

	public void saveSourceCidrs(FirewallRuleVO firewallRule, List<String> cidrList) {
	if (cidrList == null) {
	return;
	}
	_firewallRulesCidrsDao.persist(firewallRule.getId(), cidrList);
	}

	public void saveDestinationCidrs(FirewallRuleVO firewallRule, List<String> cidrList){
	if(cidrList == null){
	return;
	}
	_firewallRulesDcidrsDao.persist(firewallRule.getId(), cidrList);

	}

	@Override
	public List<FirewallRuleVO> listByIpPurposeAndProtocolAndNotRevoked(long ipAddressId, Integer startPort, Integer endPort, String protocol,
	FirewallRule.Purpose purpose) {
	SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
	sc.setParameters("ipId", ipAddressId);
	sc.setParameters("state", State.Revoke);

	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}

	if (protocol != null) {
	sc.setParameters("protocol", protocol);
	}

	sc.setParameters("sourcePortStart", startPort);

	sc.setParameters("sourcePortEnd", endPort);

	return listBy(sc);
	}

	@Override
	public FirewallRuleVO findByRelatedId(long ruleId) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("related", ruleId);
	sc.setParameters("purpose", Purpose.Firewall);

	return findOneBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByIp(long ipId) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("ipId", ipId);

	return listBy(sc);
	}

	@Override
	public List<FirewallRuleVO> listByIpAndNotRevoked(long ipId) {
	SearchCriteria<FirewallRuleVO> sc = NotRevokedSearch.create();
	sc.setParameters("ipId", ipId);
	sc.setParameters("state", State.Revoke);

	return listBy(sc);
	}

	@Override
	public long countRulesByIpId(long sourceIpId) {
	SearchCriteria<Long> sc = RulesByIpCount.create();
	sc.setParameters("ipAddressId", sourceIpId);
	return customSearch(sc, null).get(0);
	}

	@Override
	public List<FirewallRuleVO> listByNetworkPurposeTrafficType(long networkId, Purpose purpose, TrafficType trafficType) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("networkId", networkId);

	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}

	sc.setParameters("trafficType", trafficType);

	return listBy(sc);
	}

	@Override
	@DB
	public boolean remove(Long id) {
	TransactionLegacy txn = TransactionLegacy.currentTxn();
	txn.start();
	FirewallRuleVO entry = findById(id);
	if (entry != null) {
	if (entry.getPurpose() == Purpose.LoadBalancing) {
	_tagsDao.removeByIdAndType(id, ResourceObjectType.LoadBalancer);
	} else if (entry.getPurpose() == Purpose.PortForwarding) {
	_tagsDao.removeByIdAndType(id, ResourceObjectType.PortForwardingRule);
	} else if (entry.getPurpose() == Purpose.Firewall) {
	_tagsDao.removeByIdAndType(id, ResourceObjectType.FirewallRule);
	} else if (entry.getPurpose() == Purpose.NetworkACL) {
	_tagsDao.removeByIdAndType(id, ResourceObjectType.NetworkACL);
	}
	}
	boolean result = super.remove(id);
	txn.commit();
	return result;
	}

	@Override
	public long countRulesByIpIdAndState(long sourceIpId, FirewallRule.State state) {
	SearchCriteria<Long> sc = RulesByIpCount.create();
	sc.setParameters("ipAddressId", sourceIpId);
	if (state != null) {
	sc.setParameters("state", state);
	}
	return customSearch(sc, null).get(0);
	}

	@Override
	public List<FirewallRuleVO> listByIpAndPurposeWithState(Long ipId, Purpose purpose, State state) {
	SearchCriteria<FirewallRuleVO> sc = AllFieldsSearch.create();
	sc.setParameters("ipId", ipId);

	if (state != null) {
	sc.setParameters("state", state);
	}

	if (purpose != null) {
	sc.setParameters("purpose", purpose);
	}

	return listBy(sc);
	}

	@Override
	public void loadSourceCidrs(FirewallRuleVO rule) {
	List<String> sourceCidrs = _firewallRulesCidrsDao.getSourceCidrs(rule.getId());
	rule.setSourceCidrList(sourceCidrs);
	}

	@Override
	public void loadDestinationCidrs(FirewallRuleVO rule){
	List<String> destCidrs = _firewallRulesDcidrsDao.getDestCidrs(rule.getId());
	rule.setDestinationCidrsList(destCidrs);
	}

	}