One idea might be to modify the createURL function, which every server call
uses to generate a URL for the API call. openfirewall=false could be passed
there and will apply to all actions in the UI.
createURL is in /ui/scripts/sharedFunctions.js; modify urlString to add
additional params:
//API calls
function createURL(apiName, options) {
if (!options) options = {};
var urlString = clientApiUrl + "?" + "command=" + apiName
+"&response=json&sessionkey=" + g_sessionKey;
urlString = urlString + '&openfirewall=false';
...
}
Hope that helps!
________________________________________
From: Jason Davis [scr...@gmail.com]
Sent: Thursday, May 24, 2012 3:01 PM
To:
cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>
Subject: Re: Anyway to disable the firewall functionality provided by the
virtual router in 3.0.x?
Any hints to where this configuration would be done :)
Sent from my iPhone
On May 24, 2012, at 4:32 PM, Will Chan
<will.c...@citrix.com<mailto:will.c...@citrix.com>> wrote:
> Ok, glad you clarified it for me. In 2.2.11+, all XXXPortForwardingRule and
> XXXLoadBalancer API calls automatically called the XXXFirewallRule API. You
> could always turn that off by passing openfirewall=false in the create
> commands. Subsequently, the UI had supported both ways of doing this as you
> know already by using the firewall.rule.ui setting so people did not have to
> deal with this split. In 3.0.x, the API remains unchanged, but the UI no
> longer supports this and the 3.0.x UI always makes calls with
> openfirewall=false.
>
> To achieve what you want, you would need to tweak the UI to make API calls
> with openfirewall=true (or remove it since the default is true) and change
> the UI to no longer show the firewall portion. Changing the network offering
> turns off and on the service and if you disable the firewall from the network
> offering, you will end up disabling the port forwarding feature I believe.
>
> The other option is to re-introduce this back into the CloudStack.
>
> -----Original Message-----
> From: Jason Davis [mailto:scr...@gmail.com]<mailto:[mailto:scr...@gmail.com]>
> Sent: Thursday, May 24, 2012 1:49 PM
> To:
> cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>
> Subject: Re: Anyway to disable the firewall functionality provided by the
> virtual router in 3.0.x?
>
> Well, I want it to behave as it did in 2.2.14-3.0.0.
>
> ie: I can provide isolation through portforwarding ranges and have the
> firewall disabled. My concern is that when I upgrade to 3.0.2 that I'll have
> to essentially re-teach my end users how to gain remote access to their VM
> instances.
>
> In the documentation and in previous builds, you could turn the firewall off
> entirely via a global setting. This is the functionality I am wishing to
> accomplish.
>
> No firewall, just services like portforwarding, dhcp, dns, loadbalancing,
> source nat, static nat in my network offering.
>
> On Thu, May 24, 2012 at 3:45 PM, Will Chan
> <will.c...@citrix.com<mailto:will.c...@citrix.com>> wrote:
>
>> Can you describe what you would like to do? I thought for a moment
>> you simply wanted the UI to act in the same way as in 2.2.x.
>> However, from your response, it looks like you want to remove the
>> firewall feature from the virtual router altogether, including all the port
>> forwarding feature?
>>
>> Will
>>
>> -----Original Message-----
>> From: Jason Davis [mailto:scr...@gmail.com]<mailto:[mailto:scr...@gmail.com]>
>> Sent: Thursday, May 24, 2012 1:32 PM
>> To:
>> cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>
>> Subject: Re: Anyway to disable the firewall functionality provided by
>> the virtual router in 3.0.x?
>>
>> Ah so if I create my network offering via the API then I can achieve
>> what I want?
>>
>> If that's so, good enough :) I am more than happy to do API calls.
>>
>> /me goes to RTFM
>>
>> On Thu, May 24, 2012 at 3:30 PM, Will Chan
>> <will.c...@citrix.com<mailto:will.c...@citrix.com>> wrote:
>>
>>> Since 3.0.x, that feature was turned off from the default UI and
>>> expect everyone to use the firewall feature. The API still honors
>>> the old functionality so you can always custom change the UI to
>>> reflect the same behavior in 2.2.x.
>>>
>>> Will
>>>
>>> -----Original Message-----
>>> From: Jason Davis
>>> [mailto:scr...@gmail.com]<mailto:[mailto:scr...@gmail.com]>
>>> Sent: Thursday, May 24, 2012 12:28 PM
>>> To:
>>> cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>
>>> Subject: Anyway to disable the firewall functionality provided by
>>> the virtual router in 3.0.x?
>>>
>>> So, in 2.2.x with advanced networking you could disable the firewall
>>> by setting the global setting firewall.rule.ui.enabled to false. I
>>> am trying to replicate this functionality in my upgraded development
>>> instance
>>> (2.2.14->3.0.2) but this global setting no longer exists in the UI.
>>>
>>> I've also tried to create a new isolated networking offering with
>>> the firewall functionality disabled. However, anytime I try this the
>>> firewall setting ends up being enabled anyway.
>>>
>>> Thanks!
>>> Jason
>>>
>>
