NSX|V: Fix use case with no FWaaS for a router

In case FWaaS is enabled, but a router is not assigned to and firewall, the Allow-external traffic rule should be added to the edge firewall, just like when FWaaS is disabled. Change-Id: Id59b467c530ac0aa6070539358481e41be4623d6
2017-05-15 09:40:28 +03:00 · 2017-05-15 09:40:28 +03:00 · 4b05c62e78
commit 4b05c62e78
parent 2cdab3af8c
1 changed files with 4 additions and 0 deletions
--- a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py
+++ b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py
@ -98,6 +98,10 @@ class NsxvFwaasCallbacks(firewall_l3_agent.L3WithFWaaS):
                # Do not add firewall rules on the tlr router.
                return False

+        if not self._get_router_firewall_id(ctx_elevated, router_id):
+            # No FWaas Firewall was assigned to this router
+            return False
+
        return True

    def get_fwaas_rules_for_router(self, context, router_id):