From 11f9f565058a375735654e89f78670466d339694 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Sun, 9 Jul 2017 15:42:11 +0300
Subject: [PATCH] NSX|V3: support ranges in fw rules ports

Change-Id: I99bc662efb2815c25c60ff7f98bba8830d677af3
---
 vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py | 10 ++++++++--
 vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py     |  7 ++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py b/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py
index fb7314de8b..3f57fed599 100644
--- a/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py
+++ b/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver.py
@@ -116,15 +116,21 @@ class EdgeFwaasV3Driver(fwaas_base.FwaasDriverBase):
             # This will cover icmpv6 too, when adding  the rule.
             return consts.ICMPV4
 
+    @staticmethod
+    def _translate_ports(ports):
+        return [ports.replace(':', '-')]
+
     def _translate_services(self, fwaas_rule):
         l4_protocol = self._translate_protocol(fwaas_rule['protocol'])
         if l4_protocol in [consts.TCP, consts.UDP]:
             source_ports = []
             destination_ports = []
             if fwaas_rule.get('source_port'):
-                source_ports = [fwaas_rule['source_port']]
+                source_ports = self._translate_ports(
+                    fwaas_rule['source_port'])
             if fwaas_rule.get('destination_port'):
-                destination_ports = [fwaas_rule['destination_port']]
+                destination_ports = self._translate_ports(
+                    fwaas_rule['destination_port'])
 
             return [self.nsx_firewall.get_nsservice(
                 consts.L4_PORT_SET_NSSERVICE,
diff --git a/vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py b/vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py
index 6dd6081e5c..9805bd1b64 100644
--- a/vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py
+++ b/vmware_nsx/tests/unit/nsx_v3/test_fwaas_driver.py
@@ -73,7 +73,8 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):
                  'action': 'reject',
                  'ip_version': 4,
                  'protocol': 'tcp',
-                 'destination_port': '22',
+                 'destination_port': '22:24',
+                 'source_port': '1:65535',
                  'id': 'fake-fw-rule2'}
         rule3 = {'enabled': True,
                  'action': 'deny',
@@ -101,8 +102,8 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):
                  'notes': 'first rule'}
         service2 = {'l4_protocol': 'TCP',
                     'resource_type': 'L4PortSetNSService',
-                    'destination_ports': ['22'],
-                    'source_ports': []}
+                    'destination_ports': ['22-24'],
+                    'source_ports': ['1-65535']}
         rule2 = {'action': 'DROP',  # Reject is replaced with deny
                  'services': [{'service': service2}],
                  'display_name': 'Fwaas-fake-fw-rule2'}