From df3afabb63ac6a89385c3ea07a7474d41f34e20f Mon Sep 17 00:00:00 2001
From: Manoj Kumar <manojkr.itbhu@gmail.com>
Date: Tue, 27 Jan 2026 13:18:58 +0530
Subject: [PATCH] Apply reordered ACL list to VR router

---
 .../network/element/VpcVirtualRouterElement.java  | 10 +++++++++-
 .../cloud/network/vpc/NetworkACLServiceImpl.java  | 15 ++++++++++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
index 3d613fca18ea..f393ef8a129d 100644
--- a/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -550,7 +550,15 @@ public boolean applyNetworkACLs(final Network network, final List<? extends Netw
 
     @Override
     public boolean reorderAclRules(Vpc vpc, List<? extends Network> networks, List<? extends NetworkACLItem> networkACLItems) {
-        return true;
+        boolean result = true;
+        try {
+            for (Network network : networks) {
+                result = result && applyNetworkACLs(network, networkACLItems);
+            }
+        } catch (ResourceUnavailableException ex) {
+            result = false;
+        }
+        return result;
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
index ecb164018ac0..7460ae87d44c 100644
--- a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -109,6 +109,8 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
     private NsxProviderDao nsxProviderDao;
     @Inject
     private NetrisProviderDao netrisProviderDao;
+    @Inject
+    private VpcManager vpcManager;
 
     private String supportedProtocolsForAclRules = "tcp,udp,icmp,all";
 
@@ -1037,13 +1039,20 @@ public NetworkACLItem moveNetworkAclRuleToNewPosition(MoveNetworkAclItemCmd move
             if (Objects.isNull(vpc)) {
                 return networkACLItem;
             }
+            List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId());
+            if (networks.isEmpty()) {
+                return networkACLItem;
+            }
+
             final DataCenter dc = _entityMgr.findById(DataCenter.class, vpc.getZoneId());
             final NsxProviderVO nsxProvider = nsxProviderDao.findByZoneId(dc.getId());
             final NetrisProviderVO netrisProvider = netrisProviderDao.findByZoneId(dc.getId());
-            List<NetworkVO> networks = _networkDao.listByAclId(lockedAcl.getId());
-            if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) && !networks.isEmpty()) {
+            boolean isVpcNetworkACLProvider = vpcManager.isProviderSupportServiceInVpc(vpc.getId(), Network.Service.NetworkACL, Network.Provider.VPCVirtualRouter);
+
+            if (ObjectUtils.anyNotNull(nsxProvider, netrisProvider) || isVpcNetworkACLProvider) {
                 allAclRules = getAllAclRulesSortedByNumber(lockedAcl.getId());
-                Network.Provider networkProvider = nsxProvider != null ? Network.Provider.Nsx : Network.Provider.Netris;
+                Network.Provider networkProvider = isVpcNetworkACLProvider ? Network.Provider.VPCVirtualRouter
+                                : (nsxProvider != null ? Network.Provider.Nsx : Network.Provider.Netris);
                 _networkAclMgr.reorderAclRules(vpc, networks, allAclRules, networkProvider);
             }
             return networkACLItem;