def instances(request):
is_superuser = perms.get_is_superuser(request.user)
all_instances = perms.instance_getall_by_group(request)
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
print(all_instances)
if hostname_default == None:
if all_instances.count() > 0:
for i in all_instances:
pprint.pprint(i.hostname)
instance_default(request, i.hostname)
else:
return redirect('config:instance-add')
groups = Group.objects.all()
template = loader.get_template('config/instances.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'groups': groups,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def create(request):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
if 'name' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", request.POST['name']]}
result1 = vyos.set_config(hostname_default, cmd)
print(result1)
if 'description' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]}
result2 = vyos.set_config(hostname_default, cmd)
print(result2)
if 'action' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]}
result3 = vyos.set_config(hostname_default, cmd)
print(result3)
return redirect('firewall:firewall-list')
template = loader.get_template('firewall/create.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_portgroup_add(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
netservices = network.get_services()
if request.POST.get('name', None) != None and request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '':
try:
ports = json.loads(request.POST.get('portgroup_ports_hidden'))
except ValueError:
return redirect('firewall:firewall-portgroup-list')
for port in ports:
vyos.set_firewall_portgroup_add(hostname_default, request.POST.get('name'), port)
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
return redirect('firewall:firewall-portgroup-list')
template = loader.get_template('firewall/portgroup-add.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'services_common' : netservices['common'],
'services' : netservices['services'],
}
return HttpResponse(template.render(context, request))
def add(request):
msg = vmsg.msg()
all_instances = perms.instance_getall_by_group(request)
hostname_default = perms.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
if 'server' in request.POST:
if validators.ipv6(request.POST['server'].strip()) or validators.ipv4(
request.POST['server'].strip()) or validators.domain(
request.POST['server'].strip()):
v = vapi.set_ntp(hostname_default, request.POST['server'].strip())
if v.success == False:
msg.add_error("NTP server add fail - " + v.reason)
else:
msg.add_success("NTP server added")
else:
msg.add_error(
"ntp server add fail - insert only domains or IPv4 or IPv6")
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'is_superuser': is_superuser,
'username': request.user,
'msg': msg.get_all(),
}
return render(request, 'ntp/add.html', context)
def interface_show(request, interface_type, interface_name):
all_instances = perms.instance_getall_by_group(request)
hostname_default = perms.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
firewall_all = vyos.get_firewall_all(hostname_default)
interface = vyos.get_interface(interface_type,
interface_name,
hostname=hostname_default)
interface_detail = vyos.detail_interface(interface_type, interface_name)
interface_vif = interface_detail['vlan_id']
interface_name_short = interface_detail['interface_name']
interface_children = vyos.get_interface_children(hostname_default,
interface_name_short)
template = loader.get_template('interface/show.html')
context = {
'interface_children': interface_children,
'interface': interface,
'interface_vif': interface_vif,
'instances': all_instances,
'interface_type': interface_type,
'interface_name': interface_name,
'hostname_default': hostname_default,
'firewall_all': firewall_all,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def static_add(request):
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
static_list = vyos.get_route_static(hostname_default)
is_superuser = perms.get_is_superuser(request.user)
error_message = None
if 'subnet' in request.POST and 'nexthop' in request.POST:
return1 = vyos.set_route_static(hostname_default, request.POST['subnet'], request.POST['nexthop'])
if return1 == False:
error_message = 'Cannot add static route.'
else:
return redirect('static:static-list')
ippath = vyos.ip_route(hostname_default)
template = loader.get_template('static/add.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'static_list' : static_list,
'error_message' : error_message,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def static_add(request):
msg = vmsg.msg()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
static_list = vyos.get_route_static(hostname_default)
is_superuser = perms.get_is_superuser(request.user)
if 'subnet' in request.POST and 'nexthop' in request.POST:
v = vapi.set_route_static(hostname_default, request.POST['subnet'],
request.POST['nexthop'])
if v.success == False:
msg.add_error("Static route add fail - " + v.reason)
else:
msg.add_success("Static route added")
ippath = vyos.ip_route(hostname_default)
template = loader.get_template('static/add.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'static_list': static_list,
'username': request.user,
'is_superuser': is_superuser,
'msg': msg.get_all(),
}
return HttpResponse(template.render(context, request))
def instance_conntry(request, hostname):
is_superuser = perms.get_is_superuser(request.user)
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
if perms.user_has_hostname_access(request.user, hostname) == False:
return redirect('config:instances')
# permcheck
instance = Instance.objects.get(hostname=hostname)
connected = vyos.conntry(hostname)
if connected == True:
request.session['hostname'] = hostname
template = loader.get_template('config/instance_conntry.html')
context = {
'instance': instance,
"connected": connected,
'instances': all_instances,
'hostname_default': hostname_default,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def group_add(request):
is_superuser = perms.get_is_superuser(request.user)
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
error_message = None
if len(request.POST) > 0 and 'name' in request.POST:
try:
group_get = Group.objects.get(name=request.POST['name'])
error_message = 'Group already exists'
except Group.DoesNotExist:
group_create = Group(name=request.POST['name'])
group_create.save()
return redirect('config:groups-list')
else:
instance_id = 0
template = loader.get_template('config/group_add.html')
context = {
'hostname_default': hostname_default,
'instance_id': instance_id,
'instances': all_instances,
'error_message': error_message,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def instance_add(request):
is_superuser = perms.get_is_superuser(request.user)
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
if len(request.POST) > 0:
instance = Instance()
instance.alias = request.POST['alias']
instance.hostname = request.POST['hostname']
instance.port = request.POST['port']
instance.key = request.POST['key']
if 'https' in request.POST:
instance.https = request.POST['https']
else:
instance.https = False
instance_id = instance.save()
return redirect('config:instances')
else:
instance_id = 0
template = loader.get_template('config/instance_add.html')
context = {
'hostname_default': hostname_default,
'instance_id': instance_id,
'instances': all_instances,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def xeditrule(request, firewall_name, rulenumber):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
firewall = vyos.get_firewall(hostname_default, firewall_name) # remove
firewall_networkgroup = vyos.get_firewall_networkgroup(hostname_default)
firewall_addressgroup = vyos.get_firewall_addressgroup(hostname_default)
firewall_networkgroup_js = json.dumps(firewall_networkgroup['network-group'])
firewall_addressgroup_js = json.dumps(firewall_addressgroup['address-group'])
netservices = network.get_services()
netservices_js = json.dumps(netservices)
portgroups = vyos.get_firewall_portgroup(hostname_default)
template = loader.get_template('firewall/editrule.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall_name': firewall_name,
'firewall_name': firewall_name,
'username': request.user,
'is_superuser' : is_superuser,
'services' : netservices['services'],
'services_common' : netservices['common'],
'firewall_networkgroup': firewall_networkgroup['network-group'],
'firewall_addressgroup': firewall_addressgroup['address-group'],
'firewall_networkgroup_js': firewall_networkgroup_js,
'firewall_addressgroup_js': firewall_addressgroup_js,
'netservices_js' : netservices_js,
}
def user_add(request):
is_superuser = perms.get_is_superuser(request.user)
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
error_message = None
count = 0
name = ''
if 'name' in request.POST:
name = request.POST['name']
count += 1
username = ''
if 'username' in request.POST:
username = request.POST['username']
count += 1
password = ''
if 'password' in request.POST:
password = request.POST['password']
count += 1
email = ''
if 'email' in request.POST:
email = request.POST['email']
count += 1
if count >= 4:
try:
user = User.objects.get(username=username)
error_message = 'Username already exists'
except User.DoesNotExist:
user_create = User(username=username,
email=email,
password=password,
last_name=name)
user_create.save()
return redirect('config:users-list')
template = loader.get_template('config/user_add.html')
context = {
'hostname_default': hostname_default,
'instances': all_instances,
'error_message': error_message,
'name': name,
'username': username,
'password': password,
'email': email,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_addressgroup_add(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
if ( request.POST.get('name', None) != None
and request.POST.get('addressgroup_json', None) != None):
group = request.POST.get('name', None)
description = request.POST.get('description', None)
try:
networks = json.loads(request.POST.get('addressgroup_json'))
except ValueError:
networks = {}
changed = False
vyos2.log('networks', networks)
for network in networks:
v = vyos2.api (
hostname = hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", group, "address", network],
description = "add address-group network",
)
if v.success and changed == False:
changed = True
# set network description if it was created
if changed == True:
if description != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", group, "description", description],
description = "set address-group description",
)
return redirect('firewall:firewall-addressgroup-list')
template = loader.get_template('firewall/addressgroup-add.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def prepare(request, title=None):
p = prepareClass()
p.all_instances = perms.instance_getall_by_group(request)
p.hostname_default = perms.get_hostname_prefered(request)
p.is_superuser = perms.get_is_superuser(request.user)
p.request = request
p.msg = vmsg.msg()
p.debug = settings.DEBUG
p.vycontrol_credits = settings.VYCONTROL_CREDITS
if title != None:
p.title = title
return p
def firewall_addressgroup_list(request):
hostname_default = vyos.get_hostname_prefered(request)
firewall_addressgroup = vyos.get_firewall_addressgroup(hostname_default)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
template = loader.get_template('firewall/addressgroup-list.html')
context = {
'firewall_addressgroup': firewall_addressgroup,
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def groups_list(request):
is_superuser = perms.get_is_superuser(request.user)
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
groups = Group.objects.all()
template = loader.get_template('config/groups_list.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'groups': groups,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def index(request):
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
ntp_srv = vapi.get_ntp(hostname_default)
ntp_servers = {}
if ntp_srv.success:
if ntp_srv.data['server'] != None:
ntp_servers = ntp_srv.data['server']
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'ntp_servers': ntp_servers,
'is_superuser': is_superuser,
}
return render(request, 'ntp/list.html', context)
def firewall_config(request, firewall_name):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
firewall = vyos.get_firewall(hostname_default, firewall_name)
template = loader.get_template('firewall/show.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall': firewall,
'firewall_name': firewall_name,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def index(request):
is_superuser = perms.get_is_superuser(request.user)
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
for instance in all_instances:
if group == None:
all_instance[instance]['group'] = "admin"
hostname_default = vyos.get_hostname_prefered(request)
template = loader.get_template('config/instance.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def interfacefirewall(request, interface_type, interface_name):
all_instances = vyos.instance_getall()
is_superuser = perms.get_is_superuser(request.user)
hostname_default = vyos.get_hostname_prefered(request)
interface = vyos.get_interface(interface_type,
interface_name,
hostname=hostname_default)
template = loader.get_template('interface/show.html')
context = {
'interface': interface,
'instances': all_instances,
'hostname_default': hostname_default,
'interface_type': interface_type,
'interface_name': interface_name,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def index(request):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall_by_group(request)
hostname_default = vyos.get_hostname_prefered(request)
firewall2 = vyos2.api(
hostname = hostname_default,
api = 'get',
op = 'showConfig',
cmd = {"op": "showConfig", "path": ["firewall"]},
description = "get all firewall",
)
is_superuser = perms.get_is_superuser(request.user)
firewall_all = vyos.get_firewall_all(hostname_default)
if firewall_all == False:
return redirect('firewall:firewall-create')
for xitem in firewall_all['name']:
if 'default-action' in firewall_all['name'][xitem]:
firewall_all['name'][xitem]['default_action'] = firewall_all['name'][xitem]['default-action']
del firewall_all['name'][xitem]['default-action']
template = loader.get_template('firewall/list.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall_all': firewall_all,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def static_list(request):
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
static_dict = vyos.get_route_static(hostname_default)
is_superuser = perms.get_is_superuser(request.user)
static_list = []
for s in static_dict['route']:
static_list.append({
'route': s,
'nexthop': static_dict['route'][s]['next-hop'],
})
template = loader.get_template('static/list.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'static_list' : static_list,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_edit(request, firewall_name):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
firewall = vyos.get_firewall(hostname_default, firewall_name)
firewall['defaultaction'] = firewall['default-action']
is_superuser = perms.get_is_superuser(request.user)
changed = False
if 'description' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "description", request.POST['description']]}
result2 = vyos.set_config(hostname_default, cmd)
print(result2)
changed = True
if 'action' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "default-action", request.POST['action']]}
result3 = vyos.set_config(hostname_default, cmd)
print(result3)
changed = True
if changed == True:
return redirect('firewall:firewall-list')
template = loader.get_template('firewall/edit.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall_name': firewall_name,
'firewall': firewall,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def index(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall()
firewall_all = vyos.get_firewall_all(hostname_default)
interfaces = vyos.get_interfaces(hostname_default)
is_superuser = perms.get_is_superuser(request.user)
interfaces_all_names = vyos.get_interfaces_all_names(hostname_default)
interface_firewall_in = {}
interface_firewall_out = {}
interface_address = {}
firewall_names = []
# set interface_alias in format eth0 if has not vif and eth0.vlan if has vlan
for iname in interfaces_all_names:
if 'vif' in iname:
iname['interface_alias'] = "{interface_name}.{vif}".format(
interface_name=iname['interface_name'], vif=iname['vif'])
else:
iname['interface_alias'] = iname['interface_name']
# create firewall_in and firewall_out vars
for interface_type in interfaces:
for interface_name in interfaces[interface_type]:
try:
interface_firewall_in[interface_name] = interfaces[
interface_type][interface_name]['firewall']['in']['name']
except:
pass
try:
interface_firewall_out[interface_name] = interfaces[
interface_type][interface_name]['firewall']['out']['name']
except:
pass
if interface_name not in interface_address:
interface_address[interface_name] = []
try:
interface_address[interface_name].append(
interfaces[interface_type][interface_name]['address'])
except:
pass
if 'vif' in interfaces[interface_type][interface_name]:
for vif in interfaces[interface_type][interface_name]['vif']:
interface_name_full = "{interface_name}.{vif}".format(
interface_name=interface_name, vif=vif)
try:
interface_firewall_in[
interface_name_full] = interfaces[interface_type][
interface_name]['vif'][vif]['firewall']['in'][
'name']
except:
pass
try:
interface_firewall_out[
interface_name_full] = interfaces[interface_type][
interface_name]['vif'][vif]['firewall']['out'][
'name']
except:
pass
if interface_name_full not in interface_address:
interface_address[interface_name_full] = []
try:
interface_address[interface_name_full].append(
interfaces[interface_type][interface_name]['vif']
[vif]['address'])
except:
pass
# put all information in a single var: interface_all_names
for iname in interfaces_all_names:
if 'vif' in iname:
ialias = "{interface_name}.{vif}".format(
interface_name=iname['interface_name'], vif=iname['vif'])
else:
ialias = iname['interface_name']
if ialias in interface_firewall_out:
iname['firewall_out'] = interface_firewall_out[ialias]
if ialias in interface_firewall_in:
iname['firewall_in'] = interface_firewall_in[ialias]
if ialias in interface_address:
iname['address'] = interface_address[ialias]
if 'name' in firewall_all:
for fname in firewall_all['name']:
firewall_names.append(fname)
# create a dict
interfaces_all_names_dict = {}
for iname in interfaces_all_names:
if 'vif' in iname:
ialias = "{interface_name}.{vif}".format(
interface_name=iname['interface_name'], vif=iname['vif'])
else:
ialias = iname['interface_name']
interfaces_all_names_dict[ialias] = iname
fw_changed = False
for el in request.POST:
interface_vif = None
if el.startswith('firewall-ipv4-in'):
pos = el.split(".")
interface_type = pos[1]
interface_name = pos[2]
if len(pos) >= 4:
interface_vif = pos[3]
ialias = "{interface_name}.{vif}".format(
interface_name=interface_name, vif=interface_vif)
else:
ialias = interface_name
firewall_name = request.POST[el]
if firewall_name == "--remove--":
if 'firewall_in' in interfaces_all_names_dict[ialias]:
v = vapi.delete_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "in",
interface_vif)
#print("@@@@@@@@@@@@@@@@@ in delete", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
else:
pass
#print("@@@@@ not 1", interfaces_all_names_dict[ialias], firewall_name)
else:
if 'firewall_in' not in interfaces_all_names_dict[
ialias] or interfaces_all_names_dict[ialias][
'firewall_in'] != firewall_name:
v = vapi.set_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "in",
firewall_name, interface_vif)
#print("@@@@@@@@@@@@@@@@@ in add", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
else:
pass
#print("@@@@@ not 2", interfaces_all_names_dict[ialias], firewall_name )
fw_changed = True
elif el.startswith('firewall-ipv4-out'):
pos = el.split(".")
interface_type = pos[1]
interface_name = pos[2]
if len(pos) >= 4:
interface_vif = pos[3]
ialias = "{interface_name}.{vif}".format(
interface_name=interface_name, vif=interface_vif)
else:
ialias = interface_name
firewall_name = request.POST[el]
if firewall_name == "--remove--":
if 'firewall_out' in interfaces_all_names_dict[ialias]:
v = vapi.delete_interface_firewall_ipv4(
hostname_default, interface_type, interface_name,
"out", interface_vif)
#print("@@@@@@@@@@@@@@@@@ out delete", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
else:
#print("@@@@@ not 3", interfaces_all_names_dict[ialias], firewall_name)
pass
else:
if 'firewall_out' not in interfaces_all_names_dict[
ialias] or interfaces_all_names_dict[ialias][
'firewall_out'] != firewall_name:
v = vapi.set_interface_firewall_ipv4(
hostname_default, interface_type, interface_name,
"out", firewall_name, interface_vif)
#print("@@@@@@@@@@@@@@@@@ out add", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
else:
#print("@@@@@ not 4", interfaces_all_names_dict[ialias], firewall_name)
pass
fw_changed = True
if fw_changed == True:
return redirect('interface:interface-list')
template = loader.get_template('interface/index.html')
context = {
'interfaces':
interfaces,
'interfaces_pretty':
pprint.pformat(interfaces, indent=4, width=120),
'interfaces_all_names':
interfaces_all_names,
'interfaces_all_names_pretty':
pprint.pformat(interfaces_all_names, indent=4, width=120),
'instances':
all_instances,
'hostname_default':
hostname_default,
'firewall_all':
firewall_all,
'firewall_names':
firewall_names,
'interface_firewall_in':
interface_firewall_in,
'interface_firewall_out':
interface_firewall_out,
'interface_firewall_in_pretty':
pprint.pformat(interface_firewall_in, indent=4, width=120),
'interface_firewall_out_pretty':
pprint.pformat(interface_firewall_out, indent=4, width=120),
'username':
request.user,
'is_superuser':
is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_addressgroup_desc(request, groupname):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
v = vyos2.api (
hostname= hostname_default,
api = "get",
op = "showConfig",
cmd = ["firewall", "group", "address-group", groupname],
description = "show address-group config",
)
groupinfo = v.data
if 'address' not in groupinfo:
networks_original = []
else:
networks_original = groupinfo['address']
if type(networks_original) is str:
vyos2.log("tipo", type(networks_original))
networks_original = [groupinfo['address']]
else:
networks_original = groupinfo['address']
vyos2.log("networks_original", networks_original)
networks_json = json.dumps(networks_original)
changed = False
if v.success:
if request.POST.get('description', None) != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", groupname, "description", request.POST.get('description')],
description = "set network-group description",
)
changed = True
if request.POST.get('networkgroup_json', None) != None:
try:
networks_new = json.loads(request.POST.get('networkgroup_json'))
except ValueError:
networks_new = {}
vyos2.log('networks new', networks_new)
for network in networks_new:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", groupname, "address", network],
description = "edit address-group network",
)
if v.success and changed == False:
changed = True
vyos2.log('networks original', networks_original)
for network in networks_original:
if network not in networks_new:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "delete",
cmd = ["firewall", "group", "address-group", groupname, "address", network],
description = "delete address-group network",
)
if v.success and changed == False:
changed = True
if changed == True:
return redirect('firewall:firewall-addressgroup-list')
template = loader.get_template('firewall/addressgroup-desc.html')
context = {
'groupinfo': groupinfo,
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'groupname': groupname,
'networks_json' : networks_json,
}
return HttpResponse(template.render(context, request))
else:
return redirect('firewall:firewall-addressgroup-list')
def index(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall()
firewall_all = vyos.get_firewall_all(hostname_default)
interfaces = vyos.get_interfaces(hostname_default)
is_superuser = perms.get_is_superuser(request.user)
interface_firewall_in = {}
interface_firewall_out = {}
for interface_type in interfaces:
for interface_name in interfaces[interface_type]:
pprint.pprint(interface_name)
try:
interface_firewall_in[interface_name] = interfaces[
interface_type][interface_name]['firewall']['in']['name']
except:
pass
try:
interface_firewall_out[interface_name] = interfaces[
interface_type][interface_name]['firewall']['out']['name']
except:
pass
fw_changed = False
for el in request.POST:
pprint.pprint(request.POST)
if el.startswith('firewall-ipv4-in') and request.POST[el]:
pos = el.split(".")
interface_type = pos[1]
interface_name = pos[2]
firewall_name = request.POST[el]
if firewall_name == "--remove--":
result1 = vyos.delete_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "in")
else:
result1 = vyos.set_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "in",
firewall_name)
pprint.pprint(result1)
fw_changed = True
elif el.startswith('firewall-ipv4-out') and request.POST[el]:
pos = el.split(".")
interface_type = pos[1]
interface_name = pos[2]
firewall_name = request.POST[el]
if firewall_name == "--remove--":
result1 = vyos.delete_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "out")
else:
result1 = vyos.set_interface_firewall_ipv4(
hostname_default, interface_type, interface_name, "out",
firewall_name)
pprint.pprint(result1)
fw_changed = True
if fw_changed == True:
return redirect('interface:interface-list')
"""
if 'name' in request.POST:
result1 = vyos.set_config(hostname_default, cmd)
print(result1)
if 'description' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]}
result2 = vyos.set_config(hostname_default, cmd)
print(result2)
if 'action' in request.POST:
cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]}
result3 = vyos.set_config(hostname_default, cmd)
print(result3)
return redirect('firewall:firewall-list')
"""
template = loader.get_template('interface/index.html')
context = {
'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall_all': firewall_all,
'interface_firewall_in': interface_firewall_in,
'interface_firewall_out': interface_firewall_out,
'username': request.user,
'is_superuser': is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_portgroup_edit(request, groupname):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
netservices = network.get_services()
portgroups = vyos.get_firewall_portgroup(hostname_default)
portgroups_json = json.dumps(portgroups['port-group'][groupname], separators=(',', ':'))
description = portgroups['port-group'][groupname]['description']
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, groupname, request.POST.get('description'))
if request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '':
try:
ports = json.loads(request.POST.get('portgroup_ports_hidden'))
except ValueError:
return redirect('firewall:firewall-portgroup-list')
port_remove = []
port_add = []
# each port in vyos database
for port in portgroups['port-group'][groupname]['port']:
# vyos port not in form
if port not in ports:
# so mark to remove
port_remove.append(port)
# each port comming from form
for port in ports:
# form port not in vyos database
if port not in portgroups['port-group'][groupname]['port']:
# so mark to add
port_add.append(port)
# add ports to vyos database
for port in port_add:
vyos.set_firewall_portgroup_add(hostname_default, groupname, port)
# remove ports to vyos database
for port in port_remove:
vyos.set_firewall_portgroup_delete_port(hostname_default, groupname, port)
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
return redirect('firewall:firewall-portgroup-list')
template = loader.get_template('firewall/portgroup-edit.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'groupname' : groupname,
'services_common' : netservices['common'],
'services' : netservices['services'],
'description' : description,
'portgroups_json' : portgroups_json,
}
return HttpResponse(template.render(context, request))
def interface_add(request):
all_instances = perms.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
hostname_default = perms.get_hostname_prefered(request)
msg = vmsg.msg()
changed = False
if request.POST.get('name', None) == None:
pass
else:
interface_name = None
if validator_letters_numbers(request.POST.get('name', '').strip()):
interface_name = request.POST.get('name', '').strip()
interface_address = None
if validator_ipv4_cidr(request.POST.get('address', '')):
interface_address = request.POST.get('address', '').strip()
interface_dhcp = False
if request.POST.get('dhcp', '0') == '1':
interface_dhcp = True
interface_address = 'dhcp'
interface_mtu = None
if request.POST.get('mtu', '').strip().isdigit():
interface_mtu = request.POST.get('mtu').strip()
try:
interface_mtu = int(interface_mtu)
except:
interface_mtu = 1450
if not validators.between(interface_mtu, min=1000, max=9000):
interface_mtu = 1450
interface_type = 'ethernet'
interface_types = ['ethernet', 'dummy', 'loopback']
if request.POST.get('type', 'ethernet') in interface_types:
interface_type = request.POST.get('type', 'ethernet')
v = vapi.set_interface(hostname_default, interface_type,
interface_name)
if v.success == False:
msg.add_error("Action: failed to add interface - " + v.reason)
else:
msg.add_success("Action: interface added")
changed = True
v = vapi.set_interface_mtu(hostname_default, interface_type,
interface_name, interface_mtu)
if v.success == False:
msg.add_error("Action: failed to set MTU - " + v.reason)
else:
msg.add_success("Action: MTU set")
v = vapi.set_interface_address(hostname_default, interface_type,
interface_name, interface_address)
if v.success == False:
msg.add_error("Action: failed to set address - " + v.reason)
else:
msg.add_success("Action: address set")
template = loader.get_template('interface/add.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'username': request.user,
'is_superuser': is_superuser,
'msg': msg.get_all(),
'changed': changed,
}
return HttpResponse(template.render(context, request))
def interface_add_vlan(request, interface_type=None, interface_name=None):
all_instances = perms.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
hostname_default = perms.get_hostname_prefered(request)
msg = vmsg.msg()
changed = False
if interface_type == None and interface_name == None:
interface_type = request.POST.get('interface_type')
interface_name = request.POST.get('interface_name')
if validator_letters_numbers(
interface_type) and validator_letters_numbers(interface_name):
pass
else:
return redirect('interface:interface-list')
interface_vlan = request.POST.get('vlan', '').strip()
try:
interface_vlan = int(interface_vlan)
except:
interface_vlan = 0
if interface_vlan == 0:
pass
elif not validators.between(interface_vlan, min=1, max=4095):
msg.add_error("VLAN need to be between 1 and 4095")
else:
interface_address = None
if validator_ipv4_cidr(request.POST.get('address', '')):
interface_address = request.POST.get('address', '').strip()
interface_dhcp = False
if request.POST.get('dhcp', '0') == '1':
interface_dhcp = True
interface_address = 'dhcp'
interface_mtu = 0
if request.POST.get('mtu', '').strip().isdigit():
interface_mtu = request.POST.get('mtu').strip()
try:
interface_mtu = int(interface_mtu)
except:
interface_mtu = 1450
if not validators.between(interface_mtu, min=1000, max=9000):
interface_mtu = 1450
interface_mtu = str(interface_mtu)
interface_vlan = str(interface_vlan)
interface_type = 'ethernet'
v = vapi.set_interface(hostname_default,
interface_type,
interface_name,
vif=interface_vlan)
if v.success == False:
msg.add_error("Action: failed to add interface - " + v.reason)
else:
msg.add_success("Action: interface added")
changed = True
v = vapi.set_interface_mtu(hostname_default,
interface_type,
interface_name,
interface_mtu,
vif=interface_vlan)
if v.success == False:
msg.add_error("Action: failed to set MTU - " + v.reason)
else:
msg.add_success("Action: MTU set")
v = vapi.set_interface_address(hostname_default,
interface_type,
interface_name,
interface_address,
vif=interface_vlan)
if v.success == False:
msg.add_error("Action: failed to set address - " + v.reason)
else:
msg.add_success("Action: address set")
template = loader.get_template('interface/add_vlan.html')
context = {
'instances': all_instances,
'hostname_default': hostname_default,
'username': request.user,
'is_superuser': is_superuser,
'msg': msg.get_all(),
'changed': changed,
'interface_name': interface_name,
'interface_type': interface_type,
}
return HttpResponse(template.render(context, request))
def changerule(request, firewall_name, mode, template_name="firewall/addrule.html", rulenumber = None):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall()
hostname_default = vyos.get_hostname_prefered(request)
is_superuser = perms.get_is_superuser(request.user)
# get all selected firewall data
firewall = vyos.get_firewall(hostname_default, firewall_name)
# get all firewall groups
firewall_group = {}
firewall_group['network-group'] = {}
firewall_group['address-group'] = {}
firewall_group['port-group'] = {}
firewall_group_raw = vycommon.get_firewall_group(hostname_default)
if firewall_group_raw.success:
if 'network-group' in firewall_group_raw.data:
for g in firewall_group_raw.data['network-group']:
firewall_group['network-group'][g] = firewall_group_raw.data['network-group'][g]
if 'address-group' in firewall_group_raw.data:
for g in firewall_group_raw.data['address-group']:
firewall_group['address-group'][g] = firewall_group_raw.data['address-group'][g]
if 'port-group' in firewall_group_raw.data:
for g in firewall_group_raw.data['port-group']:
firewall_group['port-group'][g] = firewall_group_raw.data['port-group'][g]
firewall_networkgroup_js = json.dumps(firewall_group['network-group'])
firewall_addressgroup_js = json.dumps(firewall_group['address-group'])
netservices = network.get_services()
netservices_js = json.dumps(netservices)
portgroups = vyos.get_firewall_portgroup(hostname_default)
ruledata = vycommon.get_firewall_rulenumber(hostname_default, firewall_name, rulenumber)
ruledata_json = json.dumps(ruledata.data)
vyos2.log("json", ruledata_json)
if portgroups != False:
portgroups_groups = portgroups['port-group']
else:
portgroups_groups = []
changed = False
# edit rule without valid rulenumber
if ( mode == "editrule"
and rulenumber == None):
return redirect('firewall:show', firewall_name)
# mode add rule
if mode == "addrule":
rulenumber = request.POST.get('rulenumber')
vyos2.log("mode addrule", rulenumber)
# mode add rule without valid rulenumber
if ( request.POST.get('rulenumber', None) == None
or int(request.POST.get('rulenumber')) <= 0):
return redirect('firewall:show', firewall_name)
else:
rulenumber = request.POST.get('rulenumber')
vyos2.log("mode editrule", rulenumber)
# verifing basic informations, should have rulenumber, status and ruleaction
if ( request.POST.get('status', None) != None
and request.POST.get('status') in ["enabled", "disabled"]
and request.POST.get('ruleaction', None) != None
and request.POST.get('ruleaction') in ["accept", "drop", "reject"]
):
vyos2.log("pass basic validations")
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "action", request.POST.get('ruleaction')],
description = "set rule action",
)
# rule created, continue to configure firewall rule according his criterias
if v.success:
changed = True
# if status disabled, save it
if request.POST.get('status') == "disabled":
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "disable"],
description = "set rule disable",
)
if v.success:
changed = True
elif request.POST.get('status') == "enabled" and mode == "editrule":
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "delete",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "disable"],
description = "delete rule disable",
)
if v.success:
changed = True
# if status set, save it
if request.POST.get('description', None) != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "description", request.POST.get('description')],
description = "set rule description",
)
if v.success:
changed = True
# if criteria_protocol set, save it
if request.POST.get('criteria_protocol', None) == "1":
# other protocol - todo validate data
if request.POST.get('protocol_criteria', None) == "other":
if request.POST.get('protocol_custom', None) != None:
protocol_criteria = request.POST.get('protocol_custom')
# common protocols
elif request.POST.get('protocol_criteria', None) in ['all', 'tcp', 'udp', 'tcp_udp', 'icmp']:
protocol_criteria = request.POST.get('protocol_criteria')
# other cases did not checked anything
else:
protocol_criteria = None
# negate protocol
if request.POST.get('protocol_negate', None) == "1":
protocol_negate = "!"
else:
protocol_negate = ""
# run vyos command
if protocol_criteria != None:
protocol_criteria_txt = protocol_negate + protocol_criteria
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "protocol", protocol_criteria_txt],
description = "set rule protocol",
)
if v.success:
changed = True
# if criteria+port set, save it
if request.POST.get('criteria_port', None) == "1":
destinationport_json = request.POST.get('destinationport_json', None)
sourceport_json = request.POST.get('sourceport_json', None)
if destinationport_json != None:
try:
destinationport = json.loads(destinationport_json)
except ValueError:
destinationport = {}
vyos2.log("destinationport_json", destinationport)
destinationport_text = ','.join(destinationport)
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "port", destinationport_text],
description = "set destination port",
)
if v.success:
changed = True
if sourceport_json != None:
try:
sourceport = json.loads(sourceport_json)
except ValueError:
sourceport = {}
vyos2.log("sourceport_json", sourceport)
sourceport_text = ','.join(sourceport)
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "port", sourceport_text],
description = "set sourceport port",
)
if v.success:
changed = True
# if criteria_address set, save it
if request.POST.get('criteria_address', None) == "1":
# negate sdaddress_source
if request.POST.get('sdaddress_source_negate', None) == "1":
sdaddress_source_negate = "!"
else:
sdaddress_source_negate = ""
# negate sdaddress_destination_negate
if request.POST.get('sdaddress_destination_negate', None) == "1":
sdaddress_destination_negate = "!"
else:
sdaddress_destination_negate = ""
if request.POST.get('sdaddress_source', None) != None:
sdaddress_source = request.POST.get('sdaddress_source')
sdaddress_source_txt = sdaddress_source_negate + sdaddress_source
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "address", sdaddress_source_txt],
description = "set sdaddress_source",
)
if v.success:
changed = True
if request.POST.get('sdaddress_destination', None) != None:
sdaddress_destination = request.POST.get('sdaddress_destination')
sdaddress_destination_txt = sdaddress_destination_negate + sdaddress_destination
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "address", sdaddress_destination_txt],
description = "set sdaddress_destination_txt",
)
if v.success:
changed = True
# if criteria_addressgroup set, save it
if request.POST.get('criteria_addressgroup', None) == "1":
if request.POST.get('sdaddressgroup_source', None) != None:
sdaddressgroup_source = request.POST.get('sdaddressgroup_source')
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "address-group", sdaddressgroup_source],
description = "set sdaddressgroup_source",
)
vyos2.log("set sdaddressgroup_source", v.data)
if v.success:
changed = True
if request.POST.get('sdaddressgroup_destination', None) != None:
sdaddressgroup_destination = request.POST.get('sdaddressgroup_destination')
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "address-group", sdaddressgroup_destination],
description = "set sdaddressgroup_destination",
)
vyos2.log("set sdaddressgroup_destination", v.data)
if v.success:
changed = True
# if criteria_networkgroup set, save it
if request.POST.get('criteria_networkgroup', None) == "1":
if request.POST.get('sdnetworkgroup_source', None) != None:
sdnetworkgroup_source = request.POST.get('sdnetworkgroup_source')
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "network-group", sdnetworkgroup_source],
description = "set sdnetworkgroup_source",
)
if v.success:
changed = True
else:
vyos2.log("sdnetworkgroup_source", v.error)
if request.POST.get('sdnetworkgroup_destination', None) != None:
sdnetworkgroup_destination = request.POST.get('sdnetworkgroup_destination')
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", sdnetworkgroup_destination],
description = "set sdnetworkgroup_destination",
)
if v.success:
changed = True
else:
vyos2.log("sdnetworkgroup_source", v.error)
# if criteria_sourcemac set, save it
if request.POST.get('criteria_sourcemac', None) == "1":
# negate sdaddress_source
if request.POST.get('smac_source_negate', None) == "1":
sourcemac_negate = "!"
else:
sourcemac_negate = ""
if request.POST.get('smac_source', None) != None:
sourcemac = request.POST.get('smac_source')
sourcemac = sourcemac.replace("-",":")
sourcemac = sourcemac.lower()
sourcemac_txt = sourcemac_negate + sourcemac
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "mac-address", sourcemac_txt],
description = "set source mac",
)
if v.success:
changed = True
# if criteria_packetstate set, save it
if request.POST.get('criteria_packetstate', None) == "1":
packetstates = []
if request.POST.get('packetstate_established', None) == "1":
packetstates.append('established')
if request.POST.get('packetstate_invalid', None) == "1":
packetstates.append('invalid')
if request.POST.get('packetstate_new', None) == "1":
packetstates.append('new')
if request.POST.get('packetstate_related', None) == "1":
packetstates.append('related')
if len(packetstates) > 0:
for packetstate in packetstates:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "state", packetstate, "enable"],
description = "set criteria_packetstate",
)
if v.success:
changed = True
# if criteria_tcpflags set, save it
if request.POST.get('criteria_tcpflags', None) == "1":
tcpflags = []
if request.POST.get('tcpflags_syn', None) == "1":
tcpflags.append('SYN')
if request.POST.get('tcpflags_isyn', None) == "1":
tcpflags.append('!SYN')
if request.POST.get('tcpflags_ack', None) == "1":
tcpflags.append('ACK')
if request.POST.get('tcpflags_iack', None) == "1":
tcpflags.append('!ACK')
if request.POST.get('tcpflags_fin', None) == "1":
tcpflags.append('FIN')
if request.POST.get('tcpflags_ifin', None) == "1":
tcpflags.append('!FIN')
if request.POST.get('tcpflags_rst', None) == "1":
tcpflags.append('RST')
if request.POST.get('tcpflags_irst', None) == "1":
tcpflags.append('!RST')
if request.POST.get('tcpflags_urg', None) == "1":
tcpflags.append('URG')
if request.POST.get('tcpflags_iurg', None) == "1":
tcpflags.append('!URG')
if request.POST.get('tcpflags_psh', None) == "1":
tcpflags.append('PSH')
if request.POST.get('tcpflags_ipsh', None) == "1":
tcpflags.append('!PSH')
if request.POST.get('tcpflags_all', None) == "1":
tcpflags.append('ALL')
if request.POST.get('tcpflags_iall', None) == "1":
tcpflags.append('!ALL')
vyos2.log("tcp flags", tcpflags)
if len(tcpflags) > 0:
tcpflags_txt = ",".join(tcpflags)
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "tcp", "flags", tcpflags_txt],
description = "set criteria_tcpflags",
)
if v.success:
changed = True
# if criteria_portgroup set, save it
if request.POST.get('criteria_portgroup', None) == "1":
if request.POST.get('sdportgroup_source', None) != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "port-group", request.POST.get('sdportgroup_source')],
description = "set sdportgroup_source",
)
if v.success:
changed = True
if request.POST.get('sdportgroup_destination', None) != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "port-group", request.POST.get('sdportgroup_destination')],
description = "set sdportgroup_destination",
)
if v.success:
changed = True
if changed == True:
return redirect('firewall:show', firewall_name)
template = loader.get_template(template_name)
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall': firewall,
'firewall_name': firewall_name,
'username': request.user,
'is_superuser' : is_superuser,
'services' : netservices['services'],
'services_common' : netservices['common'],
'firewall_networkgroup': firewall_group['network-group'],
'firewall_addressgroup': firewall_group['address-group'],
'firewall_networkgroup_js': firewall_networkgroup_js,
'firewall_addressgroup_js': firewall_addressgroup_js,
'netservices_js' : netservices_js,
'portgroups_groups': portgroups_groups,
'mode' : mode
}
if mode == "editrule":
context['ruledata'] = ruledata.data
context['ruledata_json'] = ruledata_json
context['rulenumber'] = rulenumber
return HttpResponse(template.render(context, request))
