def firewall_portgroup_add(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
netservices = network.get_services()
if request.POST.get('name', None) != None and request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '':
try:
ports = json.loads(request.POST.get('portgroup_ports_hidden'))
except ValueError:
return redirect('firewall:firewall-portgroup-list')
for port in ports:
vyos.set_firewall_portgroup_add(hostname_default, request.POST.get('name'), port)
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
return redirect('firewall:firewall-portgroup-list')
template = loader.get_template('firewall/portgroup-add.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'services_common' : netservices['common'],
'services' : netservices['services'],
}
return HttpResponse(template.render(context, request))
def firewall_addressgroup_add(request):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
if ( request.POST.get('name', None) != None
and request.POST.get('addressgroup_json', None) != None):
group = request.POST.get('name', None)
description = request.POST.get('description', None)
try:
networks = json.loads(request.POST.get('addressgroup_json'))
except ValueError:
networks = {}
changed = False
vyos2.log('networks', networks)
for network in networks:
v = vyos2.api (
hostname = hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", group, "address", network],
description = "add address-group network",
)
if v.success and changed == False:
changed = True
# set network description if it was created
if changed == True:
if description != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", group, "description", description],
description = "set address-group description",
)
return redirect('firewall:firewall-addressgroup-list')
template = loader.get_template('firewall/addressgroup-add.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_addressgroup_list(request):
hostname_default = vyos.get_hostname_prefered(request)
firewall_addressgroup = vyos.get_firewall_addressgroup(hostname_default)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
template = loader.get_template('firewall/addressgroup-list.html')
context = {
'firewall_addressgroup': firewall_addressgroup,
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def index(request):
#interfaces = vyos.get_interfaces()
all_instances = vyos.instance_getall_by_group(request)
hostname_default = vyos.get_hostname_prefered(request)
firewall2 = vyos2.api(
hostname = hostname_default,
api = 'get',
op = 'showConfig',
cmd = {"op": "showConfig", "path": ["firewall"]},
description = "get all firewall",
)
is_superuser = perms.get_is_superuser(request.user)
firewall_all = vyos.get_firewall_all(hostname_default)
if firewall_all == False:
return redirect('firewall:firewall-create')
for xitem in firewall_all['name']:
if 'default-action' in firewall_all['name'][xitem]:
firewall_all['name'][xitem]['default_action'] = firewall_all['name'][xitem]['default-action']
del firewall_all['name'][xitem]['default-action']
template = loader.get_template('firewall/list.html')
context = {
#'interfaces': interfaces,
'instances': all_instances,
'hostname_default': hostname_default,
'firewall_all': firewall_all,
'username': request.user,
'is_superuser' : is_superuser,
}
return HttpResponse(template.render(context, request))
def firewall_addressgroup_desc(request, groupname):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
v = vyos2.api (
hostname= hostname_default,
api = "get",
op = "showConfig",
cmd = ["firewall", "group", "address-group", groupname],
description = "show address-group config",
)
groupinfo = v.data
if 'address' not in groupinfo:
networks_original = []
else:
networks_original = groupinfo['address']
if type(networks_original) is str:
vyos2.log("tipo", type(networks_original))
networks_original = [groupinfo['address']]
else:
networks_original = groupinfo['address']
vyos2.log("networks_original", networks_original)
networks_json = json.dumps(networks_original)
changed = False
if v.success:
if request.POST.get('description', None) != None:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", groupname, "description", request.POST.get('description')],
description = "set network-group description",
)
changed = True
if request.POST.get('networkgroup_json', None) != None:
try:
networks_new = json.loads(request.POST.get('networkgroup_json'))
except ValueError:
networks_new = {}
vyos2.log('networks new', networks_new)
for network in networks_new:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "set",
cmd = ["firewall", "group", "address-group", groupname, "address", network],
description = "edit address-group network",
)
if v.success and changed == False:
changed = True
vyos2.log('networks original', networks_original)
for network in networks_original:
if network not in networks_new:
v = vyos2.api (
hostname= hostname_default,
api = "post",
op = "delete",
cmd = ["firewall", "group", "address-group", groupname, "address", network],
description = "delete address-group network",
)
if v.success and changed == False:
changed = True
if changed == True:
return redirect('firewall:firewall-addressgroup-list')
template = loader.get_template('firewall/addressgroup-desc.html')
context = {
'groupinfo': groupinfo,
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'groupname': groupname,
'networks_json' : networks_json,
}
return HttpResponse(template.render(context, request))
else:
return redirect('firewall:firewall-addressgroup-list')
def firewall_portgroup_edit(request, groupname):
hostname_default = vyos.get_hostname_prefered(request)
all_instances = vyos.instance_getall_by_group(request)
is_superuser = perms.get_is_superuser(request.user)
netservices = network.get_services()
portgroups = vyos.get_firewall_portgroup(hostname_default)
portgroups_json = json.dumps(portgroups['port-group'][groupname], separators=(',', ':'))
description = portgroups['port-group'][groupname]['description']
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, groupname, request.POST.get('description'))
if request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '':
try:
ports = json.loads(request.POST.get('portgroup_ports_hidden'))
except ValueError:
return redirect('firewall:firewall-portgroup-list')
port_remove = []
port_add = []
# each port in vyos database
for port in portgroups['port-group'][groupname]['port']:
# vyos port not in form
if port not in ports:
# so mark to remove
port_remove.append(port)
# each port comming from form
for port in ports:
# form port not in vyos database
if port not in portgroups['port-group'][groupname]['port']:
# so mark to add
port_add.append(port)
# add ports to vyos database
for port in port_add:
vyos.set_firewall_portgroup_add(hostname_default, groupname, port)
# remove ports to vyos database
for port in port_remove:
vyos.set_firewall_portgroup_delete_port(hostname_default, groupname, port)
if request.POST.get('description', None) != None:
vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
return redirect('firewall:firewall-portgroup-list')
template = loader.get_template('firewall/portgroup-edit.html')
context = {
'hostname_default': hostname_default,
'username': request.user,
'instances': all_instances,
'is_superuser' : is_superuser,
'groupname' : groupname,
'services_common' : netservices['common'],
'services' : netservices['services'],
'description' : description,
'portgroups_json' : portgroups_json,
}
return HttpResponse(template.render(context, request))