def instances(request): is_superuser = perms.get_is_superuser(request.user) all_instances = perms.instance_getall_by_group(request) hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) print(all_instances) if hostname_default == None: if all_instances.count() > 0: for i in all_instances: pprint.pprint(i.hostname) instance_default(request, i.hostname) else: return redirect('config:instance-add') groups = Group.objects.all() template = loader.get_template('config/instances.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'groups': groups, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def create(request): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) if 'name' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", request.POST['name']]} result1 = vyos.set_config(hostname_default, cmd) print(result1) if 'description' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]} result2 = vyos.set_config(hostname_default, cmd) print(result2) if 'action' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]} result3 = vyos.set_config(hostname_default, cmd) print(result3) return redirect('firewall:firewall-list') template = loader.get_template('firewall/create.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def firewall_portgroup_add(request): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) netservices = network.get_services() if request.POST.get('name', None) != None and request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '': try: ports = json.loads(request.POST.get('portgroup_ports_hidden')) except ValueError: return redirect('firewall:firewall-portgroup-list') for port in ports: vyos.set_firewall_portgroup_add(hostname_default, request.POST.get('name'), port) if request.POST.get('description', None) != None: vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description')) return redirect('firewall:firewall-portgroup-list') template = loader.get_template('firewall/portgroup-add.html') context = { 'hostname_default': hostname_default, 'username': request.user, 'instances': all_instances, 'is_superuser' : is_superuser, 'services_common' : netservices['common'], 'services' : netservices['services'], } return HttpResponse(template.render(context, request))
def add(request): msg = vmsg.msg() all_instances = perms.instance_getall_by_group(request) hostname_default = perms.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) if 'server' in request.POST: if validators.ipv6(request.POST['server'].strip()) or validators.ipv4( request.POST['server'].strip()) or validators.domain( request.POST['server'].strip()): v = vapi.set_ntp(hostname_default, request.POST['server'].strip()) if v.success == False: msg.add_error("NTP server add fail - " + v.reason) else: msg.add_success("NTP server added") else: msg.add_error( "ntp server add fail - insert only domains or IPv4 or IPv6") context = { 'instances': all_instances, 'hostname_default': hostname_default, 'is_superuser': is_superuser, 'username': request.user, 'msg': msg.get_all(), } return render(request, 'ntp/add.html', context)
def interface_show(request, interface_type, interface_name): all_instances = perms.instance_getall_by_group(request) hostname_default = perms.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) firewall_all = vyos.get_firewall_all(hostname_default) interface = vyos.get_interface(interface_type, interface_name, hostname=hostname_default) interface_detail = vyos.detail_interface(interface_type, interface_name) interface_vif = interface_detail['vlan_id'] interface_name_short = interface_detail['interface_name'] interface_children = vyos.get_interface_children(hostname_default, interface_name_short) template = loader.get_template('interface/show.html') context = { 'interface_children': interface_children, 'interface': interface, 'interface_vif': interface_vif, 'instances': all_instances, 'interface_type': interface_type, 'interface_name': interface_name, 'hostname_default': hostname_default, 'firewall_all': firewall_all, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def static_add(request): all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) static_list = vyos.get_route_static(hostname_default) is_superuser = perms.get_is_superuser(request.user) error_message = None if 'subnet' in request.POST and 'nexthop' in request.POST: return1 = vyos.set_route_static(hostname_default, request.POST['subnet'], request.POST['nexthop']) if return1 == False: error_message = 'Cannot add static route.' else: return redirect('static:static-list') ippath = vyos.ip_route(hostname_default) template = loader.get_template('static/add.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'static_list' : static_list, 'error_message' : error_message, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def static_add(request): msg = vmsg.msg() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) static_list = vyos.get_route_static(hostname_default) is_superuser = perms.get_is_superuser(request.user) if 'subnet' in request.POST and 'nexthop' in request.POST: v = vapi.set_route_static(hostname_default, request.POST['subnet'], request.POST['nexthop']) if v.success == False: msg.add_error("Static route add fail - " + v.reason) else: msg.add_success("Static route added") ippath = vyos.ip_route(hostname_default) template = loader.get_template('static/add.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'static_list': static_list, 'username': request.user, 'is_superuser': is_superuser, 'msg': msg.get_all(), } return HttpResponse(template.render(context, request))
def instance_conntry(request, hostname): is_superuser = perms.get_is_superuser(request.user) all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) if perms.user_has_hostname_access(request.user, hostname) == False: return redirect('config:instances') # permcheck instance = Instance.objects.get(hostname=hostname) connected = vyos.conntry(hostname) if connected == True: request.session['hostname'] = hostname template = loader.get_template('config/instance_conntry.html') context = { 'instance': instance, "connected": connected, 'instances': all_instances, 'hostname_default': hostname_default, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def group_add(request): is_superuser = perms.get_is_superuser(request.user) #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) error_message = None if len(request.POST) > 0 and 'name' in request.POST: try: group_get = Group.objects.get(name=request.POST['name']) error_message = 'Group already exists' except Group.DoesNotExist: group_create = Group(name=request.POST['name']) group_create.save() return redirect('config:groups-list') else: instance_id = 0 template = loader.get_template('config/group_add.html') context = { 'hostname_default': hostname_default, 'instance_id': instance_id, 'instances': all_instances, 'error_message': error_message, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def instance_add(request): is_superuser = perms.get_is_superuser(request.user) #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) if len(request.POST) > 0: instance = Instance() instance.alias = request.POST['alias'] instance.hostname = request.POST['hostname'] instance.port = request.POST['port'] instance.key = request.POST['key'] if 'https' in request.POST: instance.https = request.POST['https'] else: instance.https = False instance_id = instance.save() return redirect('config:instances') else: instance_id = 0 template = loader.get_template('config/instance_add.html') context = { 'hostname_default': hostname_default, 'instance_id': instance_id, 'instances': all_instances, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def xeditrule(request, firewall_name, rulenumber): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) firewall = vyos.get_firewall(hostname_default, firewall_name) # remove firewall_networkgroup = vyos.get_firewall_networkgroup(hostname_default) firewall_addressgroup = vyos.get_firewall_addressgroup(hostname_default) firewall_networkgroup_js = json.dumps(firewall_networkgroup['network-group']) firewall_addressgroup_js = json.dumps(firewall_addressgroup['address-group']) netservices = network.get_services() netservices_js = json.dumps(netservices) portgroups = vyos.get_firewall_portgroup(hostname_default) template = loader.get_template('firewall/editrule.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall_name': firewall_name, 'firewall_name': firewall_name, 'username': request.user, 'is_superuser' : is_superuser, 'services' : netservices['services'], 'services_common' : netservices['common'], 'firewall_networkgroup': firewall_networkgroup['network-group'], 'firewall_addressgroup': firewall_addressgroup['address-group'], 'firewall_networkgroup_js': firewall_networkgroup_js, 'firewall_addressgroup_js': firewall_addressgroup_js, 'netservices_js' : netservices_js, }
def user_add(request): is_superuser = perms.get_is_superuser(request.user) #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) error_message = None count = 0 name = '' if 'name' in request.POST: name = request.POST['name'] count += 1 username = '' if 'username' in request.POST: username = request.POST['username'] count += 1 password = '' if 'password' in request.POST: password = request.POST['password'] count += 1 email = '' if 'email' in request.POST: email = request.POST['email'] count += 1 if count >= 4: try: user = User.objects.get(username=username) error_message = 'Username already exists' except User.DoesNotExist: user_create = User(username=username, email=email, password=password, last_name=name) user_create.save() return redirect('config:users-list') template = loader.get_template('config/user_add.html') context = { 'hostname_default': hostname_default, 'instances': all_instances, 'error_message': error_message, 'name': name, 'username': username, 'password': password, 'email': email, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def firewall_addressgroup_add(request): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) if ( request.POST.get('name', None) != None and request.POST.get('addressgroup_json', None) != None): group = request.POST.get('name', None) description = request.POST.get('description', None) try: networks = json.loads(request.POST.get('addressgroup_json')) except ValueError: networks = {} changed = False vyos2.log('networks', networks) for network in networks: v = vyos2.api ( hostname = hostname_default, api = "post", op = "set", cmd = ["firewall", "group", "address-group", group, "address", network], description = "add address-group network", ) if v.success and changed == False: changed = True # set network description if it was created if changed == True: if description != None: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "group", "address-group", group, "description", description], description = "set address-group description", ) return redirect('firewall:firewall-addressgroup-list') template = loader.get_template('firewall/addressgroup-add.html') context = { 'hostname_default': hostname_default, 'username': request.user, 'instances': all_instances, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def prepare(request, title=None): p = prepareClass() p.all_instances = perms.instance_getall_by_group(request) p.hostname_default = perms.get_hostname_prefered(request) p.is_superuser = perms.get_is_superuser(request.user) p.request = request p.msg = vmsg.msg() p.debug = settings.DEBUG p.vycontrol_credits = settings.VYCONTROL_CREDITS if title != None: p.title = title return p
def firewall_addressgroup_list(request): hostname_default = vyos.get_hostname_prefered(request) firewall_addressgroup = vyos.get_firewall_addressgroup(hostname_default) all_instances = vyos.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) template = loader.get_template('firewall/addressgroup-list.html') context = { 'firewall_addressgroup': firewall_addressgroup, 'hostname_default': hostname_default, 'username': request.user, 'instances': all_instances, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def groups_list(request): is_superuser = perms.get_is_superuser(request.user) #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) groups = Group.objects.all() template = loader.get_template('config/groups_list.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'groups': groups, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def index(request): all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) ntp_srv = vapi.get_ntp(hostname_default) ntp_servers = {} if ntp_srv.success: if ntp_srv.data['server'] != None: ntp_servers = ntp_srv.data['server'] context = { 'instances': all_instances, 'hostname_default': hostname_default, 'ntp_servers': ntp_servers, 'is_superuser': is_superuser, } return render(request, 'ntp/list.html', context)
def firewall_config(request, firewall_name): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) firewall = vyos.get_firewall(hostname_default, firewall_name) template = loader.get_template('firewall/show.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall': firewall, 'firewall_name': firewall_name, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def index(request): is_superuser = perms.get_is_superuser(request.user) #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() for instance in all_instances: if group == None: all_instance[instance]['group'] = "admin" hostname_default = vyos.get_hostname_prefered(request) template = loader.get_template('config/instance.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def interfacefirewall(request, interface_type, interface_name): all_instances = vyos.instance_getall() is_superuser = perms.get_is_superuser(request.user) hostname_default = vyos.get_hostname_prefered(request) interface = vyos.get_interface(interface_type, interface_name, hostname=hostname_default) template = loader.get_template('interface/show.html') context = { 'interface': interface, 'instances': all_instances, 'hostname_default': hostname_default, 'interface_type': interface_type, 'interface_name': interface_name, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def index(request): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall_by_group(request) hostname_default = vyos.get_hostname_prefered(request) firewall2 = vyos2.api( hostname = hostname_default, api = 'get', op = 'showConfig', cmd = {"op": "showConfig", "path": ["firewall"]}, description = "get all firewall", ) is_superuser = perms.get_is_superuser(request.user) firewall_all = vyos.get_firewall_all(hostname_default) if firewall_all == False: return redirect('firewall:firewall-create') for xitem in firewall_all['name']: if 'default-action' in firewall_all['name'][xitem]: firewall_all['name'][xitem]['default_action'] = firewall_all['name'][xitem]['default-action'] del firewall_all['name'][xitem]['default-action'] template = loader.get_template('firewall/list.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall_all': firewall_all, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def static_list(request): all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) static_dict = vyos.get_route_static(hostname_default) is_superuser = perms.get_is_superuser(request.user) static_list = [] for s in static_dict['route']: static_list.append({ 'route': s, 'nexthop': static_dict['route'][s]['next-hop'], }) template = loader.get_template('static/list.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'static_list' : static_list, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def firewall_edit(request, firewall_name): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) firewall = vyos.get_firewall(hostname_default, firewall_name) firewall['defaultaction'] = firewall['default-action'] is_superuser = perms.get_is_superuser(request.user) changed = False if 'description' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "description", request.POST['description']]} result2 = vyos.set_config(hostname_default, cmd) print(result2) changed = True if 'action' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "default-action", request.POST['action']]} result3 = vyos.set_config(hostname_default, cmd) print(result3) changed = True if changed == True: return redirect('firewall:firewall-list') template = loader.get_template('firewall/edit.html') context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall_name': firewall_name, 'firewall': firewall, 'username': request.user, 'is_superuser' : is_superuser, } return HttpResponse(template.render(context, request))
def index(request): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall() firewall_all = vyos.get_firewall_all(hostname_default) interfaces = vyos.get_interfaces(hostname_default) is_superuser = perms.get_is_superuser(request.user) interfaces_all_names = vyos.get_interfaces_all_names(hostname_default) interface_firewall_in = {} interface_firewall_out = {} interface_address = {} firewall_names = [] # set interface_alias in format eth0 if has not vif and eth0.vlan if has vlan for iname in interfaces_all_names: if 'vif' in iname: iname['interface_alias'] = "{interface_name}.{vif}".format( interface_name=iname['interface_name'], vif=iname['vif']) else: iname['interface_alias'] = iname['interface_name'] # create firewall_in and firewall_out vars for interface_type in interfaces: for interface_name in interfaces[interface_type]: try: interface_firewall_in[interface_name] = interfaces[ interface_type][interface_name]['firewall']['in']['name'] except: pass try: interface_firewall_out[interface_name] = interfaces[ interface_type][interface_name]['firewall']['out']['name'] except: pass if interface_name not in interface_address: interface_address[interface_name] = [] try: interface_address[interface_name].append( interfaces[interface_type][interface_name]['address']) except: pass if 'vif' in interfaces[interface_type][interface_name]: for vif in interfaces[interface_type][interface_name]['vif']: interface_name_full = "{interface_name}.{vif}".format( interface_name=interface_name, vif=vif) try: interface_firewall_in[ interface_name_full] = interfaces[interface_type][ interface_name]['vif'][vif]['firewall']['in'][ 'name'] except: pass try: interface_firewall_out[ interface_name_full] = interfaces[interface_type][ interface_name]['vif'][vif]['firewall']['out'][ 'name'] except: pass if interface_name_full not in interface_address: interface_address[interface_name_full] = [] try: interface_address[interface_name_full].append( interfaces[interface_type][interface_name]['vif'] [vif]['address']) except: pass # put all information in a single var: interface_all_names for iname in interfaces_all_names: if 'vif' in iname: ialias = "{interface_name}.{vif}".format( interface_name=iname['interface_name'], vif=iname['vif']) else: ialias = iname['interface_name'] if ialias in interface_firewall_out: iname['firewall_out'] = interface_firewall_out[ialias] if ialias in interface_firewall_in: iname['firewall_in'] = interface_firewall_in[ialias] if ialias in interface_address: iname['address'] = interface_address[ialias] if 'name' in firewall_all: for fname in firewall_all['name']: firewall_names.append(fname) # create a dict interfaces_all_names_dict = {} for iname in interfaces_all_names: if 'vif' in iname: ialias = "{interface_name}.{vif}".format( interface_name=iname['interface_name'], vif=iname['vif']) else: ialias = iname['interface_name'] interfaces_all_names_dict[ialias] = iname fw_changed = False for el in request.POST: interface_vif = None if el.startswith('firewall-ipv4-in'): pos = el.split(".") interface_type = pos[1] interface_name = pos[2] if len(pos) >= 4: interface_vif = pos[3] ialias = "{interface_name}.{vif}".format( interface_name=interface_name, vif=interface_vif) else: ialias = interface_name firewall_name = request.POST[el] if firewall_name == "--remove--": if 'firewall_in' in interfaces_all_names_dict[ialias]: v = vapi.delete_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "in", interface_vif) #print("@@@@@@@@@@@@@@@@@ in delete", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif) else: pass #print("@@@@@ not 1", interfaces_all_names_dict[ialias], firewall_name) else: if 'firewall_in' not in interfaces_all_names_dict[ ialias] or interfaces_all_names_dict[ialias][ 'firewall_in'] != firewall_name: v = vapi.set_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif) #print("@@@@@@@@@@@@@@@@@ in add", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif) else: pass #print("@@@@@ not 2", interfaces_all_names_dict[ialias], firewall_name ) fw_changed = True elif el.startswith('firewall-ipv4-out'): pos = el.split(".") interface_type = pos[1] interface_name = pos[2] if len(pos) >= 4: interface_vif = pos[3] ialias = "{interface_name}.{vif}".format( interface_name=interface_name, vif=interface_vif) else: ialias = interface_name firewall_name = request.POST[el] if firewall_name == "--remove--": if 'firewall_out' in interfaces_all_names_dict[ialias]: v = vapi.delete_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "out", interface_vif) #print("@@@@@@@@@@@@@@@@@ out delete", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif) else: #print("@@@@@ not 3", interfaces_all_names_dict[ialias], firewall_name) pass else: if 'firewall_out' not in interfaces_all_names_dict[ ialias] or interfaces_all_names_dict[ialias][ 'firewall_out'] != firewall_name: v = vapi.set_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif) #print("@@@@@@@@@@@@@@@@@ out add", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif) else: #print("@@@@@ not 4", interfaces_all_names_dict[ialias], firewall_name) pass fw_changed = True if fw_changed == True: return redirect('interface:interface-list') template = loader.get_template('interface/index.html') context = { 'interfaces': interfaces, 'interfaces_pretty': pprint.pformat(interfaces, indent=4, width=120), 'interfaces_all_names': interfaces_all_names, 'interfaces_all_names_pretty': pprint.pformat(interfaces_all_names, indent=4, width=120), 'instances': all_instances, 'hostname_default': hostname_default, 'firewall_all': firewall_all, 'firewall_names': firewall_names, 'interface_firewall_in': interface_firewall_in, 'interface_firewall_out': interface_firewall_out, 'interface_firewall_in_pretty': pprint.pformat(interface_firewall_in, indent=4, width=120), 'interface_firewall_out_pretty': pprint.pformat(interface_firewall_out, indent=4, width=120), 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def firewall_addressgroup_desc(request, groupname): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) v = vyos2.api ( hostname= hostname_default, api = "get", op = "showConfig", cmd = ["firewall", "group", "address-group", groupname], description = "show address-group config", ) groupinfo = v.data if 'address' not in groupinfo: networks_original = [] else: networks_original = groupinfo['address'] if type(networks_original) is str: vyos2.log("tipo", type(networks_original)) networks_original = [groupinfo['address']] else: networks_original = groupinfo['address'] vyos2.log("networks_original", networks_original) networks_json = json.dumps(networks_original) changed = False if v.success: if request.POST.get('description', None) != None: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "group", "address-group", groupname, "description", request.POST.get('description')], description = "set network-group description", ) changed = True if request.POST.get('networkgroup_json', None) != None: try: networks_new = json.loads(request.POST.get('networkgroup_json')) except ValueError: networks_new = {} vyos2.log('networks new', networks_new) for network in networks_new: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "group", "address-group", groupname, "address", network], description = "edit address-group network", ) if v.success and changed == False: changed = True vyos2.log('networks original', networks_original) for network in networks_original: if network not in networks_new: v = vyos2.api ( hostname= hostname_default, api = "post", op = "delete", cmd = ["firewall", "group", "address-group", groupname, "address", network], description = "delete address-group network", ) if v.success and changed == False: changed = True if changed == True: return redirect('firewall:firewall-addressgroup-list') template = loader.get_template('firewall/addressgroup-desc.html') context = { 'groupinfo': groupinfo, 'hostname_default': hostname_default, 'username': request.user, 'instances': all_instances, 'is_superuser' : is_superuser, 'groupname': groupname, 'networks_json' : networks_json, } return HttpResponse(template.render(context, request)) else: return redirect('firewall:firewall-addressgroup-list')
def index(request): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall() firewall_all = vyos.get_firewall_all(hostname_default) interfaces = vyos.get_interfaces(hostname_default) is_superuser = perms.get_is_superuser(request.user) interface_firewall_in = {} interface_firewall_out = {} for interface_type in interfaces: for interface_name in interfaces[interface_type]: pprint.pprint(interface_name) try: interface_firewall_in[interface_name] = interfaces[ interface_type][interface_name]['firewall']['in']['name'] except: pass try: interface_firewall_out[interface_name] = interfaces[ interface_type][interface_name]['firewall']['out']['name'] except: pass fw_changed = False for el in request.POST: pprint.pprint(request.POST) if el.startswith('firewall-ipv4-in') and request.POST[el]: pos = el.split(".") interface_type = pos[1] interface_name = pos[2] firewall_name = request.POST[el] if firewall_name == "--remove--": result1 = vyos.delete_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "in") else: result1 = vyos.set_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "in", firewall_name) pprint.pprint(result1) fw_changed = True elif el.startswith('firewall-ipv4-out') and request.POST[el]: pos = el.split(".") interface_type = pos[1] interface_name = pos[2] firewall_name = request.POST[el] if firewall_name == "--remove--": result1 = vyos.delete_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "out") else: result1 = vyos.set_interface_firewall_ipv4( hostname_default, interface_type, interface_name, "out", firewall_name) pprint.pprint(result1) fw_changed = True if fw_changed == True: return redirect('interface:interface-list') """ if 'name' in request.POST: result1 = vyos.set_config(hostname_default, cmd) print(result1) if 'description' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]} result2 = vyos.set_config(hostname_default, cmd) print(result2) if 'action' in request.POST: cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]} result3 = vyos.set_config(hostname_default, cmd) print(result3) return redirect('firewall:firewall-list') """ template = loader.get_template('interface/index.html') context = { 'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall_all': firewall_all, 'interface_firewall_in': interface_firewall_in, 'interface_firewall_out': interface_firewall_out, 'username': request.user, 'is_superuser': is_superuser, } return HttpResponse(template.render(context, request))
def firewall_portgroup_edit(request, groupname): hostname_default = vyos.get_hostname_prefered(request) all_instances = vyos.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) netservices = network.get_services() portgroups = vyos.get_firewall_portgroup(hostname_default) portgroups_json = json.dumps(portgroups['port-group'][groupname], separators=(',', ':')) description = portgroups['port-group'][groupname]['description'] if request.POST.get('description', None) != None: vyos.set_firewall_portgroup_description(hostname_default, groupname, request.POST.get('description')) if request.POST.get('portgroup_ports_hidden', None) != None and request.POST.get('portgroup_ports_hidden') != '': try: ports = json.loads(request.POST.get('portgroup_ports_hidden')) except ValueError: return redirect('firewall:firewall-portgroup-list') port_remove = [] port_add = [] # each port in vyos database for port in portgroups['port-group'][groupname]['port']: # vyos port not in form if port not in ports: # so mark to remove port_remove.append(port) # each port comming from form for port in ports: # form port not in vyos database if port not in portgroups['port-group'][groupname]['port']: # so mark to add port_add.append(port) # add ports to vyos database for port in port_add: vyos.set_firewall_portgroup_add(hostname_default, groupname, port) # remove ports to vyos database for port in port_remove: vyos.set_firewall_portgroup_delete_port(hostname_default, groupname, port) if request.POST.get('description', None) != None: vyos.set_firewall_portgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description')) return redirect('firewall:firewall-portgroup-list') template = loader.get_template('firewall/portgroup-edit.html') context = { 'hostname_default': hostname_default, 'username': request.user, 'instances': all_instances, 'is_superuser' : is_superuser, 'groupname' : groupname, 'services_common' : netservices['common'], 'services' : netservices['services'], 'description' : description, 'portgroups_json' : portgroups_json, } return HttpResponse(template.render(context, request))
def interface_add(request): all_instances = perms.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) hostname_default = perms.get_hostname_prefered(request) msg = vmsg.msg() changed = False if request.POST.get('name', None) == None: pass else: interface_name = None if validator_letters_numbers(request.POST.get('name', '').strip()): interface_name = request.POST.get('name', '').strip() interface_address = None if validator_ipv4_cidr(request.POST.get('address', '')): interface_address = request.POST.get('address', '').strip() interface_dhcp = False if request.POST.get('dhcp', '0') == '1': interface_dhcp = True interface_address = 'dhcp' interface_mtu = None if request.POST.get('mtu', '').strip().isdigit(): interface_mtu = request.POST.get('mtu').strip() try: interface_mtu = int(interface_mtu) except: interface_mtu = 1450 if not validators.between(interface_mtu, min=1000, max=9000): interface_mtu = 1450 interface_type = 'ethernet' interface_types = ['ethernet', 'dummy', 'loopback'] if request.POST.get('type', 'ethernet') in interface_types: interface_type = request.POST.get('type', 'ethernet') v = vapi.set_interface(hostname_default, interface_type, interface_name) if v.success == False: msg.add_error("Action: failed to add interface - " + v.reason) else: msg.add_success("Action: interface added") changed = True v = vapi.set_interface_mtu(hostname_default, interface_type, interface_name, interface_mtu) if v.success == False: msg.add_error("Action: failed to set MTU - " + v.reason) else: msg.add_success("Action: MTU set") v = vapi.set_interface_address(hostname_default, interface_type, interface_name, interface_address) if v.success == False: msg.add_error("Action: failed to set address - " + v.reason) else: msg.add_success("Action: address set") template = loader.get_template('interface/add.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'username': request.user, 'is_superuser': is_superuser, 'msg': msg.get_all(), 'changed': changed, } return HttpResponse(template.render(context, request))
def interface_add_vlan(request, interface_type=None, interface_name=None): all_instances = perms.instance_getall_by_group(request) is_superuser = perms.get_is_superuser(request.user) hostname_default = perms.get_hostname_prefered(request) msg = vmsg.msg() changed = False if interface_type == None and interface_name == None: interface_type = request.POST.get('interface_type') interface_name = request.POST.get('interface_name') if validator_letters_numbers( interface_type) and validator_letters_numbers(interface_name): pass else: return redirect('interface:interface-list') interface_vlan = request.POST.get('vlan', '').strip() try: interface_vlan = int(interface_vlan) except: interface_vlan = 0 if interface_vlan == 0: pass elif not validators.between(interface_vlan, min=1, max=4095): msg.add_error("VLAN need to be between 1 and 4095") else: interface_address = None if validator_ipv4_cidr(request.POST.get('address', '')): interface_address = request.POST.get('address', '').strip() interface_dhcp = False if request.POST.get('dhcp', '0') == '1': interface_dhcp = True interface_address = 'dhcp' interface_mtu = 0 if request.POST.get('mtu', '').strip().isdigit(): interface_mtu = request.POST.get('mtu').strip() try: interface_mtu = int(interface_mtu) except: interface_mtu = 1450 if not validators.between(interface_mtu, min=1000, max=9000): interface_mtu = 1450 interface_mtu = str(interface_mtu) interface_vlan = str(interface_vlan) interface_type = 'ethernet' v = vapi.set_interface(hostname_default, interface_type, interface_name, vif=interface_vlan) if v.success == False: msg.add_error("Action: failed to add interface - " + v.reason) else: msg.add_success("Action: interface added") changed = True v = vapi.set_interface_mtu(hostname_default, interface_type, interface_name, interface_mtu, vif=interface_vlan) if v.success == False: msg.add_error("Action: failed to set MTU - " + v.reason) else: msg.add_success("Action: MTU set") v = vapi.set_interface_address(hostname_default, interface_type, interface_name, interface_address, vif=interface_vlan) if v.success == False: msg.add_error("Action: failed to set address - " + v.reason) else: msg.add_success("Action: address set") template = loader.get_template('interface/add_vlan.html') context = { 'instances': all_instances, 'hostname_default': hostname_default, 'username': request.user, 'is_superuser': is_superuser, 'msg': msg.get_all(), 'changed': changed, 'interface_name': interface_name, 'interface_type': interface_type, } return HttpResponse(template.render(context, request))
def changerule(request, firewall_name, mode, template_name="firewall/addrule.html", rulenumber = None): #interfaces = vyos.get_interfaces() all_instances = vyos.instance_getall() hostname_default = vyos.get_hostname_prefered(request) is_superuser = perms.get_is_superuser(request.user) # get all selected firewall data firewall = vyos.get_firewall(hostname_default, firewall_name) # get all firewall groups firewall_group = {} firewall_group['network-group'] = {} firewall_group['address-group'] = {} firewall_group['port-group'] = {} firewall_group_raw = vycommon.get_firewall_group(hostname_default) if firewall_group_raw.success: if 'network-group' in firewall_group_raw.data: for g in firewall_group_raw.data['network-group']: firewall_group['network-group'][g] = firewall_group_raw.data['network-group'][g] if 'address-group' in firewall_group_raw.data: for g in firewall_group_raw.data['address-group']: firewall_group['address-group'][g] = firewall_group_raw.data['address-group'][g] if 'port-group' in firewall_group_raw.data: for g in firewall_group_raw.data['port-group']: firewall_group['port-group'][g] = firewall_group_raw.data['port-group'][g] firewall_networkgroup_js = json.dumps(firewall_group['network-group']) firewall_addressgroup_js = json.dumps(firewall_group['address-group']) netservices = network.get_services() netservices_js = json.dumps(netservices) portgroups = vyos.get_firewall_portgroup(hostname_default) ruledata = vycommon.get_firewall_rulenumber(hostname_default, firewall_name, rulenumber) ruledata_json = json.dumps(ruledata.data) vyos2.log("json", ruledata_json) if portgroups != False: portgroups_groups = portgroups['port-group'] else: portgroups_groups = [] changed = False # edit rule without valid rulenumber if ( mode == "editrule" and rulenumber == None): return redirect('firewall:show', firewall_name) # mode add rule if mode == "addrule": rulenumber = request.POST.get('rulenumber') vyos2.log("mode addrule", rulenumber) # mode add rule without valid rulenumber if ( request.POST.get('rulenumber', None) == None or int(request.POST.get('rulenumber')) <= 0): return redirect('firewall:show', firewall_name) else: rulenumber = request.POST.get('rulenumber') vyos2.log("mode editrule", rulenumber) # verifing basic informations, should have rulenumber, status and ruleaction if ( request.POST.get('status', None) != None and request.POST.get('status') in ["enabled", "disabled"] and request.POST.get('ruleaction', None) != None and request.POST.get('ruleaction') in ["accept", "drop", "reject"] ): vyos2.log("pass basic validations") v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "action", request.POST.get('ruleaction')], description = "set rule action", ) # rule created, continue to configure firewall rule according his criterias if v.success: changed = True # if status disabled, save it if request.POST.get('status') == "disabled": v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "disable"], description = "set rule disable", ) if v.success: changed = True elif request.POST.get('status') == "enabled" and mode == "editrule": v = vyos2.api ( hostname= hostname_default, api = "post", op = "delete", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "disable"], description = "delete rule disable", ) if v.success: changed = True # if status set, save it if request.POST.get('description', None) != None: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "description", request.POST.get('description')], description = "set rule description", ) if v.success: changed = True # if criteria_protocol set, save it if request.POST.get('criteria_protocol', None) == "1": # other protocol - todo validate data if request.POST.get('protocol_criteria', None) == "other": if request.POST.get('protocol_custom', None) != None: protocol_criteria = request.POST.get('protocol_custom') # common protocols elif request.POST.get('protocol_criteria', None) in ['all', 'tcp', 'udp', 'tcp_udp', 'icmp']: protocol_criteria = request.POST.get('protocol_criteria') # other cases did not checked anything else: protocol_criteria = None # negate protocol if request.POST.get('protocol_negate', None) == "1": protocol_negate = "!" else: protocol_negate = "" # run vyos command if protocol_criteria != None: protocol_criteria_txt = protocol_negate + protocol_criteria v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "protocol", protocol_criteria_txt], description = "set rule protocol", ) if v.success: changed = True # if criteria+port set, save it if request.POST.get('criteria_port', None) == "1": destinationport_json = request.POST.get('destinationport_json', None) sourceport_json = request.POST.get('sourceport_json', None) if destinationport_json != None: try: destinationport = json.loads(destinationport_json) except ValueError: destinationport = {} vyos2.log("destinationport_json", destinationport) destinationport_text = ','.join(destinationport) v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "port", destinationport_text], description = "set destination port", ) if v.success: changed = True if sourceport_json != None: try: sourceport = json.loads(sourceport_json) except ValueError: sourceport = {} vyos2.log("sourceport_json", sourceport) sourceport_text = ','.join(sourceport) v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "port", sourceport_text], description = "set sourceport port", ) if v.success: changed = True # if criteria_address set, save it if request.POST.get('criteria_address', None) == "1": # negate sdaddress_source if request.POST.get('sdaddress_source_negate', None) == "1": sdaddress_source_negate = "!" else: sdaddress_source_negate = "" # negate sdaddress_destination_negate if request.POST.get('sdaddress_destination_negate', None) == "1": sdaddress_destination_negate = "!" else: sdaddress_destination_negate = "" if request.POST.get('sdaddress_source', None) != None: sdaddress_source = request.POST.get('sdaddress_source') sdaddress_source_txt = sdaddress_source_negate + sdaddress_source v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "address", sdaddress_source_txt], description = "set sdaddress_source", ) if v.success: changed = True if request.POST.get('sdaddress_destination', None) != None: sdaddress_destination = request.POST.get('sdaddress_destination') sdaddress_destination_txt = sdaddress_destination_negate + sdaddress_destination v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "address", sdaddress_destination_txt], description = "set sdaddress_destination_txt", ) if v.success: changed = True # if criteria_addressgroup set, save it if request.POST.get('criteria_addressgroup', None) == "1": if request.POST.get('sdaddressgroup_source', None) != None: sdaddressgroup_source = request.POST.get('sdaddressgroup_source') v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "address-group", sdaddressgroup_source], description = "set sdaddressgroup_source", ) vyos2.log("set sdaddressgroup_source", v.data) if v.success: changed = True if request.POST.get('sdaddressgroup_destination', None) != None: sdaddressgroup_destination = request.POST.get('sdaddressgroup_destination') v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "address-group", sdaddressgroup_destination], description = "set sdaddressgroup_destination", ) vyos2.log("set sdaddressgroup_destination", v.data) if v.success: changed = True # if criteria_networkgroup set, save it if request.POST.get('criteria_networkgroup', None) == "1": if request.POST.get('sdnetworkgroup_source', None) != None: sdnetworkgroup_source = request.POST.get('sdnetworkgroup_source') v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "network-group", sdnetworkgroup_source], description = "set sdnetworkgroup_source", ) if v.success: changed = True else: vyos2.log("sdnetworkgroup_source", v.error) if request.POST.get('sdnetworkgroup_destination', None) != None: sdnetworkgroup_destination = request.POST.get('sdnetworkgroup_destination') v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", sdnetworkgroup_destination], description = "set sdnetworkgroup_destination", ) if v.success: changed = True else: vyos2.log("sdnetworkgroup_source", v.error) # if criteria_sourcemac set, save it if request.POST.get('criteria_sourcemac', None) == "1": # negate sdaddress_source if request.POST.get('smac_source_negate', None) == "1": sourcemac_negate = "!" else: sourcemac_negate = "" if request.POST.get('smac_source', None) != None: sourcemac = request.POST.get('smac_source') sourcemac = sourcemac.replace("-",":") sourcemac = sourcemac.lower() sourcemac_txt = sourcemac_negate + sourcemac v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "mac-address", sourcemac_txt], description = "set source mac", ) if v.success: changed = True # if criteria_packetstate set, save it if request.POST.get('criteria_packetstate', None) == "1": packetstates = [] if request.POST.get('packetstate_established', None) == "1": packetstates.append('established') if request.POST.get('packetstate_invalid', None) == "1": packetstates.append('invalid') if request.POST.get('packetstate_new', None) == "1": packetstates.append('new') if request.POST.get('packetstate_related', None) == "1": packetstates.append('related') if len(packetstates) > 0: for packetstate in packetstates: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "state", packetstate, "enable"], description = "set criteria_packetstate", ) if v.success: changed = True # if criteria_tcpflags set, save it if request.POST.get('criteria_tcpflags', None) == "1": tcpflags = [] if request.POST.get('tcpflags_syn', None) == "1": tcpflags.append('SYN') if request.POST.get('tcpflags_isyn', None) == "1": tcpflags.append('!SYN') if request.POST.get('tcpflags_ack', None) == "1": tcpflags.append('ACK') if request.POST.get('tcpflags_iack', None) == "1": tcpflags.append('!ACK') if request.POST.get('tcpflags_fin', None) == "1": tcpflags.append('FIN') if request.POST.get('tcpflags_ifin', None) == "1": tcpflags.append('!FIN') if request.POST.get('tcpflags_rst', None) == "1": tcpflags.append('RST') if request.POST.get('tcpflags_irst', None) == "1": tcpflags.append('!RST') if request.POST.get('tcpflags_urg', None) == "1": tcpflags.append('URG') if request.POST.get('tcpflags_iurg', None) == "1": tcpflags.append('!URG') if request.POST.get('tcpflags_psh', None) == "1": tcpflags.append('PSH') if request.POST.get('tcpflags_ipsh', None) == "1": tcpflags.append('!PSH') if request.POST.get('tcpflags_all', None) == "1": tcpflags.append('ALL') if request.POST.get('tcpflags_iall', None) == "1": tcpflags.append('!ALL') vyos2.log("tcp flags", tcpflags) if len(tcpflags) > 0: tcpflags_txt = ",".join(tcpflags) v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "tcp", "flags", tcpflags_txt], description = "set criteria_tcpflags", ) if v.success: changed = True # if criteria_portgroup set, save it if request.POST.get('criteria_portgroup', None) == "1": if request.POST.get('sdportgroup_source', None) != None: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "port-group", request.POST.get('sdportgroup_source')], description = "set sdportgroup_source", ) if v.success: changed = True if request.POST.get('sdportgroup_destination', None) != None: v = vyos2.api ( hostname= hostname_default, api = "post", op = "set", cmd = ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "port-group", request.POST.get('sdportgroup_destination')], description = "set sdportgroup_destination", ) if v.success: changed = True if changed == True: return redirect('firewall:show', firewall_name) template = loader.get_template(template_name) context = { #'interfaces': interfaces, 'instances': all_instances, 'hostname_default': hostname_default, 'firewall': firewall, 'firewall_name': firewall_name, 'username': request.user, 'is_superuser' : is_superuser, 'services' : netservices['services'], 'services_common' : netservices['common'], 'firewall_networkgroup': firewall_group['network-group'], 'firewall_addressgroup': firewall_group['address-group'], 'firewall_networkgroup_js': firewall_networkgroup_js, 'firewall_addressgroup_js': firewall_addressgroup_js, 'netservices_js' : netservices_js, 'portgroups_groups': portgroups_groups, 'mode' : mode } if mode == "editrule": context['ruledata'] = ruledata.data context['ruledata_json'] = ruledata_json context['rulenumber'] = rulenumber return HttpResponse(template.render(context, request))