Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
hongtu_zang
/
vycontrol
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

done allow add more than one address per address-group #75

Roberto Berto 5 жил өмнө
parent
f871de91c5
commit
33130343bc
5 өөрчлөгдсөн 287 нэмэгдсэн , 106 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 65 38
      vycontrol/firewall/templates/firewall/addressgroup-add.html
  2. 94 10
      vycontrol/firewall/templates/firewall/addressgroup-desc.html
  3. 6 2
      vycontrol/firewall/templates/firewall/addressgroup-list.html
  4. 0 23
      vycontrol/firewall/templates/firewall/editrule.html
  5. 122 33
      vycontrol/firewall/views.py

+ 65 - 38
vycontrol/firewall/templates/firewall/addressgroup-add.html
Файл харах 

@@ -14,74 +14,101 @@
 
     <a href="{% url 'firewall:firewall-list' %}">Firewall List</a> | 
     <a href="{% url 'firewall:firewall-create' %}">Create new firewall</a> | 
     <a href="{% url 'firewall:firewall-addressgroup-list' %}">Address Group</a> |
 
-    <a href="{% url 'firewall:firewall-networkgroup-list' %}">Network Group</a> | 
+    <a href="{% url 'firewall:firewall-addressgroup-list' %}">Network Group</a> | 
     <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a>
 
 </p>
 
 <p class="submenu2"></p>
 
 
 
-<form action="{% url 'firewall:firewall-addressgroup-add' %}" method="post">
 
+<form action="{% url 'firewall:firewall-addressgroup-add' %}" method="post" id="formng">
 
     {% csrf_token %}
 
 
 
     <p>
 
-        <label for="name">group name:</label><br>
 
-        <input type="input" name="name" id="name" value="" size="30" />
 
+    <label for="name">group name:</label><br>
 
+    <input type="input" name="name" id="name" value="" size="30" />
 
     </p>
 
 
-
 
     <p>
 
         <label for="name">description:</label><br>
 
         <input type="input" name="description" id="description" value="" size="100" />
 
     </p>
 
-
 
+    
     <p>
 
-    address type: <br>
 
-    <input type="radio" name="addresstype" value="single" id="addresstype_single" class="addresstype" /> <label for="addresstype">single address</label>
 
-    <input type="radio" name="addresstype" value="range" id="addresstype_range" class="addresstype"/> <label for="addresstype">range address</label>
 
+        <label for="network">addresses (IP or interval):</label><br>
 
+        <input type="input" name="network" id="network" value=""/> (eg 192.168.0.1 or 192.168.0.1-192.168.0.10) 
+        <input type="button" value="add" id="addressgroup_add">
 
     </p>
 
-    
 
+    <p>
 
+        <label for="addressgroup">addresses (click to remove)</label><br>
 
+        <select name="addressgroup" id="addressgroup" size="10" style="width: 200px;">
 
+        </select>
 
 
-    <div id="addresstype_single_block" style="display: none">
 
-        <table width="100%">
 
-            <tr>
 
-                <th width="25%">ip address:</td><td><input type="input" name="address" value=""/> </th>
 
-            </tr>
 
-        </table>
 
-    </div>
 
 
-    <div id="addresstype_range_block" style="display: none">
 
-        <table width="100%">
 
-            <tr>
 
-                <th width="25%">ip block address start:</td><td><input type="input" name="address-start" value=""/> (eg 10.10.10.1)</th>
 
-            </tr>
 
-            <tr>
 
-                <th width="25%">ip block address end:</td><td><input type="input" name="address-end" value=""/>  (eg 10.10.10.20)</th>
 
-            </tr>
 
-        </table>
 
-    </div>
 
+        <input type="hidden" name="addressgroup_json" id="addressgroup_json" value="" >
 
+    </p>
 
 
 
     <input type="submit" value="Add Group">
 
 </form>
 
 
+
 
 <script>
 
-$(document).ready(function () {                            
-    $(".addresstype").change(function () {
 
-        if ($("#addresstype_single").is(":checked")) {
 
-            $('#addresstype_single_block').show();
 
-            $('#addresstype_range_block').hide();
 
+$(document).ready(function () {
 
+    $("#addressgroup_add").click(function () {
 
+        network = $("#network").val();
 
+
 
+        if (network !=  "") {
 
+            if ($("#addressgroup option[value='" + network + "']").length == 0) {
 
+                $('#addressgroup').append($('<option>', {
 
+                    value: network,
 
+                    text: network
 
+                }));
 
+            }
 
         }
 
-        else if ($("#addresstype_range").is(":checked")) {
 
-            $('#addresstype_single_block').hide();
 
-            $('#addresstype_range_block').show();
 
+    });
 
+
 
+
 
+    $('#addressgroup').click(function() {
 
+            $(this).find('option:selected').remove();
 
+    });
 
+
 
+    // form basic validations
 
+    $("#formng").submit(function(e){
 
+        size = $("#addressgroup option").length
 
+        if (size < 1) {
 
+            alert('Minimum networks is 1');
 
+            e.preventDefault();
 
+            return false;
 
         }
 
-    });        
-});
 
-</script>
 
+        
+        groupname = $("#name").val()
 
+        if (groupname.length > 31) {
 
+            alert('Maximum group name 31 characters or less');
 
+            e.preventDefault();
 
+            return false;
 
+        }
 
+
 
+
 
+
 
+        var groupa = []
 
+        $("#addressgroup option").each(function() {
 
+            groupa.push($(this).val());
 
+        });
 
+
 
+        var groupa_json = JSON.stringify(groupa);
 
+        $("#addressgroup_json").val(groupa_json);
 
 
+        console.log(groupa_json)
 
+    });
 
 
+})
 
+
 
+
 
+
 
+
 
+</script>

+ 94 - 10
vycontrol/firewall/templates/firewall/addressgroup-desc.html
Файл харах 

@@ -6,34 +6,118 @@
 
 
 {% block debug %}
 
 {{ firewall_all }}
 
-{{ firewall_addressgroup }}
 
+{{ firewall_networkgroup }}
 
 {% endblock %}
 
 
 
 {% block content %}
 
 
+
 
+<script type="text/javascript">
 
+    var networkgroup_data = JSON.parse('{{networks_json|safe}}');
 
+    console.log(networkgroup_data);
 
+</script>
 
+
 
 <p class="submenu1">
 
     <a href="{% url 'firewall:firewall-list' %}">Firewall List</a> | 
     <a href="{% url 'firewall:firewall-create' %}">Create new firewall</a> | 
-    <a href="{% url 'firewall:firewall-addressgroup-list' %}">Address Group</a> | 
+    <a href="{% url 'firewall:firewall-addressgroup-list' %}">Address Group</a>     | 
     <a href="{% url 'firewall:firewall-networkgroup-list' %}">Network Group</a>  | 
     <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a>
 
 </p>
 
 <p class="submenu2">
 
-    <a href="{% url 'firewall:firewall-networkgroup-add' %}">Add network Group</a>
 
+    <a href="{% url 'firewall:firewall-addressgroup-add' %}">Add network Group</a>
 
 </p>
 
 
-<form action="{% url 'firewall:firewall-addressgroup-desc' groupname %}" method="post">
 
+
 
+
 
+
 
+
 
+<form action="{% url 'firewall:firewall-addressgroup-desc' groupname %}" method="post" id="formng">
 
     {% csrf_token %}
 
-    
+
 
     <p>
 
-        <label for="alias">description</label><br>
 
-        <input type="text" name="description" id="description" value="{{ firewall_addressgroup.description }}" size="60">
 
-    </p>    
-    
+        <label for="name">description:</label><br>
 
+        <input type="input" name="description" id="description" value="{{ groupinfo.description }}" size="100" />
 
+    </p>
 
     
+    <p>
 
+        <label for="network">network (CIDR notation):</label><br>
 
+        <input type="input" name="network" id="network" value=""/> (eg 10.10.10.0/24) 
+        <input type="button" value="add" id="networkgroup_add">
 
+    </p>
 
+
 
+    <p>
 
+        <label for="networkgroup">networks (click to remove)</label><br>
 
+        <select name="networkgroup" id="networkgroup" size="10" style="width: 200px;">
 
+        </select>
 
+
 
+
 
+        <input type="hidden" name="networkgroup_json" id="networkgroup_json" value="" >
 
+    </p>
 
+
 
+
 
     <input type="submit" value="Edit Group">
 
-    </form>
 
+</form>
 
+
 
+
 
+<script>
 
+$(document).ready(function () {
 
+
 
+    for (network in networkgroup_data) {
 
+        $('#networkgroup').append($('<option>', {
 
+            value: networkgroup_data[network],
 
+            text: networkgroup_data[network]
 
+        }));
 
+    }
 
+
 
+    $("#networkgroup_add").click(function () {
 
+        network = $("#network").val();
 
+
 
+        if (network !=  "") {
 
+            if ($("#networkgroup option[value='" + network + "']").length == 0) {
 
+                $('#networkgroup').append($('<option>', {
 
+                    value: network,
 
+                    text: network
 
+                }));
 
+            }
 
+        }
 
+    });
 
+
 
+
 
+    $('#networkgroup').click(function() {
 
+            $(this).find('option:selected').remove();
 
+    });
 
+
 
+    // form basic validations
 
+    $("#formng").submit(function(e){
 
+        size = $("#networkgroup option").length
 
+        if (size < 1) {
 
+            alert('Minimum networks is 1');
 
+            e.preventDefault();
 
+            return false;
 
+        }
 
+        
+        var groupa = []
 
+        $("#networkgroup option").each(function() {
 
+            groupa.push($(this).val());
 
+        });
 
+
 
+        var groupa_json = JSON.stringify(groupa);
 
+        $("#networkgroup_json").val(groupa_json);
 
+
 
+        console.log(groupa_json)
 
+        //e.preventDefault();
 
+        //return false;
 
+
 
+    });
 
+
 
+})
 
+
 
+
 
+
 
+
 
+</script>

+ 6 - 2
vycontrol/firewall/templates/firewall/addressgroup-list.html
Файл харах 

@@ -23,13 +23,17 @@
 
 
 {% if firewall_addressgroup %}
 
     <table border="1" width="100%">
 
-        <tr><th width="25%">name</th><th width="20%">address</th><th width="30%">description</th><th width="25%">actions</th></tr>
 
+        <tr>
 
+            <th width="25%">name</th>
 
+            <th width="30%">description</th>
 
+            <th width="25%">actions</th>
 
+        </tr>
 
 
     {% for key, value in firewall_addressgroup.items %}       
         {% for ifkey, ifvalue in value.items %}
 
             <tr>
 
                 <td><a href="{% url 'firewall:firewall-addressgroup-desc' ifkey %}">{{ ifkey }}</a></td>
 
-                <td>{{ ifvalue.address }}</td>
 
+                {% comment %}<td>{{ ifvalue.address }}</td>{% endcomment %}
 
                 <td>{{ ifvalue.description }}</td>
 
                 <td>
 
                     <a href="{% url 'firewall:firewall-addressgroup-desc' ifkey %}">Edit</a> |

+ 0 - 23
vycontrol/firewall/templates/firewall/editrule.html
Файл харах 

@@ -28,29 +28,6 @@
 
 
 
 
-{% if firewall %}
 
-    <table border="1" width="100%">
 
-    <tr><th>rule #</th><th>description</th><th>protocol</th><th>destination port</th><th>source port</th><th>action</th></tr>
 
-
 
-    {% for key, value in firewall.items %}
 
-        
-        {% for ifkey, ifvalue in value.items %}
 
-            <tr>
 
-            <td><a href="{% url 'firewall:editrule' firewall_name ifkey %}">{{ ifkey }}</a></td>
 
-            <td>{{ ifvalue.description }}</td>
 
-            <td>{{ ifvalue.protocol }}</td>
 
-            <td>{{ ifvalue.destination.port }}</td>
 
-            <td>{{ ifvalue.source.port }}</td>
 
-            <td>{{ ifvalue.action }}</td>                        
-            </tr>
 
-        {% endfor %}
 
-        
-    {% endfor %}
 
-
 
-    </table>
 
-{% else %}
 
-    <p>No firewalls.</p>
 
-{% endif %}

+ 122 - 33
vycontrol/firewall/views.py
Файл харах 

@@ -643,14 +643,7 @@ def firewall_networkgroup_add(request):
 
                     description = "set network-group description",
 
                 )
 
 
-
 
-
 
-        vyos.set_firewall_networkgroup_add(hostname_default, request.POST.get('name'), request.POST.get('network'))
 
-
 
-        if request.POST.get('description', None) != None:
 
-            vyos.set_firewall_networkgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
 
-
 
-        return redirect('firewall:firewall-networkgroup-list')
 
+                return redirect('firewall:firewall-networkgroup-list')
 
 
 
 
@@ -689,26 +682,48 @@ def firewall_addressgroup_list(request):
 
 
 @is_authenticated
 
 def firewall_addressgroup_add(request):
 
-        
     hostname_default = vyos.get_hostname_prefered(request)
 
     all_instances = vyos.instance_getall_by_group(request)
 
     is_superuser = perms.get_is_superuser(request.user)
 
 
-    if request.POST.get('addresstype', None) == "single" and request.POST.get('name', None) != None and request.POST.get('address', None) != None:
 
-        vyos.set_firewall_addressgroup_add(hostname_default, request.POST.get('name'), request.POST.get('address'))
 
+    if (    request.POST.get('name', None) != None 
+        and request.POST.get('addressgroup_json', None) != None):
 
 
-        if request.POST.get('description', None) != None:
 
-            vyos.set_firewall_addressgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
 
+        group =         request.POST.get('name', None)
 
+        description =   request.POST.get('description', None)
 
+        try:
 
+            networks = json.loads(request.POST.get('addressgroup_json'))
 
+        except ValueError:
 
+            networks = {}
 
 
-        return redirect('firewall:firewall-addressgroup-list')
 
-    elif request.POST.get('addresstype', None) == "range" and request.POST.get('name', None) != None and request.POST.get('address-start', None) != None and request.POST.get('address-end', None) != None:
 
-        vyos.set_firewall_addressgroup_rangeadd(hostname_default, request.POST.get('name'), request.POST.get('address-start'), request.POST.get('address-end'))
 
 
-        if request.POST.get('description', None) != None:
 
-            vyos.set_firewall_addressgroup_description(hostname_default, request.POST.get('name'), request.POST.get('description'))
 
+        changed = False
 
+
 
+        vyos2.log('networks', networks)
 
 
-        return redirect('firewall:firewall-addressgroup-list')
 
+        for network in networks:
 
+            v = vyos2.api (
 
+                hostname =  hostname_default,
 
+                api =       "post",
 
+                op =        "set",
 
+                cmd =       ["firewall", "group", "address-group", group, "address", network],
 
+                description = "add address-group network",
 
+            )
 
+            if v.success and changed == False:
 
+                changed = True
 
+            
+        # set network description if it was created
 
+        if changed == True:
 
+            if description != None:
 
+                v = vyos2.api (
 
+                    hostname=   hostname_default,
 
+                    api =       "post",
 
+                    op =        "set",
 
+                    cmd =       ["firewall", "group", "address-group", group, "description", description],
 
+                    description = "set address-group description",
 
+                )
 
 
+            return redirect('firewall:firewall-addressgroup-list')
 
 
 
     template = loader.get_template('firewall/addressgroup-add.html')
 
@@ -720,6 +735,7 @@ def firewall_addressgroup_add(request):
 
     }   
     return HttpResponse(template.render(context, request))
 
 
+
 
 @is_authenticated
 
 def firewall_addressgroup_del(request, groupname):
 
     hostname_default = vyos.get_hostname_prefered(request)
 
@@ -729,25 +745,98 @@ def firewall_addressgroup_del(request, groupname):
 
 @is_authenticated
 
 def firewall_addressgroup_desc(request, groupname):
 
     hostname_default = vyos.get_hostname_prefered(request)
 
-    firewall_addressgroup = vyos.get_firewall_addressgroup_one(hostname_default, groupname)
 
     all_instances = vyos.instance_getall_by_group(request)
 
     is_superuser = perms.get_is_superuser(request.user)
 
 
-    if request.POST.get('description', None) != None:
 
-        vyos.set_firewall_addressgroup_description(hostname_default, groupname, request.POST.get('description'))
 
-        return redirect('firewall:firewall-addressgroup-list')
 
+    v = vyos2.api (
 
+        hostname=   hostname_default,
 
+        api =       "get",
 
+        op =        "showConfig",
 
+        cmd =       ["firewall", "group", "address-group", groupname],
 
+        description = "show address-group config",
 
+    )
 
+    groupinfo = v.data
 
+    if 'address' not in groupinfo:
 
+        networks_original = []
 
+    else:
 
+        networks_original = groupinfo['address']
 
 
+        if type(networks_original) is str:
 
+            vyos2.log("tipo", type(networks_original))
 
+            networks_original = [groupinfo['address']]
 
+        else:
 
+            networks_original = groupinfo['address']
 
+
 
+    vyos2.log("networks_original", networks_original)
 
+
 
+    networks_json = json.dumps(networks_original)
 
+
 
+
 
+    changed = False
 
+
 
+    if v.success:
 
+        if request.POST.get('description', None) != None:
 
+            v = vyos2.api (
 
+                hostname=   hostname_default,
 
+                api =       "post",
 
+                op =        "set",
 
+                cmd =       ["firewall", "group", "address-group", groupname, "description", request.POST.get('description')],
 
+                description = "set network-group description",
 
+            )
 
+            changed = True
 
+
 
+
 
+        if request.POST.get('networkgroup_json', None) != None:
 
+            try:
 
+                networks_new = json.loads(request.POST.get('networkgroup_json'))
 
+            except ValueError:
 
+                networks_new = {}
 
+
 
+            vyos2.log('networks new', networks_new)
 
+
 
+            for network in networks_new:
 
+                v = vyos2.api (
 
+                    hostname=   hostname_default,
 
+                    api =       "post",
 
+                    op =        "set",
 
+                    cmd =       ["firewall", "group", "address-group", groupname, "address", network],
 
+                    description = "edit address-group network",
 
+                )
 
+                if v.success and changed == False:
 
+                    changed = True
 
+            
+            vyos2.log('networks original', networks_original)
 
+
 
+            for network in networks_original:
 
+                if network not in networks_new:
 
+                    v = vyos2.api (
 
+                        hostname=   hostname_default,
 
+                        api =       "post",
 
+                        op =        "delete",
 
+                        cmd =       ["firewall", "group", "address-group", groupname, "address", network],
 
+                        description = "delete address-group network",
 
+                    )
 
+                    if v.success and changed == False:
 
+                        changed = True
 
+
 
+        if changed == True:
 
+            return redirect('firewall:firewall-addressgroup-list')
 
+
 
+
 
+        template = loader.get_template('firewall/addressgroup-desc.html')
 
+        context = { 
+            'groupinfo': groupinfo,
 
+            'hostname_default': hostname_default,
 
+            'username': request.user,        
+            'instances': all_instances,
 
+            'is_superuser' : is_superuser,
 
+            'groupname': groupname,
 
+            'networks_json' : networks_json,
 
+        }   
+        return HttpResponse(template.render(context, request))
 
+    else:
 
+        return redirect('firewall:firewall-addressgroup-list')    
 
-    template = loader.get_template('firewall/addressgroup-desc.html')
 
-    context = { 
-        'firewall_addressgroup': firewall_addressgroup,
 
-        'hostname_default': hostname_default,
 
-        'username': request.user,        
-        'instances': all_instances,
 
-        'is_superuser' : is_superuser,
 
-        'groupname': groupname,
 
-    }   
-    return HttpResponse(template.render(context, request))
 
 
 @is_authenticated
 
 def firewall_networkgroup_desc(request, groupname):