partial add msg feature to firewall addrule/editrule to increase user msg output #96

added better edit/update/insert and msgs to source and destination

vycontrol/firewall/templates/firewall/editrule.html

@@ -281,23 +281,23 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdaddress_source">source address</label><br>
-                    <input type="text" name="sdaddress_source" id="sdaddress_source" value="" size="30">
+                    <label for="saddress">source address</label><br>
+                    <input type="text" name="saddress" id="saddress" value="{{ ruledata.source.address|default:"" }}" size="30">
                 </p>
 
                 <p>
-                    <input type="checkbox" name="sdaddress_source_negate" id="sdaddress_source_negate" value="1"> <label for="sdaddress_source_negate">negate source address</label>
+                    <input type="checkbox" name="saddress_negate" id="saddress_negate" value="1"> <label for="saddress_negate">negate source address</label>
                 </p>         
             </div>
 
             <div class="col">
                 <p>
-                    <label for="sdaddress_destination">destination address</label><br>
-                    <input type="text" name="sdaddress_destination" id="sdaddress_destination" value="" size="30">
+                    <label for="daddress">destination address</label><br>
+                    <input type="text" name="daddress" id="daddress" value="{{ ruledata.destination.address|default:"" }}" size="30">
                 </p>
 
                 <p>
-                    <input type="checkbox" name="sdaddress_destination_negate" id="sdaddress_destination_negate" value="1"> <label for="sdaddress_destination_negate">negate destination address</label>
+                    <input type="checkbox" name="daddress_negate" id="daddress_negate" value="1"> <label for="daddress_negate">negate destination address</label>
                 </p>         
              </div>
         </div>
@@ -845,31 +845,33 @@
             ) {
             $("#criteria_address").prop("checked", true);
             $("#criteria_address_block").show(); 
+            $("#criteria_address").hide();        
 
 
-            var sdaddress_source = ruledata_js['source']['address'];
-            if (sdaddress_source.startsWith("!")) {
-                var sdaddress_source_inverse = 1;
-                sdaddress_source = sdaddress_source.replace("!", "");
+
+            var saddress = ruledata_js['source']['address'];
+            if (saddress.startsWith("!")) {
+                var saddress_inverse = 1;
+                saddress = saddress.replace("!", "");
             }
 
-            var sdaddress_destination = ruledata_js['destination']['address'];
-            if (sdaddress_destination.startsWith("!")) {
-                var sdaddress_destination_inverse = 1;
-                sdaddress_destination = sdaddress_destination.replace("!", "");
+            var daddress = ruledata_js['destination']['address'];
+            if (daddress.startsWith("!")) {
+                var daddress_inverse = 1;
+                daddress = daddress.replace("!", "");
             }            
 
-            if (sdaddress_source) {
-                $("#sdaddress_source").val(sdaddress_source)
+            if (saddress) {
+                $("#saddress").val(saddress)
             }
-            if (sdaddress_destination) {
-                $("#sdaddress_destination").val(sdaddress_destination)
+            if (daddress) {
+                $("#daddress").val(daddress)
             }            
-            if (sdaddress_source_inverse ==1 ) {
-                $("#sdaddress_source_negate").prop("checked", true);
+            if (saddress_inverse ==1 ) {
+                $("#saddress_negate").prop("checked", true);
             }
-            if (sdaddress_destination_inverse ==1 ) {
-                $("#sdaddress_destination_negate").prop("checked", true);
+            if (daddress_inverse ==1 ) {
+                $("#daddress_negate").prop("checked", true);
             }            
         }
 

vycontrol/firewall/views.py

@@ -464,8 +464,8 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
     else:
         msg.add_info("Criteria Ports Source: no changes")
     
-
-    # if criteria_tcpflags set, save it
+    ###############################################################################################################################################################
+    # update criteria_tcpflags
     if request.POST.get('criteria_tcpflags', None) == "1":
         tcpflags_form = []
         
@@ -506,8 +506,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         
 
         # will need to empty tcpflags
-
-
         if 'tcp' in ruledata and 'flags' in ruledata['tcp']: 
             tcpflags_rule = ruledata['tcp']['flags'].split(',')
         else:
@@ -518,7 +516,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             if v.success:
                 changed = True
                 msg.add_success("Criteria TCP Ports: empty tcp flags success")
-                changed = True 
 
                 if 'tcp' in ruledata:
                     if 'flags' in ruledata['tcp']:
@@ -531,10 +528,7 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             if v.success:
                 changed = True
                 msg.add_success("Criteria TCP Ports: updated success")
-                changed = True 
 
-                #if 'source' in ruledata and 'port' in ruledata['source']:
-                #    del ruledata['source']['port']
                 if 'tcp' not in ruledata:
                     ruledata['tcp'] = {}
                 ruledata['tcp']['flags'] = ",".join(tcpflags_form)
@@ -543,6 +537,73 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
 
 
 
+    ###############################################################################################################################################################
+    # update criteria_address
+    if request.POST.get('criteria_address', None) == "1":
+        if request.POST.get('saddress', None) != None:              
+            saddress = request.POST.get('saddress')
+            if len(saddress.strip()) == 0:             
+                v = vapi.set_firewall_rule_source_address_delete(hostname_default, firewall_name, rulenumber)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Source Address: clean success") 
+                    if 'source' in ruledata:
+                        if 'address' in ruledata['source']:
+                            del ruledata['source']['address']
+                else:
+                    msg.add_error("Criteria Source Address: clean failed - " + v.reason)   
+            else:    
+                # negate saddress
+                if request.POST.get('saddress_negate', None) == "1":
+                    saddress_negate = "!"
+                else:
+                    saddress_negate = ""
+                                            
+                saddress_txt = saddress_negate + saddress
+                
+                v = vapi.set_firewall_rule_source_address(hostname_default, firewall_name, rulenumber, saddress_txt)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Source Address: updated success") 
+
+                    if 'source' not in ruledata:
+                        ruledata['source'] = {}
+                    ruledata['source']['address'] = saddress_txt
+                else:
+                    msg.add_error("Criteria Source Address: updated failed - " + v.reason)
+
+
+        if request.POST.get('daddress', None) != None:              
+            daddress = request.POST.get('daddress')       
+            if len(daddress.strip()) == 0:             
+                v = vapi.set_firewall_rule_destination_address_delete(hostname_default, firewall_name, rulenumber)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Destination Address: clean success") 
+                    if 'destination' in ruledata:
+                        if 'address' in ruledata['destination']:
+                            del ruledata['destination']['address']
+                else:
+                    msg.add_error("Criteria Destination Address: clean failed - " + v.reason)    
+            else:
+                # negate daddress_negate
+                if request.POST.get('daddress_negate', None) == "1":
+                    daddress_negate = "!"
+                else:
+                    daddress_negate = ""                    
+
+                daddress_txt = daddress_negate + daddress
+
+                v = vapi.set_firewall_rule_destination_address(hostname_default, firewall_name, rulenumber, daddress_txt)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Destination Address: updated success") 
+
+                    if 'destination' not in ruledata:
+                        ruledata['destination'] = {}
+                    ruledata['destination']['address'] = daddress         
+                else:
+                    msg.add_error("Criteria Destination Address: updated failed - " + v.reason)                           
 
 
 
@@ -559,50 +620,7 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
                 
                     
 
-                # if criteria_address set, save it
-                if request.POST.get('criteria_address', None) == "1":
-                    # negate sdaddress_source
-                    if request.POST.get('sdaddress_source_negate', None) == "1":
-                        sdaddress_source_negate = "!"
-                    else:
-                        sdaddress_source_negate = ""
-
-                    # negate sdaddress_destination_negate
-                    if request.POST.get('sdaddress_destination_negate', None) == "1":
-                        sdaddress_destination_negate = "!"
-                    else:
-                        sdaddress_destination_negate = ""                    
-
-
-                    if request.POST.get('sdaddress_source', None) != None:              
-                        sdaddress_source = request.POST.get('sdaddress_source')
-                        sdaddress_source_txt = sdaddress_source_negate + sdaddress_source
-                        
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "address", sdaddress_source_txt],
-                            description = "set sdaddress_source",
-                        )
-                        if v.success:
-                            changed = True 
-
-
-                    if request.POST.get('sdaddress_destination', None) != None:              
-                        sdaddress_destination = request.POST.get('sdaddress_destination')                    
-                        sdaddress_destination_txt = sdaddress_destination_negate + sdaddress_destination
-
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "address", sdaddress_destination_txt],
-                            description = "set sdaddress_destination_txt",
-                        )
-                        if v.success:
-                            changed = True 
-
+               
                 # if criteria_addressgroup set, save it
                 if request.POST.get('criteria_addressgroup', None) == "1":
                     if request.POST.get('sdaddressgroup_source', None) != None:              

vycontrol/vycontrol_vyos_api.py

@@ -159,3 +159,45 @@ def set_firewall_rule_tcpflags_delete(hostname, firewall_name, rulenumber):
         description = "delete tcpflags",
     )
     return v    
+
+
+def set_firewall_rule_source_address(hostname, firewall_name, rulenumber, address):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "address", address],
+        description = "set saddress",
+    )
+    return v
+
+def set_firewall_rule_destination_address(hostname, firewall_name, rulenumber, address):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "address", address],
+        description = "set daddress",
+    )
+    return v
+
+def set_firewall_rule_source_address_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "address"],
+        description = "set saddress",
+    )
+    return v
+
+def set_firewall_rule_destination_address_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "address"],
+        description = "set daddress",
+    )
+    return v    
+