finished criteria_addressgroup rewrite

add msg feature to firewall addrule/editrule to increase user msg output #96

vycontrol/firewall/templates/firewall/editrule.html

@@ -24,6 +24,7 @@
 
 {{ ruledata_pretty }}
 
+
 {% endblock %}
 
 {% block content %}
@@ -329,24 +330,31 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdaddressgroup_source">single choice - you cannot set a group and an adresss together</label><br>
-                    <select name="sdaddressgroup_source" id="sdaddressgroup_source" size="10"  style="width: 200px;">
+                    <label for="saddressgroup">single choice - you cannot set a group and an adresss together</label><br>
+                    <select name="saddressgroup" id="saddressgroup" size="10"  style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}      
                     </select>
+
+                    <br>
+                    <input type="button" id="saddressgroup_clear" value="limpar">
                 </p>
 
             </div>
 
             <div class="col">
                 <p>
-                    <label for="sdaddressgroup_destination">single choice - you cannot set a group and an adresss together</label><br>
-                    <select name="sdaddressgroup_destination" id="sdaddressgroup_destination" size="10" style="width: 200px;">
+                    <label for="daddressgroup">single choice - you cannot set a group and an adresss together</label><br>
+                    <select name="daddressgroup" id="daddressgroup" size="10" style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}        
                     </select>
+
+                    <br>
+                    <input type="button" id="daddressgroup_clear" value="limpar">
+
                 </p>
 
 
@@ -360,8 +368,8 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdnetworkgroup_source">select at most one source network-group (can't mix destination address group and address)</label><br>
-                    <select name="sdnetworkgroup_source" id="sdnetworkgroup_source" size="10" style="width: 200px;">
+                    <label for="snetworkgroup">select at most one source network-group (can't mix destination address group and address)</label><br>
+                    <select name="snetworkgroup" id="snetworkgroup" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
                         <option>{{ f }}</option>
                         {% endfor %}
@@ -372,8 +380,8 @@
 
             <div class="col">
                 <p>
-                    <label for="sdnetworkgroup_destination">select at most one destination network-group (can't mix destination address group and address)</label><br>
-                    <select name="sdnetworkgroup_destination" id="sdnetworkgroup_destination" size="10" style="width: 200px;">
+                    <label for="dnetworkgroup">select at most one destination network-group (can't mix destination address group and address)</label><br>
+                    <select name="dnetworkgroup" id="dnetworkgroup" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
                         <option>{{ f }}</option>
                         {% endfor %}
@@ -728,6 +736,18 @@
             $(this).find('option:selected').remove();
         });             
 
+        $('#daddressgroup_clear').click(function() {
+            $('#daddressgroup').val([]);
+        });     
+
+        $('#saddressgroup_clear').click(function() {
+            $('#saddressgroup').val([]);
+        });                     
+
+        
+
+
+
         // json gives criteria_packetstate
         criteria_packetstate_lenght = 0
         for (state in ruledata_js['state']) {
@@ -892,10 +912,10 @@
 
                             if (g == "address-group") {
                                 criteria_addressgroup_count++;
-                                $("#sdaddressgroup_destination option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#daddressgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "network-group") {
                                 criteria_networkgroup_count++;
-                                $("#sdaddressgroup_destination option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#dnetworkgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "port-group") {
                                 criteria_portgroup_count++;
                                 $("#sdportgroup_destination option[value='" + group_text + "']").prop("selected", 'selected');
@@ -914,10 +934,10 @@
 
                             if (g == "address-group") {
                                 criteria_addressgroup_count++;
-                                $("#sdnetworkgroup_source option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#saddressgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "network-group") {
                                 criteria_networkgroup_count++;
-                                $("#sdnetworkgroup_destination option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#snetworkgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "port-group") {
                                 criteria_networkgroup_count++;
                                 $("#sdportgroup_source option[value='" + group_text + "']").prop("selected", 'selected');
@@ -929,11 +949,19 @@
             if (criteria_addressgroup_count > 0) {
                 $("#criteria_addressgroup").prop("checked", true);
                 $("#criteria_addressgroup_block").show(); 
+                $("#criteria_addressgroup").hide();
             }
 
+            if (criteria_networkgroup_count > 0) {
+                $("#criteria_networkroup").prop("checked", true);
+                $("#criteria_networkroup_block").show(); 
+                $("#criteria_networkroup").hide();
+            }            
+
             if (criteria_portgroup_count > 0) {
                 $("#criteria_portgroup").prop("checked", true);
                 $("#criteria_portgroup_block").show(); 
+                $("#criteria_portgroup").hide();
             }            
 
             

vycontrol/firewall/views.py

@@ -10,7 +10,7 @@ from django.http import QueryDict
 import vyos
 import vycontrol_vyos_api_lib as vapilib
 import vycontrol_vyos_api as vapi
-import vycontrol_messages as vcmsg
+import vycontrol_messages as vmsg
 
 
 from performance import timer
@@ -120,19 +120,13 @@ def firewall_removerule(request, firewall_name, firewall_rulenumber):
 
 
 def changerule(request, firewall_name, mode, template_name="firewall/addrule.html", rulenumber = None):
-    msg = vcmsg.msg()
+    msg = vmsg.msg()
 
     #interfaces = vyos.get_interfaces()
     all_instances = vyos.instance_getall()
     hostname_default = vyos.get_hostname_prefered(request)
     is_superuser = perms.get_is_superuser(request.user)
 
-    # get all selected firewall data  --- WHY NEED ALL FIREWALL???? 
-    firewall = vyos.get_firewall(hostname_default, firewall_name)
-
-
-
-
     # get all firewall groups
     firewall_group = {}
     firewall_group['network-group'] = {}
@@ -151,27 +145,20 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         if 'port-group' in firewall_group_raw.data:
             for g in firewall_group_raw.data['port-group']:
                 firewall_group['port-group'][g] = firewall_group_raw.data['port-group'][g]
-    firewall_networkgroup_js = json.dumps(firewall_group['network-group'])
-    firewall_addressgroup_js = json.dumps(firewall_group['address-group'])
+
 
 
     netservices = network.get_services()
     netservices_js = json.dumps(netservices)
-    portgroups = vyos.get_firewall_portgroup(hostname_default)
-
-    
 
-    if portgroups != False:
-        portgroups_groups = portgroups['port-group']
-    else:
-        portgroups_groups = []
+    portgroups_groups = []
+    if 'port-group' in firewall_group_raw.data:
+        portgroups_groups = firewall_group_raw.data['port-group']
 
     changed = False
     rulenumber_valid = False
-    ruleaction_valid = False
     ruledata = {}
 
-
     # edit rule without valid rulenumber
     if mode == "editrule":
         if rulenumber == None:
@@ -183,7 +170,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
 
                 # if rule exists control variables are true
                 rulenumber_valid = True
-                ruleaction_valid = True
             else:
                 msg.add_error("There is no rule number inside firewall")
 
@@ -332,137 +318,133 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             if protocol_criteria_delete != True:
                 msg.add_error("Criteria Protocol: invalid protocol")
     
-
     ###############################################################################################################################################################
-    # update criteria_protocol
-    destinationport_json =  request.POST.get('destinationport_json', None)
-    sourceport_json =       request.POST.get('sourceport_json', None)
-    dport_form = []
-    sport_form = []
-
-    if destinationport_json != None:
-        try:
-            dport_form = json.loads(destinationport_json)
-        except ValueError:
-            pass
-    if sourceport_json != None:
-        try:
-            sport_form = json.loads(sourceport_json)
-        except ValueError:
-            pass
-    
+    # update criteria_port (True only to group if block on Visual Studio)
+    if True:
+        destinationport_json =  request.POST.get('destinationport_json', None)
+        sourceport_json =       request.POST.get('sourceport_json', None)
+        dport_form = []
+        sport_form = []
+
+        if destinationport_json != None:
+            try:
+                dport_form = json.loads(destinationport_json)
+            except ValueError:
+                pass
+        if sourceport_json != None:
+            try:
+                sport_form = json.loads(sourceport_json)
+            except ValueError:
+                pass
+        
 
 
-    # remove ports unset
-    dport_delete = []
-    sport_delete = []
+        # remove ports unset
+        dport_delete = []
+        sport_delete = []
 
-    if 'destination' in ruledata and 'port' in ruledata['destination']:
-        dport_ruledata = ruledata['destination']['port'].split(",")
-    else:
-        dport_ruledata = []
+        if 'destination' in ruledata and 'port' in ruledata['destination']:
+            dport_ruledata = ruledata['destination']['port'].split(",")
+        else:
+            dport_ruledata = []
 
-    if 'source' in ruledata and 'port' in ruledata['source']:
-        sport_ruledata = ruledata['source']['port'].split(",")
-    else:
-        sport_ruledata = []
+        if 'source' in ruledata and 'port' in ruledata['source']:
+            sport_ruledata = ruledata['source']['port'].split(",")
+        else:
+            sport_ruledata = []
 
-    dport_changes = 0
-    sport_changes = 0
+        dport_changes = 0
+        sport_changes = 0
 
-    dport_delete_all = False
-    sport_delete_all = False
+        dport_delete_all = False
+        sport_delete_all = False
 
-    #msg.add_debug("Criteria Ports Destination: ports - " + pprint.pformat(dport_ruledata))
-    #msg.add_debug("Criteria Ports Source: ports - " + pprint.pformat(sport_ruledata))
+        #msg.add_debug("Criteria Ports Destination: ports - " + pprint.pformat(dport_ruledata))
+        #msg.add_debug("Criteria Ports Source: ports - " + pprint.pformat(sport_ruledata))
 
-    # find ports to mark as removed
-    if rulenumber_valid == True and request.POST.get('criteria_port', None) == "1":
-        if len(sport_form) == 0:
-            msg.add_debug("Criteria Ports Source: remove all ports")
-            sport_ruledata = []
-            sport_changes = sport_changes + 1
-            sport_delete_all = True
-        else:
-            for port in sport_ruledata:
-                if port not in sport_form:
-                    sport_ruledata.remove(port)   
-                    sport_delete.append(port)   
-                    sport_changes = sport_changes + 1
-            for port in sport_form:
-                if port not in sport_ruledata:
-                    sport_ruledata.append(port)   
-                    sport_changes = sport_changes + 1
-
-    if rulenumber_valid == True and request.POST.get('criteria_port', None) == "1":
-        if len(dport_form) <= 0:
-            msg.add_debug("Criteria Ports Destination: remove all ports")
-            dport_ruledata = []
-            dport_changes = dport_changes + 1 
-            dport_delete_all = True
-        else:
-            for port in dport_ruledata:
-                if port not in dport_form:
-                    dport_ruledata.remove(port)
-                    dport_delete.append(port)   
-                    dport_changes = dport_changes + 1 
-            for port in dport_form:
-                if port not in dport_ruledata:
-                    dport_ruledata.append(port)     
-                    dport_changes = dport_changes + 1                     
-
-    if len(dport_delete) > 0:
-        msg.add_debug("Criteria Ports Destination: remove ports - " + ",".join(dport_delete))
-    if len(sport_delete) > 0:
-        msg.add_debug("Criteria Ports Source: remove ports - " + ",".join(sport_delete))        
-
-
-
-    if rulenumber_valid == True and dport_changes > 0:
-        if dport_delete_all == True:
-            v = vapi.set_firewall_rule_destination_ports_delete(hostname_default, firewall_name, rulenumber)
-            if v.success:
-                changed = True
-                msg.add_success("Criteria Ports Destination: updated delete all destination success")
-                if 'destination' in ruledata and 'port' in ruledata['destination']:
-                    del ruledata['destination']['port']
+        # find ports to mark as removed
+        if rulenumber_valid == True and request.POST.get('criteria_port', None) == "1":
+            if len(sport_form) == 0:
+                msg.add_debug("Criteria Ports Source: remove all ports")
+                sport_ruledata = []
+                sport_changes = sport_changes + 1
+                sport_delete_all = True
             else:
-                msg.add_error("Criteria Ports Destination: delete all failed - " + v.reason)
-
-        else:
-            msg.add_debug("Criteria Ports Destination: ports - " + ",".join(dport_ruledata))
-            v = vapi.set_firewall_rule_destination_ports(hostname_default, firewall_name, rulenumber, dport_ruledata)
-            if v.success:
-                changed = True
-                msg.add_success("Criteria Ports Destination: updated")
-                ruledata['destination']['port'] = ','.join(dport_ruledata)
+                for port in sport_ruledata:
+                    if port not in sport_form:
+                        sport_ruledata.remove(port)   
+                        sport_delete.append(port)   
+                        sport_changes = sport_changes + 1
+                for port in sport_form:
+                    if port not in sport_ruledata:
+                        sport_ruledata.append(port)   
+                        sport_changes = sport_changes + 1
+
+        if rulenumber_valid == True and request.POST.get('criteria_port', None) == "1":
+            if len(dport_form) <= 0:
+                msg.add_debug("Criteria Ports Destination: remove all ports")
+                dport_ruledata = []
+                dport_changes = dport_changes + 1 
+                dport_delete_all = True
             else:
-                msg.add_error("Criteria Ports Destination: failed - " + v.reason)
-    else:
-        msg.add_info("Criteria Ports Destination: no changes")
+                for port in dport_ruledata:
+                    if port not in dport_form:
+                        dport_ruledata.remove(port)
+                        dport_delete.append(port)   
+                        dport_changes = dport_changes + 1 
+                for port in dport_form:
+                    if port not in dport_ruledata:
+                        dport_ruledata.append(port)     
+                        dport_changes = dport_changes + 1                     
+
+        if len(dport_delete) > 0:
+            msg.add_debug("Criteria Ports Destination: remove ports - " + ",".join(dport_delete))
+        if len(sport_delete) > 0:
+            msg.add_debug("Criteria Ports Source: remove ports - " + ",".join(sport_delete))        
+
+
+
+        if rulenumber_valid == True and dport_changes > 0:
+            if dport_delete_all == True:
+                v = vapi.set_firewall_rule_destination_ports_delete(hostname_default, firewall_name, rulenumber)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Ports Destination: updated delete all destination success")
+                    if 'destination' in ruledata and 'port' in ruledata['destination']:
+                        del ruledata['destination']['port']
+                else:
+                    msg.add_error("Criteria Ports Destination: delete all failed - " + v.reason)
 
-    if rulenumber_valid == True and sport_changes > 0:
-        if sport_delete_all == True:
-            v = vapi.set_firewall_rule_source_ports_delete(hostname_default, firewall_name, rulenumber)
-            if v.success:
-                changed = True
-                msg.add_success("Criteria Ports Destination: updated delete all source success")
-                if 'source' in ruledata and 'port' in ruledata['source']:
-                    del ruledata['source']['port']
             else:
-                msg.add_error("Criteria Ports Destination: delete all failed - " + v.reason)
+                msg.add_debug("Criteria Ports Destination: ports - " + ",".join(dport_ruledata))
+                v = vapi.set_firewall_rule_destination_ports(hostname_default, firewall_name, rulenumber, dport_ruledata)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Ports Destination: updated")
+                    ruledata['destination']['port'] = ','.join(dport_ruledata)
+                else:
+                    msg.add_error("Criteria Ports Destination: failed - " + v.reason)
+
+        if rulenumber_valid == True and sport_changes > 0:
+            if sport_delete_all == True:
+                v = vapi.set_firewall_rule_source_ports_delete(hostname_default, firewall_name, rulenumber)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Ports Destination: updated delete all source success")
+                    if 'source' in ruledata and 'port' in ruledata['source']:
+                        del ruledata['source']['port']
+                else:
+                    msg.add_error("Criteria Ports Destination: delete all failed - " + v.reason)
 
-        else:
-            msg.add_debug("Criteria Ports Source: ports - " + ",".join(sport_ruledata))    
-            v = vapi.set_firewall_rule_source_ports(hostname_default, firewall_name, rulenumber, sport_ruledata)
-            if v.success:
-                changed = True 
-                msg.add_success("Criteria Ports Source: updated")
-                ruledata['source']['port'] = ','.join(sport_ruledata)
             else:
-                msg.add_error("Criteria Ports Source: failed - " + v.reason)
-    else:
-        msg.add_info("Criteria Ports Source: no changes")
+                msg.add_debug("Criteria Ports Source: ports - " + ",".join(sport_ruledata))    
+                v = vapi.set_firewall_rule_source_ports(hostname_default, firewall_name, rulenumber, sport_ruledata)
+                if v.success:
+                    changed = True 
+                    msg.add_success("Criteria Ports Source: updated")
+                    ruledata['source']['port'] = ','.join(sport_ruledata)
+                else:
+                    msg.add_error("Criteria Ports Source: failed - " + v.reason)
     
     ###############################################################################################################################################################
     # update criteria_tcpflags
@@ -535,8 +517,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             else:
                 msg.add_error("Criteria TCP Ports: updated failed - " + v.reason)
 
-
-
     ###############################################################################################################################################################
     # update criteria_address
     if request.POST.get('criteria_address', None) == "1":
@@ -605,6 +585,89 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
                 else:
                     msg.add_error("Criteria Destination Address: updated failed - " + v.reason)                           
 
+    ###############################################################################################################################################################
+    # update criteria_addressgroup
+    if request.POST.get('criteria_addressgroup', None) == "1":
+        
+
+        # source address
+        if request.POST.get('saddressgroup', None) != None:              
+            saddressgroup = request.POST.get('saddressgroup').strip()
+        else:
+            saddressgroup = ''
+
+        saddressgroup_ruledata = ''
+        if 'source' in ruledata:
+            if 'group' in ruledata['source']:
+                if 'address-group' in ruledata['source']['group']:
+                    saddressgroup_ruledata = ruledata['source']['group']['address-group']
+
+        if len(saddressgroup) == 0: 
+            v = vapi.set_firewall_rule_source_addressgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Address Group: delete success") 
+
+                if 'source' in ruledata:
+                    if 'group' in ruledata['source']:
+                        if 'address-group' in ruledata['source']['group']:
+                            del ruledata['source']['group']['address-group']
+            else:
+                msg.add_error("Criteria Source Address Group: delete failed - " + v.reason)         
+
+        elif saddressgroup != saddressgroup_ruledata:
+            v = vapi.set_firewall_rule_source_addressgroup(hostname_default, firewall_name, rulenumber, saddressgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Address Group: updated success") 
+
+                if 'source' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['source']:
+                    ruledata['source']['group'] = {}
+                ruledata['source']['group']['address-group'] = saddressgroup         
+            else:
+                msg.add_error("Criteria Source Address Group: updated failed - " + v.reason)         
+
+
+        # destination address
+        if request.POST.get('daddressgroup', None) != None:              
+            daddressgroup = request.POST.get('daddressgroup').strip()
+        else:
+            daddressgroup = ''
+
+
+        daddressgroup_ruledata = ''
+        if 'destination' in ruledata:
+            if 'group' in ruledata['destination']:
+                if 'address-group' in ruledata['destination']['group']:
+                    daddressgroup_ruledata = ruledata['destination']['group']['address-group']
+
+        if len(daddressgroup) == 0: 
+            v = vapi.set_firewall_rule_destination_addressgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Address Group: delete success") 
+
+                if 'destination' in ruledata:
+                    if 'group' in ruledata['destination']:
+                        if 'address-group' in ruledata['destination']['group']:
+                            del ruledata['destination']['group']['address-group']
+            else:
+                msg.add_error("Criteria Destination Address Group: delete failed - " + v.reason)         
+        elif daddressgroup != daddressgroup_ruledata:
+            v = vapi.set_firewall_rule_destination_addressgroup(hostname_default, firewall_name, rulenumber, daddressgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Address Group: updated success") 
+
+                if 'destination' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['destination']:
+                    ruledata['destination']['group'] = {}
+                ruledata['destination']['group']['address-group'] = daddressgroup              
+            else:
+                msg.add_error("Criteria Destination Address Group: updated failed - " + v.reason)         
 
 
 
@@ -616,41 +679,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             # rule created, continue to configure firewall rule according his criterias
             if v.success:
                 
-
-                
-                    
-
-               
-                # if criteria_addressgroup set, save it
-                if request.POST.get('criteria_addressgroup', None) == "1":
-                    if request.POST.get('sdaddressgroup_source', None) != None:              
-                        sdaddressgroup_source = request.POST.get('sdaddressgroup_source')
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "address-group", sdaddressgroup_source],
-                            description = "set sdaddressgroup_source",
-                        )
-                        vcmsg.log("set sdaddressgroup_source", v.data)
-
-                        if v.success:
-                            changed = True 
-
-                    if request.POST.get('sdaddressgroup_destination', None) != None:              
-                        sdaddressgroup_destination = request.POST.get('sdaddressgroup_destination')                    
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "address-group", sdaddressgroup_destination],
-                            description = "set sdaddressgroup_destination",
-                        )
-                        vcmsg.log("set sdaddressgroup_destination", v.data)
-
-                        if v.success:
-                            changed = True 
-
                 # if criteria_networkgroup set, save it
                 if request.POST.get('criteria_networkgroup', None) == "1":
                     if request.POST.get('sdnetworkgroup_source', None) != None:              
@@ -665,21 +693,21 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
                         if v.success:
                             changed = True 
                         else:
-                            vcmsg.log("sdnetworkgroup_source", v.error)
+                            vmsg.log("sdnetworkgroup_source", v.error)
 
-                    if request.POST.get('sdnetworkgroup_destination', None) != None:              
-                        sdnetworkgroup_destination = request.POST.get('sdnetworkgroup_destination')                    
+                    if request.POST.get('dnetworkgroup', None) != None:              
+                        dnetworkgroup = request.POST.get('dnetworkgroup')                    
                         v = vapilib.api (
                             hostname=   hostname_default,
                             api =       "post",
                             op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", sdnetworkgroup_destination],
-                            description = "set sdnetworkgroup_destination",
+                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", dnetworkgroup],
+                            description = "set dnetworkgroup",
                         ) 
                         if v.success:
                             changed = True                  
                         else:
-                            vcmsg.log("sdnetworkgroup_source", v.error)                        
+                            vmsg.log("sdnetworkgroup_source", v.error)                        
 
                 # if criteria_sourcemac set, save it
                 if request.POST.get('criteria_sourcemac', None) == "1":
@@ -761,7 +789,9 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         
 
     ruledata_json = json.dumps(ruledata)
-    vcmsg.log("json", ruledata_json)
+    firewall_networkgroup_js = json.dumps(firewall_group['network-group'])
+    firewall_addressgroup_js = json.dumps(firewall_group['address-group'])    
+    vmsg.log("json", ruledata_json)
 
 
     template = loader.get_template(template_name)
@@ -769,7 +799,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         #'interfaces': interfaces,
         'instances':                        all_instances,
         'hostname_default':                 hostname_default,
-        'firewall':                         firewall,
         'firewall_name':                    firewall_name,
         'username':                         request.user,
         'is_superuser' :                    is_superuser,
@@ -987,7 +1016,7 @@ def firewall_networkgroup_add(request):
 
         changed = False
 
-        vcmsg.log('networks', networks)
+        vmsg.log('networks', networks)
 
         for network in networks:
             v = vapilib.api (
@@ -1066,7 +1095,7 @@ def firewall_addressgroup_add(request):
 
         changed = False
 
-        vcmsg.log('networks', networks)
+        vmsg.log('networks', networks)
 
         for network in networks:
             v = vapilib.api (
@@ -1128,12 +1157,12 @@ def firewall_addressgroup_desc(request, groupname):
         networks_original = groupinfo['address']
 
         if type(networks_original) is str:
-            vcmsg.log("tipo", type(networks_original))
+            vmsg.log("tipo", type(networks_original))
             networks_original = [groupinfo['address']]
         else:
             networks_original = groupinfo['address']
 
-    vcmsg.log("networks_original", networks_original)
+    vmsg.log("networks_original", networks_original)
 
     networks_json = json.dumps(networks_original)
 
@@ -1158,7 +1187,7 @@ def firewall_addressgroup_desc(request, groupname):
             except ValueError:
                 networks_new = {}
 
-            vcmsg.log('networks new', networks_new)
+            vmsg.log('networks new', networks_new)
 
             for network in networks_new:
                 v = vapilib.api (
@@ -1171,7 +1200,7 @@ def firewall_addressgroup_desc(request, groupname):
                 if v.success and changed == False:
                     changed = True
             
-            vcmsg.log('networks original', networks_original)
+            vmsg.log('networks original', networks_original)
 
             for network in networks_original:
                 if network not in networks_new:
@@ -1224,12 +1253,12 @@ def firewall_networkgroup_desc(request, groupname):
         networks_original = groupinfo['network']
 
         if type(networks_original) is str:
-            vcmsg.log("tipo", type(networks_original))
+            vmsg.log("tipo", type(networks_original))
             networks_original = [groupinfo['network']]
         else:
             networks_original = groupinfo['network']
 
-    vcmsg.log("networks_original", networks_original)
+    vmsg.log("networks_original", networks_original)
 
     networks_json = json.dumps(networks_original)
 
@@ -1254,7 +1283,7 @@ def firewall_networkgroup_desc(request, groupname):
             except ValueError:
                 networks_new = {}
 
-            vcmsg.log('networks new', networks_new)
+            vmsg.log('networks new', networks_new)
 
             for network in networks_new:
                 v = vapilib.api (
@@ -1267,7 +1296,7 @@ def firewall_networkgroup_desc(request, groupname):
                 if v.success and changed == False:
                     changed = True
             
-            vcmsg.log('networks original', networks_original)
+            vmsg.log('networks original', networks_original)
 
             for network in networks_original:
                 if network not in networks_new:

vycontrol/vycontrol_vyos_api.py

@@ -201,3 +201,42 @@ def set_firewall_rule_destination_address_delete(hostname, firewall_name, rulenu
     )
     return v    
 
+def set_firewall_rule_source_addressgroup(hostname, firewall_name, rulenumber, saddressgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "address-group", saddressgroup],
+        description = "set saddressgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_addressgroup(hostname, firewall_name, rulenumber, daddressgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "address-group", daddressgroup],
+        description = "set daddressgroup",
+    )
+    return v 
+
+def set_firewall_rule_source_addressgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "address-group"],
+        description = "delete saddressgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_addressgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "address-group"],
+        description = "delete daddressgroup",
+    )
+    return v