set firewall syn-cookies #43 / set firewall all-ping #42

vycontrol/firewall/templates/firewall/list.html

@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 
-{% block header_title %}Firewall Dashboard{% endblock %}
-{% block section_title %}Firewall Dashboard{% endblock %}
+{% block header_title %}Firewall List{% endblock %}
+{% block section_title %}Firewall List{% endblock %}
 
 {% block debug %}
 {{ firewall_all }}
@@ -15,7 +15,6 @@
 </p>
 
 
-
 {% if firewall_all %}
     <table border="1" width="100%">
     <tr><th>name</th><th>description</th><th>default-action</th></th><th>actions</th></tr>
@@ -39,6 +38,25 @@
 {% endif %}
 
 
+<h3>Global Firewall Properties</h3>
+
+<form action="{% url 'firewall:firewall-global' %}" method="post">
+    {% csrf_token %}
+
+    <table width="100%">
+        <tr>
+            <th width="100%"><input type="checkbox" name="allping" value="1" {% if firewall_all.all_ping == "enable" %}checked="checked"{% endif %}/> all-ping</th>
+        </tr>
+        <tr>
+            <th width="100%"><input type="checkbox" name="syncookies" value="1" {% if firewall_all.syn_cookies == "enable" %}checked="checked"{% endif %}/> syn-cookies</th>
+        </tr>
+    </table>
+    <input type="submit" value="Save">
+</form>
+
+
+
+
 
 
 {% endblock %}

vycontrol/firewall/templates/firewall/show.html

@@ -15,6 +15,23 @@
     <a href="{% url 'firewall:addrule' firewall_name %}">Add new rule</a>
 </p>
 
+<h3>Firewall Properties</h3>
+
+<form action="{% url 'firewall:firewall-config' firewall_name %}" method="post">
+    {% csrf_token %}
+
+    <table width="100%">
+        <tr>
+            <th width="100%"><input type="checkbox" name="allping" value="1" /> all-ping</th>
+        </tr>
+        <tr>
+            <th width="100%"><input type="checkbox" name="syncookies" value="1" /> syn-cookies</th>
+        </tr>
+    </table>
+    <input type="submit" value="Save">
+</form>
+
+<h3>Rules</h3>
 
 
 {% if firewall.rule %}

vycontrol/firewall/urls.py

@@ -12,6 +12,8 @@ urlpatterns = [
     path('firewall-create', views.create, name='firewall-create'),
     path('firewall-remove/<str:firewall_name>', views.firewall_remove, name='firewall-remove'),
     path('firewall-edit/<str:firewall_name>', views.firewall_edit, name='firewall-edit'),
+    path('firewall-config/<str:firewall_name>', views.firewall_config, name='firewall-config'),
+    path('firewall-global', views.firewall_global, name='firewall-global'),
     path('addrule/<str:firewall_name>', views.addrule, name='addrule'),
     path('editrule/<str:firewall_name>/<str:firewall_rulenumber>', views.editrule, name='editrule'),
     path('firewall-removerule/<str:firewall_name>/<str:firewall_rulenumber>', views.firewall_removerule, name='firewall-removerule'),    

vycontrol/firewall/views.py

@@ -19,6 +19,8 @@ def index(request):
     all_instances = vyos.instance_getall()
     hostname_default = vyos.get_hostname_prefered(request)
 
+
+
     firewall_all = vyos.get_firewall_all(hostname_default)
     if firewall_all == False:
         return redirect('firewall:firewall-create')
@@ -33,7 +35,7 @@ def index(request):
         #'interfaces': interfaces,
         'instances': all_instances,
         'hostname_default': hostname_default,
-        'firewall_all':  firewall_all
+        'firewall_all':  firewall_all,
     }   
     return HttpResponse(template.render(context, request))
 
@@ -227,6 +229,57 @@ def show(request, firewall_name):
 
 
 
+def firewall_config(request, firewall_name):
+    if not request.user.is_authenticated:
+        return redirect('%s?next=%s' % (reverse('registration-login'), request.path))
+        
+    #interfaces = vyos.get_interfaces()
+    all_instances = vyos.instance_getall()
+    hostname_default = vyos.get_hostname_prefered(request)
+
+    firewall = vyos.get_firewall(hostname_default, firewall_name)
+    
+
+    if request.POST.get('allping') == 1:
+        pass
+
+    if request.POST.get('syncookies') == 1:
+        pass    
+
+    template = loader.get_template('firewall/show.html')
+    context = { 
+        #'interfaces': interfaces,
+        'instances': all_instances,
+        'hostname_default': hostname_default,
+        'firewall':  firewall,
+        'firewall_name': firewall_name,
+    }   
+    return HttpResponse(template.render(context, request))
+
+
+
+def firewall_global(request):
+    if not request.user.is_authenticated:
+        return redirect('%s?next=%s' % (reverse('registration-login'), request.path))
+        
+    #interfaces = vyos.get_interfaces()
+    all_instances = vyos.instance_getall()
+    hostname_default = vyos.get_hostname_prefered(request)
+
+    if int(request.POST.get('allping', 0)) == 1:
+        vyos.set_firewall_allping_enable(hostname_default)
+    else:
+        vyos.set_firewall_allping_disable(hostname_default)
+
+    if int(request.POST.get('syncookies', 0)) == 1:
+        vyos.set_firewall_syncookies_enable(hostname_default)
+    else:
+        vyos.set_firewall_syncookies_disable(hostname_default)
+
+    
+    return redirect('firewall:firewall-list')
+
+
 
 def firewall_remove(request, firewall_name):
     if not request.user.is_authenticated:

vycontrol/s/main.css

@@ -80,6 +80,11 @@ form.instancedefault {
 }
 
 #central h2 {
+  margin-top: 20px;
+  font-size: 16px;
+}
+
+#central h3 {
   margin-top: 20px;
   font-size: 14px;
 }

vycontrol/vycenter/templates/base.html

@@ -8,7 +8,7 @@
 
     <!-- Bootstrap CSS -->
     <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
-    <link rel="stylesheet" href="{% static "main.css" %}?v7">
+    <link rel="stylesheet" href="{% static "main.css" %}?v11">
 
     <title>{% block header_title %}{% endblock %} - VyControl</title>
   </head>

vycontrol/vyos.py

@@ -5,6 +5,10 @@ import sys
 
 from config.models import Instance
 
+
+def repvar(s):
+    return s.replace("-", "_")
+
 def get_url(hostname):
     # permcheck
     instance = Instance.objects.get(hostname=hostname)
@@ -140,7 +144,15 @@ def instance_getall():
 def get_firewall_all(hostname):
     cmd = {"op": "showConfig", "path": ["firewall"]}
     firewall_list = api_get(hostname, cmd)
-    return firewall_list
+
+    nfirewall_list = {}
+
+    for f in firewall_list:
+        s = repvar(f)
+        nfirewall_list[s] = firewall_list[f]
+        nfirewall_list[f] = firewall_list[f]        
+
+    return nfirewall_list
 
 def set_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, firewall_name):
     cmd = {"op": "set", "path": ["interfaces", interface_type, interface_name, "firewall", direction, "name", firewall_name]}
@@ -174,6 +186,9 @@ def get_firewall(hostname, name):
     result1 = api_get(hostname, cmd)
     return result1
 
+  
+ 
+
 def get_firewall_rule(hostname, name, rulenumber):
     cmd = {"op": "showConfig", "path": ["firewall", "name", name, "rule", rulenumber]}
 
@@ -202,6 +217,37 @@ def set_route_static(hostname, subnet, nexthop):
     result1 = api_set(hostname, cmd)
     return result1  
 
+
+def set_firewall_syncookies_enable(hostname):
+    cmd = {"op": "set", "path": ["firewall","syn-cookies",'enable']}
+
+    result1 = api_set(hostname, cmd)
+    return result1  
+
+def set_firewall_syncookies_disable(hostname):
+    cmd = {"op": "set", "path": ["firewall","syn-cookies",'disable']}
+
+    result1 = api_set(hostname, cmd)
+    return result1  
+
+
+def set_firewall_allping_enable(hostname):
+    cmd = {"op": "set", "path": ["firewall","all-ping",'enable']}
+
+    result1 = api_set(hostname, cmd)
+    return result1  
+
+def set_firewall_allping_disable(hostname):
+    cmd = {"op": "set", "path": ["firewall","all-ping",'disable']}
+
+    result1 = api_set(hostname, cmd)
+    return result1  
+
+
+
+
+
+
 def delete_route_static(hostname, subnet, nexthop):
     #cmd = {"op": "delete", "path": ["protocols","static","route", subnet, "next-hop", nexthop]}
     cmd = {"op": "delete", "path": ["protocols","static","route", subnet]}