Acasă Explorează Ajutor
Înregistrare Autentificare
hongtu_zang
/
vycontrol
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

fixed interfaces list error while showing vifs #112

Roberto Berto 5 ani în urmă
părinte
8c6321dc3b
comite
6f91ef0ed5
8 a modificat fișierele cu 508 adăugiri și 124 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 95 66
      vycontrol/firewall/templates/firewall/zones-edit.html
  2. 18 1
      vycontrol/firewall/templates/firewall/zones.html
  3. 1 0
      vycontrol/firewall/urls.py
  4. 156 2
      vycontrol/firewall/views.py
  5. 48 4
      vycontrol/interface/templates/interface/index.html
  6. 135 38
      vycontrol/interface/views.py
  7. 54 0
      vycontrol/vycontrol_vyos_api.py
  8. 1 13
      vycontrol/vyos.py

+ 95 - 66
vycontrol/firewall/templates/firewall/zones-edit.html
Vizualizați fișierul 

@@ -6,12 +6,18 @@
 
 
 {% block debug %}
 
 
+{{ zoneinfo }}
 
+
 
+
 
 {{ allzones }}
 
 
 {{ interfaces_defined }}
 
 
 {{ interfaces_zone }}
 
 
+{{ interfaces_pretty }}
 
+
 
+{{ interfaces_all_names_pretty }}
 
 
 {% endblock %}
 
 
@@ -22,75 +28,98 @@
 
     <a href="{% url 'firewall:firewall-create' %}">Create new firewall</a> | 
     <a href="{% url 'firewall:firewall-addressgroup-list' %}">Address Group</a> | 
     <a href="{% url 'firewall:firewall-networkgroup-list' %}">Network Group</a> | 
-    <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a>
 
+    <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a> | 
+    <a href="{% url 'firewall:firewall-zones' %}">Zones</a>
 
 </p>
 
 
 
-
 
-<h3>Create new zone</h3>
 
-
 
-<form action="{% url 'firewall:firewall-zones-add' %}" method="post">
 
-    {% csrf_token %}
 
-  
-    <p>
 
-        <label for="alias">name</label><br>
 
-        <input type="text" name="name" id="name" value="" size="60">
 
-    </p>    
-
 
-    <p>
 
-        <label for="alias">description</label><br>
 
-        <input type="text" name="description" id="description" value="" size="60">
 
-    </p>    
-    
-    <p>
 
-        <label for="hostname">default action</label><br>
 
-        <input type="radio" name="action" id="action" value="drop" {% if firewall.defaultaction == "drop" %}checked="checked"{% endif %}> drop
 
-        <input type="radio" name="action" id="action" value="reject" {% if firewall.defaultaction == "accept" %}checked="checked"{% endif %}> reject        
-    </p>
 
-
 
-    <h2>Local-zone</h2>
 
-    <p>Local zones cannot bellong to any other interface and will be applied to the router itself.<br>
 
-        <input type="checkbox" name="localzone" value="1" id="localzone">
 
-        <label for="localzone">set as local-zone</label><br>
 
-    </p> 
-
 
-    <div id="interfacesdiv">
 
-    <h2>Interfaces to apply</h2>
 
-    {% for key, value in interfaces.items %}
 
-        {% if key != "loopback" %}
 
-            {% for ifkey, ifvalue in value.items %}
 
-                {% if ifkey not in interfaces_defined %}
 
-                    <input type="checkbox" name="interface_{{ ifkey }}" value="{{ ifkey }}" id="interface_{{ ifkey }}">
 
-                    <label for="interface_{{ ifkey }}">{{ key }} - {{ ifkey }}</label><br>
 
-                {% else %}
 
-                {{ key }} - {{ ifkey }} - already defined in zone {{ interfaces_zone|get_item:ifkey }} <br>
 
-
 
-                {% endif %}
 
-            {% endfor %}
 
-        {% endif %}
 
-    {% endfor %}
 
-    </div>
 
-
 
-    
-    <input type="submit" value="Add Firewall">
 
-</form>
 
-
 
-
 
-   
-<script>
 
-    $(document).ready(function () {                            
-        $("#localzone").change(function () {
 
-            if ($("#localzone").is(":checked")) {
 
-                $('#interfacesdiv').hide();
 
-            }
 
-            else if ($("#localzone").not(":checked")) {
 
-                $('#interfacesdiv').show();
 
-            }
 
-        });
 
-    });
 
-
 
-</script>
 
-
 
+{% if exists == True %} 
+    {% if form_added == False %}
 
+        <h3>Edit zone {{ zonename }}</h3>
 
+
 
+        <form action="{% url 'firewall:firewall-zones-add' %}" method="post">
 
+            {% csrf_token %}
 
+        
+            <p>
 
+                <label for="alias">name</label><br>
 
+                <input type="text" name="name" id="name" value="" size="60">
 
+            </p>    
+
 
+            <p>
 
+                <label for="alias">description</label><br>
 
+                <input type="text" name="description" id="description" value="" size="60">
 
+            </p>    
+            
+            <p>
 
+                <label for="hostname">default action</label><br>
 
+                <input type="radio" name="action" id="action" value="drop" {% if firewall.defaultaction == "drop" %}checked="checked"{% endif %}> drop
 
+                <input type="radio" name="action" id="action" value="reject" {% if firewall.defaultaction == "accept" %}checked="checked"{% endif %}> reject        
+            </p>
 
+
 
+            {% comment %}
 
+            <h2>Local-zone</h2>
 
+            <p>Local zones cannot bellong to any other interface and will be applied to the router itself.<br>
 
+                <input type="checkbox" name="localzone" value="1" id="localzone">
 
+                <label for="localzone">set as local-zone</label><br>
 
+            </p> 
+            {% endcomment %}
 
+
 
+
 
+
 
+        
+
 
+
 
+            <div id="interfacesdiv">
 
+                <h2>Interfaces to apply</h2>
 
+                        {% for iface in interfaces_all_names %}
 
+                            {% if iface.type != "loopback" %}
 
+                                {% if iface.vif %}
 
+                                    {% with iface_id="interface_"|add:iface.interface_name|add:"."|add:iface.vif iface_js="interface_"|add:iface.interface_name|add:"_"|add:iface.vif  %}
 
+                                        {% if iface_id not in interfaces_defined_form %}
 
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}">
 
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %}</label><br>
 
+                                        {% else %}
 
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}" disabled>
 
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %} belongs to another zone</label><br>                            
+                                        {% endif %}
 
+                                    {% endwith %}
 
+                                {% else %}
 
+                                    {% with iface_id="interface_"|add:iface.interface_name iface_js="interface_"|add:iface.interface_name %}
 
+                                        {% if iface_id not in interfaces_defined_form %}
 
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}">
 
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %}</label><br>
 
+                                        {% else %}
 
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}" disabled>
 
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %} belongs to another zone</label><br>
 
+                                        {% endif %}
 
+                                    {% endwith %}                    
+                                {% endif %}
 
+                            {% endif %}
 
+                        {% endfor %}
 
+            </div>    
+            
+
 
+            
+            <input type="submit" value="Add Firewall">
 
+        </form>
 
+
 
+
 
+        
+        <script>
 
+            $(document).ready(function () {                            
+                $("#localzone").change(function () {
 
+                    if ($("#localzone").is(":checked")) {
 
+                        $('#interfacesdiv').hide();
 
+                    }
 
+                    else if ($("#localzone").not(":checked")) {
 
+                        $('#interfacesdiv').show();
 
+                    }
 
+                });
 
+            });
 
+
 
+        </script>
 
+    {% endif %}
 
+{% endif %}
 
 
 
 {% endblock %}

+ 18 - 1
vycontrol/firewall/templates/firewall/zones.html
Vizualizați fișierul 

@@ -25,8 +25,25 @@
 
 
 <h3>Firewall Zones</h3>
 
 
+{% if allzones %}
 
+
 
+    <table border="1" width="100%">
 
+    <tr>
 
+        <th>zone</th>
 
+        <th>description</th>
 
+    </tr>    
+    {% for zone in allzones %}
 
+        <tr>
 
+        <td><a href="{% url 'firewall:firewall-zones-edit' zone.name %}">{{ zone.name }}</a></td>
 
+        <td>{{ zone.description }}</td>
 
+        </tr>
 
+    {% endfor %}
 
+
 
+    </table>
 
+
 
+{% else %}
 
 <p>No firewall zone exists.</p>
 
-    
+{% endif %}    
 
 
 {% endblock %}

+ 1 - 0
vycontrol/firewall/urls.py
Vizualizați fișierul 

@@ -32,6 +32,7 @@ urlpatterns = [
 
 
     path('zones', views.firewall_zones, name='firewall-zones'),
 
     path('zones/add', views.firewall_zones_add, name='firewall-zones-add'),
 
+    path('zones/edit<str:zonename>', views.firewall_zones_edit, name='firewall-zones-edit'),
 
 
 
     path('addrule/<str:firewall_name>', views.addrule, name='addrule'),

+ 156 - 2
vycontrol/firewall/views.py
Vizualizați fișierul 

@@ -1584,6 +1584,14 @@ def firewall_zones(request):
 
                         interfaces_zone[zoneinterface] = zone
 
 
 
+    
+    if 'zone' in allzones:
 
+        allzones2 = []
 
+        for zone in allzones['zone']:
 
+            zonec = allzones['zone'][zone]
 
+            zonec['name'] = zone
 
+            allzones2.append(zonec)
 
+            
 
     template = loader.get_template('firewall/zones.html')
 
     context = { 
@@ -1592,8 +1600,8 @@ def firewall_zones(request):
 
         'hostname_default':                         hostname_default,
 
         'username':                                 request.user,
 
         'is_superuser' :                            is_superuser,
 
-        'allzones':                                 allzones,
 
-        'allzones_pretty':                          pprint.pformat(allzones, indent=4, width=120),
 
+        'allzones':                                 allzones2,
 
+        'allzones_pretty':                          pprint.pformat(allzones2, indent=4, width=120),
 
 
     }   
     return HttpResponse(template.render(context, request))
 
@@ -1714,3 +1722,149 @@ def firewall_zones_add(request):
 
     return HttpResponse(template.render(context, request))
 
 
 
+
 
+
 
+
 
+
 
+
 
+@is_authenticated
 
+def firewall_zones_edit(request, zonename):
 
+    msg = vmsg.msg()
 
+
 
+    # basic methods all views should call
 
+    all_instances       = vyos.instance_getall()
 
+    hostname_default    = vyos.get_hostname_prefered(request)
 
+    is_superuser        = perms.get_is_superuser(request.user)
 
+
 
+    # local methods to prepare env
 
+    interfaces              = vyos.get_interfaces(hostname_default)
 
+    interfaces_all_names    = vyos.get_interfaces_all_names(hostname_default)
 
+    get_firewall_zones      = vapi.get_firewall_zones(hostname_default) # get all zones since we cannot allow an interface belongs more than one zone
 
+    get_firewall_zone       = vapi.get_firewall_zone(hostname_default, zonename)
 
+    zoneinfo                = get_firewall_zone.data
 
+
 
+    if zoneinfo == None:
 
+        msg.add_error("Zone not exists")
 
+        template = loader.get_template('firewall/zones-edit.html')
 
+        context = { 
+            #'interfaces': interfaces,
 
+            'instances':                    all_instances,
 
+            'hostname_default':             hostname_default,
 
+            'username':                     request.user,
 
+            'is_superuser':                 is_superuser,
 
+            'interfaces':                   interfaces,
 
+            'interfaces_all_names_pretty':  pprint.pformat(interfaces_all_names, indent=4, width=120),
 
+            'interfaces_all_names':         interfaces_all_names,
 
+            'msg' :                         msg.get_all(),
 
+            "zoneinfo":                     zoneinfo,
 
+            "exists":                       False
 
+        }   
+        return HttpResponse(template.render(context, request))
 
+
 
+
 
+
 
+    interfaces_defined          = []
 
+    interfaces_defined_form     = []
 
+    interfaces_zone             = {}
 
+    allzones                    = []
 
+
 
+    if get_firewall_zones.success:
 
+        allzones = get_firewall_zones.data
 
+        if 'zone' in allzones:
 
+            for zone in allzones['zone']:
 
+                if 'interface' in allzones['zone'][zone]:
 
+                    for zoneinterface in allzones['zone'][zone]['interface']:
 
+                        interfaces_defined.append(zoneinterface)
 
+                        interfaces_defined_form.append("interface_" + zoneinterface)
 
+                        interfaces_zone[zoneinterface] = zone
 
+
 
+    # local control vars
 
+    valid               = False
 
+    localzone           = False
 
+
 
+    if request.POST.get('name', None) != None or len(zonename) > 0:
 
+        if len(zonename) == 0:
 
+            zonename = request.POST.get('name')
 
+            zonename = zonename.strip()
 
+
 
+        if request.POST.get('localzone', None) != None:
 
+            # set local-zone
 
+            v = vapi.set_firewall_zone_localzone(hostname_default, zonename)
 
+            if v.success:   
+                valid = True
 
+                msg.add_success("Local-zone defined")       
+            else:
 
+                msg.add_success("Local-zone failed to set") 
+        else:
 
+            # add all interfaces
 
+            interfaces_form = []
 
+            for rv in request.POST:
 
+                iface_form = None
 
+                if rv.startswith("interface_"):
 
+                    rvprefixlen = len("interface_")
 
+                    iface_form = rv[rvprefixlen:]
 
+                    interfaces_form.append(iface_form)
 
+
 
+                    v = vapi.set_firewall_zone_interface(hostname_default, zonename, iface_form)
 
+                    if v.success:   
+                        valid = True
 
+                        msg.add_success("Interface added to zone: " +  iface_form)
 
+                    else:
 
+                        msg.add_success("Interface not added to zone: " +  iface_form + " - "  + v.reason)
 
+
 
+            if valid == True:
 
+                # if editing remove localzone if set
 
+                pass
 
+
 
+
 
+        if valid == True:
 
+            if request.POST.get('description', None) != None:
 
+                zonedescription = request.POST.get('description')
 
+                zonedescription = zonedescription.strip()
 
+                if len(zonedescription) > 0:
 
+                    v = vapi.set_firewall_zone_description(hostname_default, zonename, zonedescription)
 
+                    if v.success:   
+                        valid = True
 
+                        msg.add_success("Description defined")
 
+                    else:
 
+                        msg.add_success("Description failed to set")
 
+
 
+            if request.POST.get('action', None) != None:
 
+                zoneaction = request.POST.get('action')
 
+                zoneaction = zonedescription.strip()
 
+                if zoneaction in ['drop', 'reject']:
 
+                    v = vapi.set_firewall_zone_defaultaction(hostname_default, zonename, zoneaction)
 
+                    if v.success:   
+                        valid = True
 
+                        msg.add_success("Default action defined")       
+                    else:
 
+                        msg.add_success("Default action failed to set")                        
+
 
+
 
+            msg.add_success("Zone added") 
+
 
+    template = loader.get_template('firewall/zones-edit.html')
 
+    context = { 
+        #'interfaces': interfaces,
 
+        'instances':                    all_instances,
 
+        'hostname_default':             hostname_default,
 
+        'username':                     request.user,
 
+        'is_superuser':                 is_superuser,
 
+        'interfaces':                   interfaces,
 
+        'interfaces_pretty':            pprint.pformat(interfaces, indent=4, width=120),
 
+        'interfaces_all_names_pretty':  pprint.pformat(interfaces_all_names, indent=4, width=120),
 
+        'interfaces_all_names':         interfaces_all_names,
 
+        'msg' :                         msg.get_all(),
 
+        'allzones':                     allzones,
 
+        'interfaces_defined':           interfaces_defined,
 
+        'interfaces_defined_form':      interfaces_defined_form,
 
+        'interfaces_zone':              interfaces_zone,
 
+        'form_added':                   valid,
 
+        "zoneinfo":                     zoneinfo,
 
+        "zonename":                     zonename,
 
+        "exists":                       True,
 
+
 
+    }   
+    return HttpResponse(template.render(context, request))
 
+
 
+

+ 48 - 4
vycontrol/interface/templates/interface/index.html
Vizualizați fișierul 

@@ -6,13 +6,16 @@
 
 
 {% block debug %}
 
     {{ interfaces }}
 
+    {{ firewall_names }}
 
     {{ firewall_all }}
 
-    {{ interface_firewall_in }}
 
-    {{ interface_firewall_out }}
 
+    {{ interface_firewall_in_pretty }}
 
+    {{ interface_firewall_out_pretty }}
 
+    {{ interfaces_pretty }}
 
+    --------------
 
+    {{ interfaces_all_names_pretty }}
 
 {% endblock %}
 
 
 
-
 
 {% block content %}
 
 
 {% if interfaces %}
 
@@ -22,7 +25,46 @@
 
         <table border="1" width="100%">
 
         <tr><th>type</th><th>name</th><th>address</th><th>firewall ipv4 in</th><th>firewall ipv4 out</th></th></tr>
 
 
-        {% for key, value in interfaces.items %}
 
+
 
+        {% for iname in interfaces_all_names %}
 
+            
+            <tr>
 
+                <td>{{ iname.type }}</td>
 
+                <td>{{ iname.interface_alias }}</td>
 
+                <td>
 
+                    {% for address in iname.address %}
 
+                        {{ address }}<br>
 
+                    {% endfor %}
 
+                </td>
 
+                <td>
 
+                    {% if iname.type == "loopback" or iname.type == "dummy" %}
 
+                        -
 
+                    {% else %}
 
+                        <select id="firewall-ipv4-in" name="firewall-ipv4-in.{{ iname.type }}.{{ iname.interface_alias }}"><option value="--remove--">None</option>
 
+                        {% for fname in firewall_names %}    
+                            <option value="{{ fname }}" {% if iname.firewall_in == fname %}selected="selected"{% endif %} >{{ fname }}</option>
 
+                        {% endfor %}
 
+                        </select>
 
+                    {% endif %}
 
+                </td>
 
+
 
+                <td>
 
+                    {% if iname.type == "loopback" or iname.type == "dummy" %}
 
+                        -
 
+                    {% else %}
 
+                        <select id="firewall-ipv4-out" name="firewall-ipv4-out.{{ iname.type }}.{{ iname.interface_alias }}"><option value="--remove--">None</option>
 
+                        {% for fname in firewall_names %}    
+                            <option value="{{ fname }}" {% if iname.firewall_out == fname %}selected="selected"{% endif %} >{{ fname }}</option>
 
+                        {% endfor %}
 
+                        </select>
 
+                    {% endif %}
 
+                </td>
 
+
 
+            </tr>
 
+        {% endfor %}
 
+
 
+        {% comment %}
 
+        {% for key, value in interfaces_all_names.items %}
 
             <tr>
 
                 
                 <td>{{ key }} </td>
 
@@ -62,6 +104,8 @@
 
             {% endfor %}
 
             </tr>
 
         {% endfor %}
 
+        {% endcomment %}
 
+
 
 
         </table>

+ 135 - 38
vycontrol/interface/views.py
Vizualizați fișierul 

@@ -10,6 +10,7 @@ from django.template.defaultfilters import register
 
 import vyos
 
 from perms import is_authenticated
 
 import perms
 
+import vycontrol_vyos_api as vapi
 
 
 
 from config.models import Instance
 
@@ -23,19 +24,32 @@ def get_item(dictionary, key):
 
 
 @is_authenticated    
 def index(request):
 
-       
+    
     hostname_default = vyos.get_hostname_prefered(request)
 
     all_instances = vyos.instance_getall()
 
     firewall_all = vyos.get_firewall_all(hostname_default)
 
     interfaces = vyos.get_interfaces(hostname_default)
 
     is_superuser = perms.get_is_superuser(request.user)
 
+    interfaces_all_names    = vyos.get_interfaces_all_names(hostname_default)
 
 
     interface_firewall_in = {}
 
     interface_firewall_out = {}
 
 
+    interface_address = {}
 
+    firewall_names = []
 
+
 
+
 
+    # set interface_alias in format eth0 if has not vif and eth0.vlan if has vlan
 
+    for iname in interfaces_all_names:
 
+        if 'vif' in iname:
 
+            iname['interface_alias'] = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
 
+        else:
 
+            iname['interface_alias'] = iname['interface_name']
 
+
 
+
 
+    # create firewall_in and firewall_out vars
 
     for interface_type in interfaces:
 
         for interface_name in interfaces[interface_type]:
 
-            pprint.pprint(interface_name)
 
             try:
 
                 interface_firewall_in[interface_name] = interfaces[interface_type][interface_name]['firewall']['in']['name']
 
             except:
 
@@ -45,69 +59,152 @@ def index(request):
 
             except:
 
                 pass
 
 
+            if interface_name not in interface_address:
 
+                interface_address[interface_name] = []
 
+            try:
 
+                interface_address[interface_name].append(interfaces[interface_type][interface_name]['address'])
 
+            except:
 
+                pass
 
+
 
+
 
+            if 'vif' in interfaces[interface_type][interface_name]:
 
+                for vif in interfaces[interface_type][interface_name]['vif']:
 
+                    interface_name_full = "{interface_name}.{vif}".format(interface_name=interface_name, vif=vif)
 
+                    try:
 
+                        interface_firewall_in[interface_name_full] = interfaces[interface_type][interface_name]['vif'][vif]['firewall']['in']['name']
 
+                    except:
 
+                        pass
 
+                    try:
 
+                        interface_firewall_out[interface_name_full] = interfaces[interface_type][interface_name]['vif'][vif]['firewall']['out']['name']
 
+                    except:
 
+                        pass
 
+
 
+                    if interface_name_full not in interface_address:
 
+                        interface_address[interface_name_full] = []
 
+                    try:
 
+                        interface_address[interface_name_full].append(interfaces[interface_type][interface_name]['vif'][vif]['address'])
 
+                    except:
 
+                        pass
 
+
 
+
 
+    # put all information in a single var: interface_all_names
 
+    for iname in interfaces_all_names:
 
+        if 'vif' in iname:
 
+            ialias = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
 
+        else:
 
+            ialias = iname['interface_name']
 
+
 
+        if ialias in interface_firewall_out:
 
+            iname['firewall_out'] = interface_firewall_out[ialias]
 
+
 
+        if ialias in interface_firewall_in:
 
+            iname['firewall_in'] = interface_firewall_in[ialias]
 
+
 
+        if ialias in interface_address:
 
+            iname['address'] = interface_address[ialias]
 
+
 
+
 
+    if 'name' in firewall_all:
 
+        for fname in firewall_all['name']:
 
+            firewall_names.append(fname)
 
+
 
+    # create a dict
 
+    interfaces_all_names_dict = {}
 
+    for iname in interfaces_all_names:
 
+        if 'vif' in iname:
 
+            ialias = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
 
+        else:
 
+            ialias = iname['interface_name']
 
+
 
+        interfaces_all_names_dict[ialias] = iname
 
+
 
+
 
+
 
     fw_changed = False
 
     for el in request.POST:
 
-        pprint.pprint(request.POST)
 
- 
-        if el.startswith('firewall-ipv4-in') and request.POST[el]:
 
+        interface_vif = None
 
+
 
+        if el.startswith('firewall-ipv4-in'):
 
             pos = el.split(".")
 
             
             interface_type = pos[1]
 
             interface_name = pos[2]
 
+
 
+            if len(pos) >= 4:
 
+                interface_vif = pos[3]
 
+                ialias = "{interface_name}.{vif}".format(interface_name=interface_name, vif=interface_vif)
 
+            else:
 
+                ialias = interface_name
 
+
 
+
 
             firewall_name = request.POST[el]
 
             if firewall_name == "--remove--":
 
-                result1 = vyos.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in")         
+                if 'firewall_in' in interfaces_all_names_dict[ialias]:
 
+                    v = vapi.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", interface_vif)
 
+                    #print("@@@@@@@@@@@@@@@@@ in delete", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
 
+                else:
 
+                    pass
 
+                    #print("@@@@@ not 1", interfaces_all_names_dict[ialias], firewall_name)
 
             else:
 
-                result1 = vyos.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", firewall_name)         
+                if 'firewall_in' not in interfaces_all_names_dict[ialias] or interfaces_all_names_dict[ialias]['firewall_in'] != firewall_name:
 
+                    v = vapi.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)         
+                    #print("@@@@@@@@@@@@@@@@@ in add", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
 
+                else:
 
+                    pass
 
+                    #print("@@@@@ not 2", interfaces_all_names_dict[ialias], firewall_name )
 
 
-            pprint.pprint(result1)  
             fw_changed = True
 
-        elif el.startswith('firewall-ipv4-out') and request.POST[el]:
 
+        elif el.startswith('firewall-ipv4-out'):
 
+
 
             pos = el.split(".")
 
             
             interface_type = pos[1]
 
             interface_name = pos[2]
 
+            if len(pos) >= 4:
 
+                interface_vif = pos[3]
 
+                ialias = "{interface_name}.{vif}".format(interface_name=interface_name, vif=interface_vif)
 
+            else:
 
+                ialias = interface_name                
+
 
             firewall_name = request.POST[el]
 
             if firewall_name == "--remove--":
 
-                result1 = vyos.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out")
 
+                if 'firewall_out' in interfaces_all_names_dict[ialias]:
 
+                    v = vapi.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", interface_vif)
 
+                    #print("@@@@@@@@@@@@@@@@@ out delete", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
 
+                else:
 
+                    #print("@@@@@ not 3", interfaces_all_names_dict[ialias], firewall_name)                    
+                    pass
 
             else:
 
-                result1 = vyos.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", firewall_name)
 
-            pprint.pprint(result1)              
+                if 'firewall_out' not in interfaces_all_names_dict[ialias] or interfaces_all_names_dict[ialias]['firewall_out'] != firewall_name:
 
+                    v = vapi.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
 
+                    #print("@@@@@@@@@@@@@@@@@ out add", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
 
+                else:
 
+                    #print("@@@@@ not 4", interfaces_all_names_dict[ialias], firewall_name)
 
+                    pass
 
+
 
             fw_changed = True
 
             
     if fw_changed == True:
 
         return redirect('interface:interface-list')
 
 
-    """
 
-   if 'name' in request.POST:
 
-        
-        result1 = vyos.set_config(hostname_default, cmd)
 
-        print(result1)
 
-
 
-        if 'description' in request.POST:
 
-            cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]}
 
-            result2 = vyos.set_config(hostname_default, cmd)
 
-            print(result2)
 
-
 
-        if 'action' in request.POST:
 
-            cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]}
 
-            result3 = vyos.set_config(hostname_default, cmd)
 
-            print(result3)
 
-
 
-        return redirect('firewall:firewall-list')
 
-    """
 
 
 
     template = loader.get_template('interface/index.html')
 
     context = {
 
-        'interfaces': interfaces,
 
-        'instances': all_instances,
 
-        'hostname_default': hostname_default,
 
-        'firewall_all' : firewall_all,
 
-        'interface_firewall_in' : interface_firewall_in,
 
-        'interface_firewall_out' : interface_firewall_out,
 
-        'username': request.user,   
-        'is_superuser' : is_superuser,     
+        'interfaces':                               interfaces,
 
+        'interfaces_pretty':                        pprint.pformat(interfaces, indent=4, width=120),
 
+        'interfaces_all_names':                     interfaces_all_names,
 
+        'interfaces_all_names_pretty':              pprint.pformat(interfaces_all_names, indent=4, width=120),
 
+        'instances':                                all_instances,
 
+        'hostname_default':                         hostname_default,
 
+        'firewall_all' :                            firewall_all,
 
+        'firewall_names' :                          firewall_names,
 
+        'interface_firewall_in' :                   interface_firewall_in,
 
+        'interface_firewall_out' :                  interface_firewall_out,
 
+        'interface_firewall_in_pretty' :            pprint.pformat(interface_firewall_in, indent=4, width=120),
 
+        'interface_firewall_out_pretty' :           pprint.pformat(interface_firewall_out, indent=4, width=120),
 
+        'username':                                 request.user,   
+        'is_superuser' :                            is_superuser,     
     }
 
     return HttpResponse(template.render(context, request))

+ 54 - 0
vycontrol/vycontrol_vyos_api.py
Vizualizați fișierul 

@@ -425,3 +425,57 @@ def get_firewall_zones(hostname):
 
     )
 
     return v
 
 
+
 
+def get_firewall_zone(hostname, zone):
 
+    v = vapilib.api (
 
+        hostname=   hostname,
 
+        api =       "get",
 
+        op =        "showConfig",
 
+        cmd =       ["zone-policy", "zone", zone],
 
+        description = "get_firewall_zone",
 
+    )
 
+    return v
 
+
 
+
 
+def set_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, firewall_name, vif=None):
 
+    if vif == None:
 
+        v = vapilib.api (
 
+            hostname=   hostname,
 
+            api =       "post",
 
+            op =        "set",
 
+            cmd =       ["interfaces", interface_type, interface_name, "firewall", direction, "name", firewall_name],
 
+            description = "set_interface_firewall_ipv4",
 
+        )
 
+    else:
 
+        v = vapilib.api (
 
+            hostname=   hostname,
 
+            api =       "post",
 
+            op =        "set",
 
+            cmd =       ["interfaces", interface_type, interface_name, "vif", vif, "firewall", direction, "name", firewall_name],
 
+            description = "set_interface_firewall_ipv4",
 
+        )
 
+    return v    
+
 
+def delete_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, vif=None):
 
+    if vif == None:
 
+        v = vapilib.api (
 
+            hostname=   hostname,
 
+            api =       "post",
 
+            op =        "delete",
 
+            cmd =       ["interfaces", interface_type, interface_name, "firewall", direction],
 
+            description = "delete_interface_firewall_ipv4",
 
+        )
 
+    else:
 
+        v = vapilib.api (
 
+            hostname=   hostname,
 
+            api =       "post",
 
+            op =        "delete",
 
+            cmd =       ["interfaces", interface_type, interface_name, "vif", vif, "firewall", direction],
 
+            description = "delete_interface_firewall_ipv4",
 
+        )
 
+    return v    
+
 
+
 
+
 
+
 
+

+ 1 - 13
vycontrol/vyos.py
Vizualizați fișierul 

@@ -148,19 +148,7 @@ def get_firewall_all(hostname):
 
 
     return nfirewall_list
 
 
-def set_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, firewall_name):
 
-    cmd = {"op": "set", "path": ["interfaces", interface_type, interface_name, "firewall", direction, "name", firewall_name]}
 
-    post = {'key': get_key(hostname), 'data': json.dumps(cmd)}
 
-
 
-    success = api_set(hostname, cmd)
 
-    return success
 
-
 
-def delete_interface_firewall_ipv4(hostname, interface_type, interface_name, direction):
 
-    cmd = {"op": "delete", "path": ["interfaces", interface_type, interface_name, "firewall", direction]}
 
-    post = {'key': get_key(hostname), 'data': json.dumps(cmd)}
 
-
 
-    success = api_set(hostname, cmd)
 
-    return success    
+  
 
 def get_interfaces(hostname):
 
     cmd = {"op": "showConfig", "path": ["interfaces"]}