fixed interfaces list error while showing vifs #112

vycontrol/firewall/templates/firewall/zones-edit.html

@@ -6,12 +6,18 @@
 
 {% block debug %}
 
+{{ zoneinfo }}
+
+
 {{ allzones }}
 
 {{ interfaces_defined }}
 
 {{ interfaces_zone }}
 
+{{ interfaces_pretty }}
+
+{{ interfaces_all_names_pretty }}
 
 {% endblock %}
 
@@ -22,75 +28,98 @@
     <a href="{% url 'firewall:firewall-create' %}">Create new firewall</a> | 
     <a href="{% url 'firewall:firewall-addressgroup-list' %}">Address Group</a> | 
     <a href="{% url 'firewall:firewall-networkgroup-list' %}">Network Group</a> | 
-    <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a>
+    <a href="{% url 'firewall:firewall-portgroup-list' %}">Port Group</a> | 
+    <a href="{% url 'firewall:firewall-zones' %}">Zones</a>
 </p>
 
 
-
-<h3>Create new zone</h3>
-
-<form action="{% url 'firewall:firewall-zones-add' %}" method="post">
-    {% csrf_token %}
-  
-    <p>
-        <label for="alias">name</label><br>
-        <input type="text" name="name" id="name" value="" size="60">
-    </p>    
-
-    <p>
-        <label for="alias">description</label><br>
-        <input type="text" name="description" id="description" value="" size="60">
-    </p>    
-    
-    <p>
-        <label for="hostname">default action</label><br>
-        <input type="radio" name="action" id="action" value="drop" {% if firewall.defaultaction == "drop" %}checked="checked"{% endif %}> drop
-        <input type="radio" name="action" id="action" value="reject" {% if firewall.defaultaction == "accept" %}checked="checked"{% endif %}> reject        
-    </p>
-
-    <h2>Local-zone</h2>
-    <p>Local zones cannot bellong to any other interface and will be applied to the router itself.<br>
-        <input type="checkbox" name="localzone" value="1" id="localzone">
-        <label for="localzone">set as local-zone</label><br>
-    </p> 
-
-    <div id="interfacesdiv">
-    <h2>Interfaces to apply</h2>
-    {% for key, value in interfaces.items %}
-        {% if key != "loopback" %}
-            {% for ifkey, ifvalue in value.items %}
-                {% if ifkey not in interfaces_defined %}
-                    <input type="checkbox" name="interface_{{ ifkey }}" value="{{ ifkey }}" id="interface_{{ ifkey }}">
-                    <label for="interface_{{ ifkey }}">{{ key }} - {{ ifkey }}</label><br>
-                {% else %}
-                {{ key }} - {{ ifkey }} - already defined in zone {{ interfaces_zone|get_item:ifkey }} <br>
-
-                {% endif %}
-            {% endfor %}
-        {% endif %}
-    {% endfor %}
-    </div>
-
-    
-    <input type="submit" value="Add Firewall">
-</form>
-
-
-   
-<script>
-    $(document).ready(function () {                            
-        $("#localzone").change(function () {
-            if ($("#localzone").is(":checked")) {
-                $('#interfacesdiv').hide();
-            }
-            else if ($("#localzone").not(":checked")) {
-                $('#interfacesdiv').show();
-            }
-        });
-    });
-
-</script>
-
+{% if exists == True %} 
+    {% if form_added == False %}
+        <h3>Edit zone {{ zonename }}</h3>
+
+        <form action="{% url 'firewall:firewall-zones-add' %}" method="post">
+            {% csrf_token %}
+        
+            <p>
+                <label for="alias">name</label><br>
+                <input type="text" name="name" id="name" value="" size="60">
+            </p>    
+
+            <p>
+                <label for="alias">description</label><br>
+                <input type="text" name="description" id="description" value="" size="60">
+            </p>    
+            
+            <p>
+                <label for="hostname">default action</label><br>
+                <input type="radio" name="action" id="action" value="drop" {% if firewall.defaultaction == "drop" %}checked="checked"{% endif %}> drop
+                <input type="radio" name="action" id="action" value="reject" {% if firewall.defaultaction == "accept" %}checked="checked"{% endif %}> reject        
+            </p>
+
+            {% comment %}
+            <h2>Local-zone</h2>
+            <p>Local zones cannot bellong to any other interface and will be applied to the router itself.<br>
+                <input type="checkbox" name="localzone" value="1" id="localzone">
+                <label for="localzone">set as local-zone</label><br>
+            </p> 
+            {% endcomment %}
+
+
+
+        
+
+
+            <div id="interfacesdiv">
+                <h2>Interfaces to apply</h2>
+                        {% for iface in interfaces_all_names %}
+                            {% if iface.type != "loopback" %}
+                                {% if iface.vif %}
+                                    {% with iface_id="interface_"|add:iface.interface_name|add:"."|add:iface.vif iface_js="interface_"|add:iface.interface_name|add:"_"|add:iface.vif  %}
+                                        {% if iface_id not in interfaces_defined_form %}
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}">
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %}</label><br>
+                                        {% else %}
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}" disabled>
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %} belongs to another zone</label><br>                            
+                                        {% endif %}
+                                    {% endwith %}
+                                {% else %}
+                                    {% with iface_id="interface_"|add:iface.interface_name iface_js="interface_"|add:iface.interface_name %}
+                                        {% if iface_id not in interfaces_defined_form %}
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}">
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %}</label><br>
+                                        {% else %}
+                                            <input type="checkbox" name="{{ iface_id }}" value="{{ iface_id  }}" id="{{ iface_js }}" disabled>
+                                            <label for="{{ iface_id }}">{{ iface.type }} {{ iface.interface_name }}{% if iface.vif %}.{{ iface.vif }}{% endif %} belongs to another zone</label><br>
+                                        {% endif %}
+                                    {% endwith %}                    
+                                {% endif %}
+                            {% endif %}
+                        {% endfor %}
+            </div>    
+            
+
+            
+            <input type="submit" value="Add Firewall">
+        </form>
+
+
+        
+        <script>
+            $(document).ready(function () {                            
+                $("#localzone").change(function () {
+                    if ($("#localzone").is(":checked")) {
+                        $('#interfacesdiv').hide();
+                    }
+                    else if ($("#localzone").not(":checked")) {
+                        $('#interfacesdiv').show();
+                    }
+                });
+            });
+
+        </script>
+    {% endif %}
+{% endif %}
 
 
 {% endblock %}

vycontrol/firewall/templates/firewall/zones.html

@@ -25,8 +25,25 @@
 
 <h3>Firewall Zones</h3>
 
+{% if allzones %}
+
+    <table border="1" width="100%">
+    <tr>
+        <th>zone</th>
+        <th>description</th>
+    </tr>    
+    {% for zone in allzones %}
+        <tr>
+        <td><a href="{% url 'firewall:firewall-zones-edit' zone.name %}">{{ zone.name }}</a></td>
+        <td>{{ zone.description }}</td>
+        </tr>
+    {% endfor %}
+
+    </table>
+
+{% else %}
 <p>No firewall zone exists.</p>
-    
+{% endif %}    
 
 
 {% endblock %}

vycontrol/firewall/urls.py

@@ -32,6 +32,7 @@ urlpatterns = [
 
     path('zones', views.firewall_zones, name='firewall-zones'),
     path('zones/add', views.firewall_zones_add, name='firewall-zones-add'),
+    path('zones/edit<str:zonename>', views.firewall_zones_edit, name='firewall-zones-edit'),
 
 
     path('addrule/<str:firewall_name>', views.addrule, name='addrule'),

vycontrol/firewall/views.py

@@ -1584,6 +1584,14 @@ def firewall_zones(request):
                         interfaces_zone[zoneinterface] = zone
 
 
+    
+    if 'zone' in allzones:
+        allzones2 = []
+        for zone in allzones['zone']:
+            zonec = allzones['zone'][zone]
+            zonec['name'] = zone
+            allzones2.append(zonec)
+            
 
     template = loader.get_template('firewall/zones.html')
     context = { 
@@ -1592,8 +1600,8 @@ def firewall_zones(request):
         'hostname_default':                         hostname_default,
         'username':                                 request.user,
         'is_superuser' :                            is_superuser,
-        'allzones':                                 allzones,
-        'allzones_pretty':                          pprint.pformat(allzones, indent=4, width=120),
+        'allzones':                                 allzones2,
+        'allzones_pretty':                          pprint.pformat(allzones2, indent=4, width=120),
 
     }   
     return HttpResponse(template.render(context, request))
@@ -1714,3 +1722,149 @@ def firewall_zones_add(request):
     return HttpResponse(template.render(context, request))
 
 
+
+
+
+
+
+@is_authenticated
+def firewall_zones_edit(request, zonename):
+    msg = vmsg.msg()
+
+    # basic methods all views should call
+    all_instances       = vyos.instance_getall()
+    hostname_default    = vyos.get_hostname_prefered(request)
+    is_superuser        = perms.get_is_superuser(request.user)
+
+    # local methods to prepare env
+    interfaces              = vyos.get_interfaces(hostname_default)
+    interfaces_all_names    = vyos.get_interfaces_all_names(hostname_default)
+    get_firewall_zones      = vapi.get_firewall_zones(hostname_default) # get all zones since we cannot allow an interface belongs more than one zone
+    get_firewall_zone       = vapi.get_firewall_zone(hostname_default, zonename)
+    zoneinfo                = get_firewall_zone.data
+
+    if zoneinfo == None:
+        msg.add_error("Zone not exists")
+        template = loader.get_template('firewall/zones-edit.html')
+        context = { 
+            #'interfaces': interfaces,
+            'instances':                    all_instances,
+            'hostname_default':             hostname_default,
+            'username':                     request.user,
+            'is_superuser':                 is_superuser,
+            'interfaces':                   interfaces,
+            'interfaces_all_names_pretty':  pprint.pformat(interfaces_all_names, indent=4, width=120),
+            'interfaces_all_names':         interfaces_all_names,
+            'msg' :                         msg.get_all(),
+            "zoneinfo":                     zoneinfo,
+            "exists":                       False
+        }   
+        return HttpResponse(template.render(context, request))
+
+
+
+    interfaces_defined          = []
+    interfaces_defined_form     = []
+    interfaces_zone             = {}
+    allzones                    = []
+
+    if get_firewall_zones.success:
+        allzones = get_firewall_zones.data
+        if 'zone' in allzones:
+            for zone in allzones['zone']:
+                if 'interface' in allzones['zone'][zone]:
+                    for zoneinterface in allzones['zone'][zone]['interface']:
+                        interfaces_defined.append(zoneinterface)
+                        interfaces_defined_form.append("interface_" + zoneinterface)
+                        interfaces_zone[zoneinterface] = zone
+
+    # local control vars
+    valid               = False
+    localzone           = False
+
+    if request.POST.get('name', None) != None or len(zonename) > 0:
+        if len(zonename) == 0:
+            zonename = request.POST.get('name')
+            zonename = zonename.strip()
+
+        if request.POST.get('localzone', None) != None:
+            # set local-zone
+            v = vapi.set_firewall_zone_localzone(hostname_default, zonename)
+            if v.success:   
+                valid = True
+                msg.add_success("Local-zone defined")       
+            else:
+                msg.add_success("Local-zone failed to set") 
+        else:
+            # add all interfaces
+            interfaces_form = []
+            for rv in request.POST:
+                iface_form = None
+                if rv.startswith("interface_"):
+                    rvprefixlen = len("interface_")
+                    iface_form = rv[rvprefixlen:]
+                    interfaces_form.append(iface_form)
+
+                    v = vapi.set_firewall_zone_interface(hostname_default, zonename, iface_form)
+                    if v.success:   
+                        valid = True
+                        msg.add_success("Interface added to zone: " +  iface_form)
+                    else:
+                        msg.add_success("Interface not added to zone: " +  iface_form + " - "  + v.reason)
+
+            if valid == True:
+                # if editing remove localzone if set
+                pass
+
+
+        if valid == True:
+            if request.POST.get('description', None) != None:
+                zonedescription = request.POST.get('description')
+                zonedescription = zonedescription.strip()
+                if len(zonedescription) > 0:
+                    v = vapi.set_firewall_zone_description(hostname_default, zonename, zonedescription)
+                    if v.success:   
+                        valid = True
+                        msg.add_success("Description defined")
+                    else:
+                        msg.add_success("Description failed to set")
+
+            if request.POST.get('action', None) != None:
+                zoneaction = request.POST.get('action')
+                zoneaction = zonedescription.strip()
+                if zoneaction in ['drop', 'reject']:
+                    v = vapi.set_firewall_zone_defaultaction(hostname_default, zonename, zoneaction)
+                    if v.success:   
+                        valid = True
+                        msg.add_success("Default action defined")       
+                    else:
+                        msg.add_success("Default action failed to set")                        
+
+
+            msg.add_success("Zone added") 
+
+    template = loader.get_template('firewall/zones-edit.html')
+    context = { 
+        #'interfaces': interfaces,
+        'instances':                    all_instances,
+        'hostname_default':             hostname_default,
+        'username':                     request.user,
+        'is_superuser':                 is_superuser,
+        'interfaces':                   interfaces,
+        'interfaces_pretty':            pprint.pformat(interfaces, indent=4, width=120),
+        'interfaces_all_names_pretty':  pprint.pformat(interfaces_all_names, indent=4, width=120),
+        'interfaces_all_names':         interfaces_all_names,
+        'msg' :                         msg.get_all(),
+        'allzones':                     allzones,
+        'interfaces_defined':           interfaces_defined,
+        'interfaces_defined_form':      interfaces_defined_form,
+        'interfaces_zone':              interfaces_zone,
+        'form_added':                   valid,
+        "zoneinfo":                     zoneinfo,
+        "zonename":                     zonename,
+        "exists":                       True,
+
+    }   
+    return HttpResponse(template.render(context, request))
+
+

vycontrol/interface/templates/interface/index.html

@@ -6,13 +6,16 @@
 
 {% block debug %}
     {{ interfaces }}
+    {{ firewall_names }}
     {{ firewall_all }}
-    {{ interface_firewall_in }}
-    {{ interface_firewall_out }}
+    {{ interface_firewall_in_pretty }}
+    {{ interface_firewall_out_pretty }}
+    {{ interfaces_pretty }}
+    --------------
+    {{ interfaces_all_names_pretty }}
 {% endblock %}
 
 
-
 {% block content %}
 
 {% if interfaces %}
@@ -22,7 +25,46 @@
         <table border="1" width="100%">
         <tr><th>type</th><th>name</th><th>address</th><th>firewall ipv4 in</th><th>firewall ipv4 out</th></th></tr>
 
-        {% for key, value in interfaces.items %}
+
+        {% for iname in interfaces_all_names %}
+            
+            <tr>
+                <td>{{ iname.type }}</td>
+                <td>{{ iname.interface_alias }}</td>
+                <td>
+                    {% for address in iname.address %}
+                        {{ address }}<br>
+                    {% endfor %}
+                </td>
+                <td>
+                    {% if iname.type == "loopback" or iname.type == "dummy" %}
+                        -
+                    {% else %}
+                        <select id="firewall-ipv4-in" name="firewall-ipv4-in.{{ iname.type }}.{{ iname.interface_alias }}"><option value="--remove--">None</option>
+                        {% for fname in firewall_names %}    
+                            <option value="{{ fname }}" {% if iname.firewall_in == fname %}selected="selected"{% endif %} >{{ fname }}</option>
+                        {% endfor %}
+                        </select>
+                    {% endif %}
+                </td>
+
+                <td>
+                    {% if iname.type == "loopback" or iname.type == "dummy" %}
+                        -
+                    {% else %}
+                        <select id="firewall-ipv4-out" name="firewall-ipv4-out.{{ iname.type }}.{{ iname.interface_alias }}"><option value="--remove--">None</option>
+                        {% for fname in firewall_names %}    
+                            <option value="{{ fname }}" {% if iname.firewall_out == fname %}selected="selected"{% endif %} >{{ fname }}</option>
+                        {% endfor %}
+                        </select>
+                    {% endif %}
+                </td>
+
+            </tr>
+        {% endfor %}
+
+        {% comment %}
+        {% for key, value in interfaces_all_names.items %}
             <tr>
                 
                 <td>{{ key }} </td>
@@ -62,6 +104,8 @@
             {% endfor %}
             </tr>
         {% endfor %}
+        {% endcomment %}
+
 
         </table>
 

vycontrol/interface/views.py

@@ -10,6 +10,7 @@ from django.template.defaultfilters import register
 import vyos
 from perms import is_authenticated
 import perms
+import vycontrol_vyos_api as vapi
 
 
 from config.models import Instance
@@ -23,19 +24,32 @@ def get_item(dictionary, key):
 
 @is_authenticated    
 def index(request):
-       
+    
     hostname_default = vyos.get_hostname_prefered(request)
     all_instances = vyos.instance_getall()
     firewall_all = vyos.get_firewall_all(hostname_default)
     interfaces = vyos.get_interfaces(hostname_default)
     is_superuser = perms.get_is_superuser(request.user)
+    interfaces_all_names    = vyos.get_interfaces_all_names(hostname_default)
 
     interface_firewall_in = {}
     interface_firewall_out = {}
 
+    interface_address = {}
+    firewall_names = []
+
+
+    # set interface_alias in format eth0 if has not vif and eth0.vlan if has vlan
+    for iname in interfaces_all_names:
+        if 'vif' in iname:
+            iname['interface_alias'] = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
+        else:
+            iname['interface_alias'] = iname['interface_name']
+
+
+    # create firewall_in and firewall_out vars
     for interface_type in interfaces:
         for interface_name in interfaces[interface_type]:
-            pprint.pprint(interface_name)
             try:
                 interface_firewall_in[interface_name] = interfaces[interface_type][interface_name]['firewall']['in']['name']
             except:
@@ -45,69 +59,152 @@ def index(request):
             except:
                 pass
 
+            if interface_name not in interface_address:
+                interface_address[interface_name] = []
+            try:
+                interface_address[interface_name].append(interfaces[interface_type][interface_name]['address'])
+            except:
+                pass
+
+
+            if 'vif' in interfaces[interface_type][interface_name]:
+                for vif in interfaces[interface_type][interface_name]['vif']:
+                    interface_name_full = "{interface_name}.{vif}".format(interface_name=interface_name, vif=vif)
+                    try:
+                        interface_firewall_in[interface_name_full] = interfaces[interface_type][interface_name]['vif'][vif]['firewall']['in']['name']
+                    except:
+                        pass
+                    try:
+                        interface_firewall_out[interface_name_full] = interfaces[interface_type][interface_name]['vif'][vif]['firewall']['out']['name']
+                    except:
+                        pass
+
+                    if interface_name_full not in interface_address:
+                        interface_address[interface_name_full] = []
+                    try:
+                        interface_address[interface_name_full].append(interfaces[interface_type][interface_name]['vif'][vif]['address'])
+                    except:
+                        pass
+
+
+    # put all information in a single var: interface_all_names
+    for iname in interfaces_all_names:
+        if 'vif' in iname:
+            ialias = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
+        else:
+            ialias = iname['interface_name']
+
+        if ialias in interface_firewall_out:
+            iname['firewall_out'] = interface_firewall_out[ialias]
+
+        if ialias in interface_firewall_in:
+            iname['firewall_in'] = interface_firewall_in[ialias]
+
+        if ialias in interface_address:
+            iname['address'] = interface_address[ialias]
+
+
+    if 'name' in firewall_all:
+        for fname in firewall_all['name']:
+            firewall_names.append(fname)
+
+    # create a dict
+    interfaces_all_names_dict = {}
+    for iname in interfaces_all_names:
+        if 'vif' in iname:
+            ialias = "{interface_name}.{vif}".format(interface_name=iname['interface_name'], vif=iname['vif'])
+        else:
+            ialias = iname['interface_name']
+
+        interfaces_all_names_dict[ialias] = iname
+
+
+
     fw_changed = False
     for el in request.POST:
-        pprint.pprint(request.POST)
- 
-        if el.startswith('firewall-ipv4-in') and request.POST[el]:
+        interface_vif = None
+
+        if el.startswith('firewall-ipv4-in'):
             pos = el.split(".")
             
             interface_type = pos[1]
             interface_name = pos[2]
+
+            if len(pos) >= 4:
+                interface_vif = pos[3]
+                ialias = "{interface_name}.{vif}".format(interface_name=interface_name, vif=interface_vif)
+            else:
+                ialias = interface_name
+
+
             firewall_name = request.POST[el]
             if firewall_name == "--remove--":
-                result1 = vyos.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in")         
+                if 'firewall_in' in interfaces_all_names_dict[ialias]:
+                    v = vapi.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", interface_vif)
+                    #print("@@@@@@@@@@@@@@@@@ in delete", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
+                else:
+                    pass
+                    #print("@@@@@ not 1", interfaces_all_names_dict[ialias], firewall_name)
             else:
-                result1 = vyos.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", firewall_name)         
+                if 'firewall_in' not in interfaces_all_names_dict[ialias] or interfaces_all_names_dict[ialias]['firewall_in'] != firewall_name:
+                    v = vapi.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)         
+                    #print("@@@@@@@@@@@@@@@@@ in add", hostname_default, interface_type, interface_name, "in", firewall_name, interface_vif)
+                else:
+                    pass
+                    #print("@@@@@ not 2", interfaces_all_names_dict[ialias], firewall_name )
 
-            pprint.pprint(result1)  
             fw_changed = True
-        elif el.startswith('firewall-ipv4-out') and request.POST[el]:
+        elif el.startswith('firewall-ipv4-out'):
+
             pos = el.split(".")
             
             interface_type = pos[1]
             interface_name = pos[2]
+            if len(pos) >= 4:
+                interface_vif = pos[3]
+                ialias = "{interface_name}.{vif}".format(interface_name=interface_name, vif=interface_vif)
+            else:
+                ialias = interface_name                
+
             firewall_name = request.POST[el]
             if firewall_name == "--remove--":
-                result1 = vyos.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out")
+                if 'firewall_out' in interfaces_all_names_dict[ialias]:
+                    v = vapi.delete_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", interface_vif)
+                    #print("@@@@@@@@@@@@@@@@@ out delete", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
+                else:
+                    #print("@@@@@ not 3", interfaces_all_names_dict[ialias], firewall_name)                    
+                    pass
             else:
-                result1 = vyos.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", firewall_name)
-            pprint.pprint(result1)              
+                if 'firewall_out' not in interfaces_all_names_dict[ialias] or interfaces_all_names_dict[ialias]['firewall_out'] != firewall_name:
+                    v = vapi.set_interface_firewall_ipv4(hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
+                    #print("@@@@@@@@@@@@@@@@@ out add", hostname_default, interface_type, interface_name, "out", firewall_name, interface_vif)
+                else:
+                    #print("@@@@@ not 4", interfaces_all_names_dict[ialias], firewall_name)
+                    pass
+
             fw_changed = True
             
     if fw_changed == True:
         return redirect('interface:interface-list')
 
-    """
-   if 'name' in request.POST:
-        
-        result1 = vyos.set_config(hostname_default, cmd)
-        print(result1)
-
-        if 'description' in request.POST:
-            cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "description", request.POST['description']]}
-            result2 = vyos.set_config(hostname_default, cmd)
-            print(result2)
-
-        if 'action' in request.POST:
-            cmd = {"op": "set", "path": ["firewall", "name", request.POST['name'], "default-action", request.POST['action']]}
-            result3 = vyos.set_config(hostname_default, cmd)
-            print(result3)
-
-        return redirect('firewall:firewall-list')
-    """
 
 
     template = loader.get_template('interface/index.html')
     context = {
-        'interfaces': interfaces,
-        'instances': all_instances,
-        'hostname_default': hostname_default,
-        'firewall_all' : firewall_all,
-        'interface_firewall_in' : interface_firewall_in,
-        'interface_firewall_out' : interface_firewall_out,
-        'username': request.user,   
-        'is_superuser' : is_superuser,     
+        'interfaces':                               interfaces,
+        'interfaces_pretty':                        pprint.pformat(interfaces, indent=4, width=120),
+        'interfaces_all_names':                     interfaces_all_names,
+        'interfaces_all_names_pretty':              pprint.pformat(interfaces_all_names, indent=4, width=120),
+        'instances':                                all_instances,
+        'hostname_default':                         hostname_default,
+        'firewall_all' :                            firewall_all,
+        'firewall_names' :                          firewall_names,
+        'interface_firewall_in' :                   interface_firewall_in,
+        'interface_firewall_out' :                  interface_firewall_out,
+        'interface_firewall_in_pretty' :            pprint.pformat(interface_firewall_in, indent=4, width=120),
+        'interface_firewall_out_pretty' :           pprint.pformat(interface_firewall_out, indent=4, width=120),
+        'username':                                 request.user,   
+        'is_superuser' :                            is_superuser,     
     }
     return HttpResponse(template.render(context, request))
 

vycontrol/vycontrol_vyos_api.py

@@ -425,3 +425,57 @@ def get_firewall_zones(hostname):
     )
     return v
 
+
+def get_firewall_zone(hostname, zone):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "get",
+        op =        "showConfig",
+        cmd =       ["zone-policy", "zone", zone],
+        description = "get_firewall_zone",
+    )
+    return v
+
+
+def set_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, firewall_name, vif=None):
+    if vif == None:
+        v = vapilib.api (
+            hostname=   hostname,
+            api =       "post",
+            op =        "set",
+            cmd =       ["interfaces", interface_type, interface_name, "firewall", direction, "name", firewall_name],
+            description = "set_interface_firewall_ipv4",
+        )
+    else:
+        v = vapilib.api (
+            hostname=   hostname,
+            api =       "post",
+            op =        "set",
+            cmd =       ["interfaces", interface_type, interface_name, "vif", vif, "firewall", direction, "name", firewall_name],
+            description = "set_interface_firewall_ipv4",
+        )
+    return v    
+
+def delete_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, vif=None):
+    if vif == None:
+        v = vapilib.api (
+            hostname=   hostname,
+            api =       "post",
+            op =        "delete",
+            cmd =       ["interfaces", interface_type, interface_name, "firewall", direction],
+            description = "delete_interface_firewall_ipv4",
+        )
+    else:
+        v = vapilib.api (
+            hostname=   hostname,
+            api =       "post",
+            op =        "delete",
+            cmd =       ["interfaces", interface_type, interface_name, "vif", vif, "firewall", direction],
+            description = "delete_interface_firewall_ipv4",
+        )
+    return v    
+
+
+
+
+

vycontrol/vyos.py

@@ -148,19 +148,7 @@ def get_firewall_all(hostname):
 
     return nfirewall_list
 
-def set_interface_firewall_ipv4(hostname, interface_type, interface_name, direction, firewall_name):
-    cmd = {"op": "set", "path": ["interfaces", interface_type, interface_name, "firewall", direction, "name", firewall_name]}
-    post = {'key': get_key(hostname), 'data': json.dumps(cmd)}
-
-    success = api_set(hostname, cmd)
-    return success
-
-def delete_interface_firewall_ipv4(hostname, interface_type, interface_name, direction):
-    cmd = {"op": "delete", "path": ["interfaces", interface_type, interface_name, "firewall", direction]}
-    post = {'key': get_key(hostname), 'data': json.dumps(cmd)}
-
-    success = api_set(hostname, cmd)
-    return success    
+  
 
 def get_interfaces(hostname):
     cmd = {"op": "showConfig", "path": ["interfaces"]}