edit firewall rules

README.md

@@ -14,8 +14,11 @@ in alpha stage we're going to provide just essential device config, interfaces a
 
 ### firewall module
 * basic firewall rules creation proof of concept - done
-* list firewall rules - done
-* crud firewall - todo
+* basic list firewall rules - done
+* basic add firewall rules - done
+* basic edit firewall rules - done
+* change firewall rules order - todo
+* delete firewall rules - todo
 
 ## other modules - todo
 * ospf

vycenter/firewall/templates/firewall/editrule.html

@@ -0,0 +1,90 @@
+{% extends "base.html" %}
+
+
+
+
+{% block header_title %}Firewall Dashboard{% endblock %}
+{% block section_title %}Firewall Dashboard{% endblock %}
+
+{% block debug %}
+{{ firewall }}
+{{ firewall_name }}
+{{ firewall_rulenumber }}
+{{ firewall_rule }}
+{% endblock %}
+
+{% block content %}
+
+
+
+
+{% if firewall %}
+    <table border="1" width="100%">
+    <tr><th>rule #</th><th>description</th><th>protocol</th><th>destination port</th><th>source port</th><th>action</th></tr>
+
+    {% for key, value in firewall.items %}
+        
+        {% for ifkey, ifvalue in value.items %}
+            <tr>
+            <td><a href="{% url 'firewall:editrule' firewall_name ifkey %}">{{ ifkey }}</a></td>
+            <td>{{ ifvalue.description }}</td>
+            <td>{{ ifvalue.protocol }}</td>
+            <td>{{ ifvalue.destination.port }}</td>
+            <td>{{ ifvalue.source.port }}</td>
+            <td>{{ ifvalue.action }}</td>                        
+            </tr>
+        {% endfor %}
+        
+    {% endfor %}
+
+    </table>
+{% else %}
+    <p>No firewalls.</p>
+{% endif %}
+
+
+
+<h2>Edit rule</h2>
+
+<form action="{% url 'firewall:editrule' firewall_name firewall_rulenumber %}" method="post">
+    {% csrf_token %}
+    
+    <p>
+        <label for="alias">rule number</label><br>
+        <input type="text" name="rulenumber" id="rulenumber" value="{{ firewall_rulenumber }}" size="5" disabled>
+    </p>
+    
+    <p>
+        <label for="hostname">action</label><br>
+        <input type="radio" name="action" id="action" value="accept" {% if firewall_rule.action == "accept" %}checked="checked"{% endif %}> accept
+        <input type="radio" name="action" id="action" value="drop" {% if firewall_rule.action == "drop" %}checked="checked"{% endif %}> drop
+        <input type="radio" name="action" id="action" value="reject" {% if firewall_rule.action == "reject" %}checked="checked"{% endif %}> reject        
+    </p>
+
+    <p>
+        <label for="hostname">protocol</label><br>
+        <input type="radio" name="protocol" id="protocol" value="tcp" {% if firewall_rule.protocol == "tcp" %}checked="checked"{% endif %}> tcp
+        <input type="radio" name="protocol" id="protocol" value="udp" {% if firewall_rule.protocol == "udp" %}checked="checked"{% endif %}> udp
+    </p>   
+    
+    <p>
+        <label for="alias">destination port</label><br>
+        <input type="text" name="destinationport" id="destinationport" value="{{ firewall_rule.destination.port }}" size="5">
+    </p>
+    
+    <p>
+        <label for="alias">source port</label><br>
+        <input type="text" name="sourceport" id="sourceport" value="{{ firewall_rule.source.port }}" size="5">
+    </p>    
+    
+    
+    <input type="submit" value="Edit Rule">
+    </form>
+
+    
+
+
+{% endblock %}
+
+
+

vycenter/firewall/templates/firewall/show.html

@@ -20,7 +20,7 @@
         
         {% for ifkey, ifvalue in value.items %}
             <tr>
-            <td><a href="{% url 'firewall:show' ifkey %}">{{ ifkey }}</a></td>
+            <td><a href="{% url 'firewall:editrule' firewall_name ifkey %}">{{ ifkey }}</a></td>
             <td>{{ ifvalue.description }}</td>
             <td>{{ ifvalue.protocol }}</td>
             <td>{{ ifvalue.destination.port }}</td>

vycenter/firewall/urls.py

@@ -9,6 +9,8 @@ urlpatterns = [
     path('', views.index, name='firewall-list'),
     path('show/<str:firewall_name>', views.show, name='show'),
     path('addrule/<str:firewall_name>', views.addrule, name='addrule'),
+    path('editrule/<str:firewall_name>/<str:firewall_rulenumber>', views.editrule, name='editrule'),
+
 ]
 
 

vycenter/firewall/views.py

@@ -86,3 +86,59 @@ def addrule(request, firewall_name):
     return HttpResponse(template.render(context, request))
 
 
+
+
+
+
+
+def editrule(request, firewall_name, firewall_rulenumber):
+    #interfaces = vyos.get_interfaces()
+    all_instances = vyos.instance_getall()
+    hostname_default = vyos.get_hostname_prefered(request)
+
+    firewall = vyos.get_firewall(hostname_default, firewall_name)
+    firewall_rule = vyos.get_firewall_rule(hostname_default, firewall_name, firewall_rulenumber)
+
+    changed = False
+
+    if 'action' in request.POST:
+        cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "rule", firewall_rulenumber, "action", request.POST['action']]}
+        result1 = vyos.set_config(hostname_default, cmd)
+        print(result1)
+        changed = True
+
+    if 'protocol' in request.POST:
+        cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "rule", firewall_rulenumber, "protocol", request.POST['protocol']]}
+        result2 = vyos.set_config(hostname_default, cmd)
+        print(result2)
+        changed = True
+
+    if 'destinationport' in request.POST:
+        cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "rule", firewall_rulenumber, "destination", "port", request.POST['destinationport']]}
+        result3 = vyos.set_config(hostname_default, cmd)
+        print(result3)
+        changed = True
+
+    if 'sourceport' in request.POST:
+        cmd = {"op": "set", "path": ["firewall", "name", firewall_name, "rule", firewall_rulenumber, "source", "port", request.POST['sourceport']]}
+        result3 = vyos.set_config(hostname_default, cmd)
+        print(result3)
+        changed = True        
+
+    if changed == True:
+        return redirect('firewall:firewall-list')
+
+
+    template = loader.get_template('firewall/editrule.html')
+    context = { 
+        #'interfaces': interfaces,
+        'instances': all_instances,
+        'hostname_default': hostname_default,
+        'firewall':  firewall,
+        'firewall_name': firewall_name,
+        'firewall_rule': firewall_rule,
+        'firewall_rulenumber' : firewall_rulenumber
+    }  
+    return HttpResponse(template.render(context, request))
+
+

vycenter/vycenter/templates/base.html

@@ -84,6 +84,10 @@
     #central {
       font-size: 12px;
     }
+    
+    #rulenumber:disabled {
+        background-color: #ddd;
+    }
 
     </style>
   </head>

vycenter/vyos.py

@@ -255,6 +255,42 @@ def get_firewall(hostname, name):
     return result1['data']
 
 
+
+def get_firewall_rule(hostname, name, rulenumber):
+    cmd = {"op": "showConfig", "path": ["firewall", "name", name, "rule", rulenumber]}
+
+    print(json.dumps(cmd))
+    post = {'key': get_key(hostname), 'data': json.dumps(cmd)}
+    print(post)
+
+
+    try:
+        resp = requests.post(get_url_retrieve(hostname), verify=False, data=post, timeout=15)
+    except requests.exceptions.ConnectionError:
+        return False
+
+    print(resp.status_code)
+    pprint.pprint(resp)
+
+    pprint.pprint(resp.json())
+
+
+    if resp.status_code != 200:
+        # This means something went wrong.
+        #raise ApiError('POST /tasks/ {}'.format(resp.status_code))
+        return "erro"
+    #for todo_item in resp.json():
+        #print('{} {}'.format(todo_item['id'], todo_item['summary']))
+
+    result1 = resp.json()
+    print(result1['data'])
+    #result2 = json.loads(result1['data'])
+    pprint.pprint(result1)
+
+    return result1['data']
+
+
+
 def set_config(hostname, cmd):
     print(json.dumps(cmd))
     post = {'key': get_key(hostname), 'data': json.dumps(cmd)}