set firewall name <name> rule <1-9999> tcp flags <text> #57

vycontrol/firewall/templates/firewall/addrule.html

@@ -219,6 +219,49 @@
 
     </div>
 
+    <h3 class="matching_criteria" id="criteria_tcpflags_header" style="display: none"><input type="checkbox" id="criteria_tcpflags" value="1" name="criteria_tcpflags"> <label for="criteria_tcpflags" class="label_for_h3">Matching criteria - TCP Flags</label></h3>    
+    <div class="container" id="criteria_tcpflags_block" style="display: none">
+        <div class="row">
+            <div class="col">
+                <table width="100%">
+                    <tr>
+                        <th>Allow flag</th>
+                        <th>Negate flag</th>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_syn" id="tcpflags_syn" value="1"> SYN</td>
+                        <td><input type="checkbox" name="tcpflags_isyn" id="tcpflags_isyn" value="1"> !SYN</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_ack" id="tcpflags_ack" value="1"> ACK</td>
+                        <td><input type="checkbox" name="tcpflags_iack" id="tcpflags_iack" value="1"> !ACK</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_fin" id="tcpflags_fin" value="1"> FIN</td>
+                        <td><input type="checkbox" name="tcpflags_ifin" id="tcpflags_ifin" value="1"> !FIN</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_rst" id="tcpflags_rst" value="1"> RST</td>
+                        <td><input type="checkbox" name="tcpflags_irst" id="tcpflags_irst" value="1"> !RST</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_urg" id="tcpflags_urg" value="1"> URG</td>
+                        <td><input type="checkbox" name="tcpflags_iurg" id="tcpflags_iurg" value="1"> !URG</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_psh" id="tcpflags_psh" value="1"> PSH</td>
+                        <td><input type="checkbox" name="tcpflags_ipsh" id="tcpflags_ipsh" value="1"> !PSH</td>
+                    </tr>
+                    <tr>
+                        <td><input type="checkbox" name="tcpflags_all" id="tcpflags_all" value="1"> ALL</td>
+                        <td><input type="checkbox" name="tcpflags_iall" id="tcpflags_iall" value="1"> !ALL</td>
+                    </tr>                        
+                </table>
+            </div>
+
+        </div>
+    </div>
+
     <h3 class="matching_criteria"><input type="checkbox" id="criteria_address" value="1" name="criteria_address"> <label for="criteria_address" class="label_for_h3">Matching criteria - address</label></h3>
     <div class="container" id="criteria_address_block" style="display: none">
 
@@ -379,48 +422,6 @@
 
     </div>
 
-    <h3 class="matching_criteria"><input type="checkbox" id="criteria_tcpflags" value="1" name="criteria_tcpflags"> <label for="criteria_tcpflags" class="label_for_h3">Matching criteria - TCP Flags</label></h3>    
-    <div class="container" id="criteria_tcpflags_block" style="display: none">
-        <div class="row">
-            <div class="col">
-                <table width="100%">
-                    <tr>
-                        <th>Allow flag</th>
-                        <th>Negate flag</th>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="SYN"> SYN</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!SYN"> !SYN</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="ACK"> ACK</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!ACK"> !ACK</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="FIN"> FIN</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!FIN"> !FIN</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="RST"> RST</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!RST"> !RST</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="URG"> URG</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!URG"> !URG</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="PSH"> PSH</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!PSH"> !PSH</td>
-                    </tr>
-                    <tr>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="ALL"> ALL</td>
-                        <td><input type="checkbox" name="tcpflags" id="tcpflags" value="!ALL"> !ALL</td>
-                    </tr>                        
-                </table>
-            </div>
-
-        </div>
-    </div>
 
     <h3 class="matching_criteria"><input type="checkbox" id="criteria_packetstate" value="1" name="criteria_packetstate"> <label for="criteria_packetstate" class="label_for_h3">Matching criteria - Packet State</label></h3>    
     <div class="container" id="criteria_packetstate_block" style="display: none">
@@ -466,6 +467,16 @@
             } else {
                 $("#criteria_port_block_header").show("highlight", {color: '#FBE28A'}, 2000);
             }
+
+            if (['tcp', 'tcp_udp'].includes(protocol_criteria) == false) {
+                $("#criteria_tcpflags_header").hide();
+                $("#criteria_tcpflags_block").hide();
+            } else {
+                $("#criteria_tcpflags_header").show("highlight", {color: '#FBE28A'}, 2000);
+            }
+            
+
+
         });
 
         $("#criteria_protocol").change(function () {

vycontrol/firewall/views.py

@@ -391,14 +391,65 @@ def addrule(request, firewall_name):
                         )
                         if v.success:
                             changed = True
-                     
+
+            # if criteria_tcpflags set, save it
+            if request.POST.get('criteria_tcpflags', None) == "1":
+                tcpflags = []
+                
+                if request.POST.get('tcpflags_syn', None) == "1":
+                    tcpflags.append('SYN')
+                if request.POST.get('tcpflags_isyn', None) == "1":
+                    tcpflags.append('!SYN')                        
+                
+                if request.POST.get('tcpflags_ack', None) == "1":
+                    tcpflags.append('ACK')
+                if request.POST.get('tcpflags_iack', None) == "1":
+                    tcpflags.append('!ACK')
+
+                if request.POST.get('tcpflags_fin', None) == "1":
+                    tcpflags.append('FIN')
+                if request.POST.get('tcpflags_ifin', None) == "1":
+                    tcpflags.append('!FIN')                        
+                
+                if request.POST.get('tcpflags_rst', None) == "1":
+                    tcpflags.append('RST')
+                if request.POST.get('tcpflags_irst', None) == "1":
+                    tcpflags.append('!RST')
+
+                if request.POST.get('tcpflags_urg', None) == "1":
+                    tcpflags.append('URG')
+                if request.POST.get('tcpflags_iurg', None) == "1":
+                    tcpflags.append('!URG')                        
+
+                if request.POST.get('tcpflags_psh', None) == "1":
+                    tcpflags.append('PSH')
+                if request.POST.get('tcpflags_ipsh', None) == "1":
+                    tcpflags.append('!PSH')                        
+
+                if request.POST.get('tcpflags_all', None) == "1":
+                    tcpflags.append('ALL')
+                if request.POST.get('tcpflags_iall', None) == "1":
+                    tcpflags.append('!ALL')                                                
+
+                vyos2.log("tcp flags", tcpflags)
+
+                if len(tcpflags) > 0:
+                    tcpflags_txt = ",".join(tcpflags)
+                    v = vyos2.api (
+                        hostname=   hostname_default,
+                        api =       "post",
+                        op =        "set",
+                        cmd =       ["firewall", "name", firewall_name, "rule", request.POST.get('rulenumber'), "tcp", "flags", tcpflags_txt],
+                        description = "set criteria_tcpflags",
+                    )
+                    if v.success:
+                        changed = True
+
+                    
                 # if criteria_portgroup set, save it
-                if request.POST.get('criteria_portgroup', None) == "1":
-                    pass
+                #if request.POST.get('criteria_portgroup', None) == "1":
+                #    pass
 
-                # if criteria_tcpflags set, save it
-                if request.POST.get('criteria_tcpflags', None) == "1":
-                    pass
 
     if changed == True:
         return redirect('firewall:show', firewall_name)