done add msg feature to firewall addrule/editrule to increase user msg output #96

vycontrol/firewall/templates/firewall/editrule.html

@@ -31,20 +31,6 @@
 
 
 
-
-{% comment %}
-<script type="text/javascript">
-    var firewall_networkgroup_data = '{{firewall_networkgroup_js|safe}}';
-    console.log(firewall_networkgroup_data);
-
-    var firewall_addressgroup_data = '{{firewall_addressgroup_js|safe}}';
-    console.log(firewall_addressgroup_data);    
-
-    var netservices_js = '{{netservices_js|safe}}';
-    console.log(netservices_js);   
-</script>
-{% endcomment %}
-
 <script type="text/javascript">
     var ruledata_js = JSON.parse('{{ruledata_json|safe}}');
 </script>
@@ -330,7 +316,7 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="saddressgroup">single choice - you cannot set a group and an adresss together</label><br>
+                    <label for="saddressgroup"><b>source address group</b><br>single choice<br>can't mix group and an adresss together</label><br>
                     <select name="saddressgroup" id="saddressgroup" size="10"  style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option value="{{ f }}">{{ f }}</option>
@@ -338,14 +324,14 @@
                     </select>
 
                     <br>
-                    <input type="button" id="saddressgroup_clear" value="limpar">
+                    <input type="button" id="saddressgroup_clear" value="clear">
                 </p>
 
             </div>
 
             <div class="col">
                 <p>
-                    <label for="daddressgroup">single choice - you cannot set a group and an adresss together</label><br>
+                    <label for="daddressgroup"><b>destination address group</b><br>single choice<br>can't mix group and an adresss together</label><br>
                     <select name="daddressgroup" id="daddressgroup" size="10" style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option value="{{ f }}">{{ f }}</option>
@@ -353,8 +339,7 @@
                     </select>
 
                     <br>
-                    <input type="button" id="daddressgroup_clear" value="limpar">
-
+                    <input type="button" id="daddressgroup_clear" value="clear">
                 </p>
 
 
@@ -368,27 +353,32 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="snetworkgroup">select at most one source network-group (can't mix destination address group and address)</label><br>
+                    <label for="snetworkgroup"><b>source network group</b><br>single choice<br>can't mix destination address group and address</label><br>
                     <select name="snetworkgroup" id="snetworkgroup" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
-                        <option>{{ f }}</option>
+                        <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}
                     </select>
+
+                    <br>
+                    <input type="button" id="snetworkgroup_clear" value="clear">
                 </p>         
                 
             </div>
 
             <div class="col">
                 <p>
-                    <label for="dnetworkgroup">select at most one destination network-group (can't mix destination address group and address)</label><br>
+                    <label for="dnetworkgroup"><b>destination network group</b><br>single choice<br>can't mix destination address group and address</label><br>
                     <select name="dnetworkgroup" id="dnetworkgroup" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
-                        <option>{{ f }}</option>
+                        <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}
                     </select>
+              
+                    <br>
+                    <input type="button" id="dnetworkgroup_clear" value="clear">
                 </p>
 
-
           </div>
         </div>
 
@@ -399,24 +389,30 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdportgroup_source">source port group (single choice and can't mix source port group and port)</label><br>
-                    <select name="sdportgroup_source" id="sdportgroup_source" size="10" style="width: 200px;">
-                        {% for f in portgroups_groups %}
+                    <label for="sportgroup"><b>source port group</b><br>single choice<br>can't mix source port group and port</label><br>
+                    <select name="sportgroup" id="sportgroup" size="10" style="width: 200px;">
+                        {% for f in firewall_portgroup %}
                         <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}
                     </select>
+
+                    <br>
+                    <input type="button" id="sportgroup_clear" value="clear">
                 </p>
 
             </div>
 
             <div class="col">
                 <p>
-                    <label for="sdportgroup_destination">destination port group (single choice and can't mix destination port group and port)</label><br>
-                    <select name="sdportgroup_destination" id="sdportgroup_destination" size="10" style="width: 200px;">
-                        {% for f in portgroups_groups %}
+                    <label for="dportgroup"><b>destination port group</b><br>single choice<br>can't mix destination port group and port</label><br>
+                    <select name="dportgroup" id="dportgroup" size="10" style="width: 200px;">
+                        {% for f in firewall_portgroup %}
                         <option value="{{ f }}">{{ f }}</option>
                         {% endfor %}
                     </select>
+
+                    <br>
+                    <input type="button" id="dportgroup_clear" value="clear">
                 </p>
 
 
@@ -742,7 +738,23 @@
 
         $('#saddressgroup_clear').click(function() {
             $('#saddressgroup').val([]);
-        });                     
+        });          
+
+        $('#dnetworkgroup_clear').click(function() {
+            $('#dnetworkgroup').val([]);
+        });     
+
+        $('#snetworkgroup_clear').click(function() {
+            $('#snetworkgroup').val([]);
+        });                             
+
+        $('#dportgroup_clear').click(function() {
+            $('#dportgroup').val([]);
+        });     
+
+        $('#sportgroup_clear').click(function() {
+            $('#sportgroup').val([]);
+        });                             
 
         
 
@@ -904,11 +916,11 @@
             if ($.inArray("destination", ruledata_js)) {
     
                 if ($.inArray("group", ruledata_js["destination"])) {
-                    console.log("destination group");
+                    /* console.log("destination group"); */
                     if (ruledata_js["destination"] && ruledata_js["destination"]['group']) {
                         for (g in ruledata_js["destination"]["group"]) {
                             group_text = ruledata_js["destination"]["group"][g];
-                            // console.log(g + " = ", group_text)
+                            /* console.log(g + " = ", group_text) */
 
                             if (g == "address-group") {
                                 criteria_addressgroup_count++;
@@ -918,7 +930,7 @@
                                 $("#dnetworkgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "port-group") {
                                 criteria_portgroup_count++;
-                                $("#sdportgroup_destination option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#dportgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             }                                                
                         }
                     }                
@@ -926,12 +938,11 @@
             }
             if ($.inArray("source", ruledata_js)) {          
                 if ($.inArray("group", ruledata_js["source"])) {
-                    console.log("source group");
+                    /* console.log("source group"); */
                     if (ruledata_js["source"] && ruledata_js["source"]['group']) {
                         for (g in ruledata_js["source"]["group"]) {
                             group_text = ruledata_js["source"]["group"][g];
-                            console.log(g + " = ", group_text)
-
+                            /* console.log(g + " = ", group_text) */
                             if (g == "address-group") {
                                 criteria_addressgroup_count++;
                                 $("#saddressgroup option[value='" + group_text + "']").prop("selected", 'selected');
@@ -940,7 +951,7 @@
                                 $("#snetworkgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             } else if (g == "port-group") {
                                 criteria_networkgroup_count++;
-                                $("#sdportgroup_source option[value='" + group_text + "']").prop("selected", 'selected');
+                                $("#sportgroup option[value='" + group_text + "']").prop("selected", 'selected');
                             }   
                         }
                     }
@@ -953,9 +964,9 @@
             }
 
             if (criteria_networkgroup_count > 0) {
-                $("#criteria_networkroup").prop("checked", true);
-                $("#criteria_networkroup_block").show(); 
-                $("#criteria_networkroup").hide();
+                $("#criteria_networkgroup").prop("checked", true);
+                $("#criteria_networkgroup_block").show(); 
+                $("#criteria_networkgroup").hide();
             }            
 
             if (criteria_portgroup_count > 0) {
@@ -981,6 +992,8 @@
                     $('#smac_source').val(macaddr);
                     $("#criteria_sourcemac").prop("checked", true);
                     $("#criteria_sourcemac_block").show(); 
+                    $("#criteria_sourcemac").hide(); 
+
                     console.log(macaddr);
                 }
             }

vycontrol/firewall/views.py

@@ -129,35 +129,26 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
 
     # get all firewall groups
     firewall_group = {}
+    changed = False
+    rulenumber_valid = False
+    ruledata = {}
+            
     firewall_group['network-group'] = {}
     firewall_group['address-group'] = {}
     firewall_group['port-group'] = {}
+
     firewall_group_raw = vapi.get_firewall_group(hostname_default)
     if firewall_group_raw.success:
         if 'network-group' in firewall_group_raw.data:
-            for g in firewall_group_raw.data['network-group']:
-                firewall_group['network-group'][g] = firewall_group_raw.data['network-group'][g]
+            firewall_group['network-group'] = firewall_group_raw.data['network-group']
 
         if 'address-group' in firewall_group_raw.data:
-            for g in firewall_group_raw.data['address-group']:
-                firewall_group['address-group'][g] = firewall_group_raw.data['address-group'][g]
+            firewall_group['address-group'] = firewall_group_raw.data['address-group']
 
         if 'port-group' in firewall_group_raw.data:
-            for g in firewall_group_raw.data['port-group']:
-                firewall_group['port-group'][g] = firewall_group_raw.data['port-group'][g]
-
-
-
+            firewall_group['port-group'] = firewall_group_raw.data['port-group']
+    
     netservices = network.get_services()
-    netservices_js = json.dumps(netservices)
-
-    portgroups_groups = []
-    if 'port-group' in firewall_group_raw.data:
-        portgroups_groups = firewall_group_raw.data['port-group']
-
-    changed = False
-    rulenumber_valid = False
-    ruledata = {}
 
     # edit rule without valid rulenumber
     if mode == "editrule":
@@ -669,130 +660,286 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
             else:
                 msg.add_error("Criteria Destination Address Group: updated failed - " + v.reason)         
 
+    ###############################################################################################################################################################
+    # update criteria_networkgroup
+    if request.POST.get('criteria_networkgroup', None) == "1":
+    
+        # source group
+        if request.POST.get('snetworkgroup', None) != None:              
+            snetworkgroup = request.POST.get('snetworkgroup').strip()
+        else:
+            snetworkgroup = ''
+
+        snetworkgroup_ruledata = ''
+        if 'source' in ruledata:
+            if 'group' in ruledata['source']:
+                if 'network-group' in ruledata['source']['group']:
+                    snetworkgroup_ruledata = ruledata['source']['group']['network-group']
 
+        if len(snetworkgroup) == 0: 
+            v = vapi.set_firewall_rule_source_networkgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Network Group: delete success") 
 
-    if rulenumber_valid == True:
-        if False:
-            # verifing basic informations, should have rulenumber, status and ruleaction
-            msg.add_error("Invalid Status or Action")
-        elif False:
-            # rule created, continue to configure firewall rule according his criterias
-            if v.success:
-                
-                # if criteria_networkgroup set, save it
-                if request.POST.get('criteria_networkgroup', None) == "1":
-                    if request.POST.get('sdnetworkgroup_source', None) != None:              
-                        sdnetworkgroup_source = request.POST.get('sdnetworkgroup_source')
-                        v = vapilib.api (
-                                hostname=   hostname_default,
-                                api =       "post",
-                                op =        "set",
-                                cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "network-group", sdnetworkgroup_source],
-                                description = "set sdnetworkgroup_source",
-                        )
-                        if v.success:
-                            changed = True 
-                        else:
-                            vmsg.log("sdnetworkgroup_source", v.error)
-
-                    if request.POST.get('dnetworkgroup', None) != None:              
-                        dnetworkgroup = request.POST.get('dnetworkgroup')                    
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", dnetworkgroup],
-                            description = "set dnetworkgroup",
-                        ) 
-                        if v.success:
-                            changed = True                  
-                        else:
-                            vmsg.log("sdnetworkgroup_source", v.error)                        
-
-                # if criteria_sourcemac set, save it
-                if request.POST.get('criteria_sourcemac', None) == "1":
-                    # negate sdaddress_source
-                    if request.POST.get('smac_source_negate', None) == "1":
-                        sourcemac_negate = "!"
+                if 'source' in ruledata:
+                    if 'group' in ruledata['source']:
+                        if 'network-group' in ruledata['source']['group']:
+                            del ruledata['source']['group']['network-group']
+            else:
+                msg.add_error("Criteria Source Network Group: delete failed - " + v.reason)         
+
+        elif snetworkgroup != snetworkgroup_ruledata:
+            v = vapi.set_firewall_rule_source_networkgroup(hostname_default, firewall_name, rulenumber, snetworkgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Network Group: updated success") 
+
+                if 'source' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['source']:
+                    ruledata['source']['group'] = {}
+                ruledata['source']['group']['network-group'] = snetworkgroup         
+            else:
+                msg.add_error("Criteria Source Network Group: updated failed - " + v.reason) 
+
+
+        # destination group
+        if request.POST.get('dnetworkgroup', None) != None:              
+            dnetworkgroup = request.POST.get('dnetworkgroup').strip()
+        else:
+            dnetworkgroup = ''
+
+        dnetworkgroup_ruledata = ''
+        if 'destination' in ruledata:
+            if 'group' in ruledata['destination']:
+                if 'network-group' in ruledata['destination']['group']:
+                    dnetworkgroup_ruledata = ruledata['destination']['group']['network-group']
+
+        if len(dnetworkgroup) == 0: 
+            v = vapi.set_firewall_rule_destination_networkgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Network Group: delete success") 
+
+                if 'destination' in ruledata:
+                    if 'group' in ruledata['destination']:
+                        if 'network-group' in ruledata['destination']['group']:
+                            del ruledata['destination']['group']['network-group']
+            else:
+                msg.add_error("Criteria Destination Network Group: delete failed - " + v.reason)         
+        elif dnetworkgroup != dnetworkgroup_ruledata:
+            v = vapi.set_firewall_rule_destination_networkgroup(hostname_default, firewall_name, rulenumber, dnetworkgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Network Group: updated success") 
+
+                if 'destination' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['destination']:
+                    ruledata['destination']['group'] = {}
+                ruledata['destination']['group']['network-group'] = dnetworkgroup              
+            else:
+                msg.add_error("Criteria Destination Network Group: updated failed - " + v.reason)         
+
+    ###############################################################################################################################################################
+    # update criteria_portgroup
+    if request.POST.get('criteria_portgroup', None) == "1":
+    
+        # source port
+        if request.POST.get('sportgroup', None) != None:              
+            sportgroup = request.POST.get('sportgroup').strip()
+        else:
+            sportgroup = ''
+
+        sportgroup_ruledata = ''
+        if 'source' in ruledata:
+            if 'group' in ruledata['source']:
+                if 'port-group' in ruledata['source']['group']:
+                    sportgroup_ruledata = ruledata['source']['group']['port-group']
+
+        if len(sportgroup) == 0: 
+            v = vapi.set_firewall_rule_source_portgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Port Group: delete success") 
+
+                if 'source' in ruledata:
+                    if 'group' in ruledata['source']:
+                        if 'port-group' in ruledata['source']['group']:
+                            del ruledata['source']['group']['port-group']
+            else:
+                msg.add_error("Criteria Source Port Group: delete failed - " + v.reason)         
+
+        elif sportgroup != sportgroup_ruledata:
+            v = vapi.set_firewall_rule_source_portgroup(hostname_default, firewall_name, rulenumber, sportgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Source Port Group: updated success") 
+
+                if 'source' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['source']:
+                    ruledata['source']['group'] = {}
+                ruledata['source']['group']['port-group'] = sportgroup         
+            else:
+                msg.add_error("Criteria Source Port Group: updated failed - " + v.reason) 
+
+
+        # destination port
+        if request.POST.get('dportgroup', None) != None:              
+            dportgroup = request.POST.get('dportgroup').strip()
+        else:
+            dportgroup = ''
+
+        dportgroup_ruledata = ''
+        if 'destination' in ruledata:
+            if 'group' in ruledata['destination']:
+                if 'port-group' in ruledata['destination']['group']:
+                    dportgroup_ruledata = ruledata['destination']['group']['port-group']
+
+        if len(dportgroup) == 0: 
+            v = vapi.set_firewall_rule_destination_portgroup_delete(hostname_default, firewall_name, rulenumber)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Port Group: delete success") 
+
+                if 'destination' in ruledata:
+                    if 'group' in ruledata['destination']:
+                        if 'port-group' in ruledata['destination']['group']:
+                            del ruledata['destination']['group']['port-group']
+            else:
+                msg.add_error("Criteria Destination Port Group: delete failed - " + v.reason)         
+        elif dportgroup != dportgroup_ruledata:
+            v = vapi.set_firewall_rule_destination_portgroup(hostname_default, firewall_name, rulenumber, dportgroup)
+            if v.success:   
+                changed = True
+                msg.add_success("Criteria Destination Port Group: updated success") 
+
+                if 'destination' not in ruledata:
+                    ruledata['source'] = {}
+                if 'group' not in ruledata['destination']:
+                    ruledata['destination']['group'] = {}
+                ruledata['destination']['group']['port-group'] = dportgroup              
+            else:
+                msg.add_error("Criteria Destination Port Group: updated failed - " + v.reason) 
+
+    ###############################################################################################################################################################
+    # update criteria_sourcemac
+    if request.POST.get('criteria_sourcemac', None) == "1":
+        if request.POST.get('smac_source', None) != None:              
+            smac = request.POST.get('smac_source')
+            smac = smac.replace("-",":")
+            smac = smac.lower()
+
+            if len(smac.strip()) == 0:             
+                v = vapi.set_firewall_rule_source_mac_delete(hostname_default, firewall_name, rulenumber)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Source Mac Address: clean success") 
+                    if 'source' in ruledata:
+                        if 'mac-address' in ruledata['source']:
+                            del ruledata['source']['mac-address']
+                else:
+                    msg.add_error("Criteria Source Mac Address: clean failed - " + v.reason)   
+            else:    
+                # negate smac
+                if request.POST.get('smac_source_negate', None) == "1":
+                    smac_negate = "!"
+                else:
+                    smac_negate = ""
+                                            
+                smac_txt = smac_negate + smac              
+                smac_original = ''
+                if 'source' in ruledata:
+                    if 'mac-address' in ruledata['source']:
+                        smac_original = ruledata['source']['mac-address']
+
+                if smac_txt != smac_original:
+                    v = vapi.set_firewall_rule_source_mac(hostname_default, firewall_name, rulenumber, smac_txt)
+                    if v.success:
+                        changed = True
+                        msg.add_success("Criteria Source Mac Address: updated success") 
+
+                        if 'source' not in ruledata:
+                            ruledata['source'] = {}
+                        ruledata['source']['mac-address'] = smac_txt
                     else:
-                        sourcemac_negate = ""               
+                        msg.add_error("Criteria Source Mac Address: updated failed - " + v.reason)
+
+    ###############################################################################################################################################################
+    # update criteria_packetstate
+    if request.POST.get('criteria_packetstate', None) == "1":
+        packetstates_all = ['established', 'invalid', 'new', 'related']
+
+        packetstates_form = []
+        packetstates_add = []
+        packetstates_delete = []
         
-                    if request.POST.get('smac_source', None) != None:
-                        sourcemac = request.POST.get('smac_source')
-                        sourcemac = sourcemac.replace("-",":")
-                        sourcemac = sourcemac.lower()
-
-                        sourcemac_txt = sourcemac_negate + sourcemac
-
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "mac-address", sourcemac_txt],
-                            description = "set source mac",
-                        )
-                        if v.success:
-                            changed = True 
-
-                # if criteria_packetstate set, save it
-                if request.POST.get('criteria_packetstate', None) == "1":
-                    packetstates = []
-                    if request.POST.get('packetstate_established', None) == "1":
-                        packetstates.append('established')
-                    if request.POST.get('packetstate_invalid', None) == "1":
-                        packetstates.append('invalid')
-                    if request.POST.get('packetstate_new', None) == "1":
-                        packetstates.append('new')
-                    if request.POST.get('packetstate_related', None) == "1":
-                        packetstates.append('related')
-
-                    if len(packetstates) > 0:
-                        for packetstate in packetstates:
-                            v = vapilib.api (
-                                hostname=   hostname_default,
-                                api =       "post",
-                                op =        "set",
-                                cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "state", packetstate, "enable"],
-                                description = "set criteria_packetstate",
-                            )
-                            if v.success:
-                                changed = True
+        if request.POST.get('packetstate_established', None) == "1":
+            packetstates_form.append('established')
 
-                
+        if request.POST.get('packetstate_invalid', None) == "1":
+            packetstates_form.append('invalid')
+
+        if request.POST.get('packetstate_new', None) == "1":
+            packetstates_form.append('new')
 
-                # if criteria_portgroup set, save it
-                if request.POST.get('criteria_portgroup', None) == "1":
-                    if request.POST.get('sdportgroup_source', None) != None:
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "port-group", request.POST.get('sdportgroup_source')],
-                            description = "set sdportgroup_source",
-                        )
-                        if v.success:
-                            changed = True
-
-                    if request.POST.get('sdportgroup_destination', None) != None:
-                        v = vapilib.api (
-                            hostname=   hostname_default,
-                            api =       "post",
-                            op =        "set",
-                            cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "port-group", request.POST.get('sdportgroup_destination')],
-                            description = "set sdportgroup_destination",
-                        )
-                        if v.success:
-                            changed = True                        
+        if request.POST.get('packetstate_related', None) == "1":
+            packetstates_form.append('related')
+
+        if len(packetstates_form) == 0:
+            if 'state' in ruledata:
+                for pstate in ruledata['state']:
+                    packetstates_delete.append(pstate)
+
+        if len(packetstates_form) > 0:
+            for pstate in packetstates_all:
+                # check what to add
+                if 'state' not in ruledata:
+                    if pstate in packetstates_form:
+                        packetstates_add.append(pstate)
+                else:
+                    if pstate not in ruledata['state']:
+                        if pstate in packetstates_form:
+                            packetstates_add.append(pstate)
+                    else:
+                        if ruledata['state'][pstate] != 'enable':
+                            if pstate in packetstates_form:
+                                packetstates_add.append(pstate)
+
+                # check what to delete
+                if 'state' in ruledata:
+                    if pstate in ruledata['state']:
+                        if ruledata['state'][pstate] == 'enable':
+                            if pstate not in packetstates_form:
+                                    packetstates_delete.append(pstate)
+
+
+            if 'state' not in ruledata:
+                ruledata['state'] = {}
+            
+            for pstate in packetstates_add:
+                v = vapi.set_firewall_rule_packetstate(hostname_default, firewall_name, rulenumber, pstate)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Packet State: state added") 
+                    ruledata['state'][pstate] = 'enable'
+
+            for pstate in packetstates_delete:
+                v = vapi.set_firewall_rule_packetstate_delete(hostname_default, firewall_name, rulenumber, pstate)
+                if v.success:
+                    changed = True
+                    msg.add_success("Criteria Packet State: state delete") 
+                    if pstate in ruledata['state']:
+                        del ruledata['state'][pstate]
 
     if changed == True:
         msg.add_success("Firewall rule saved")
         
 
     ruledata_json = json.dumps(ruledata)
-    firewall_networkgroup_js = json.dumps(firewall_group['network-group'])
-    firewall_addressgroup_js = json.dumps(firewall_group['address-group'])    
-    vmsg.log("json", ruledata_json)
-
+    #vmsg.log("json", ruledata_json)
 
     template = loader.get_template(template_name)
     context = { 
@@ -806,10 +953,7 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         'services_common' :                 netservices['common'],
         'firewall_networkgroup':            firewall_group['network-group'],
         'firewall_addressgroup':            firewall_group['address-group'],
-        'firewall_networkgroup_js':         firewall_networkgroup_js,
-        'firewall_addressgroup_js':         firewall_addressgroup_js,
-        'netservices_js' :                  netservices_js,
-        'portgroups_groups':                portgroups_groups,
+        'firewall_portgroup':               firewall_group['port-group'],
         'mode' :                            mode,
         'msg' :                             msg.get_all(),
         'ruledata' :                        ruledata,
@@ -818,9 +962,6 @@ def changerule(request, firewall_name, mode, template_name="firewall/addrule.htm
         'rulenumber' :                      rulenumber,
     }
 
-    if mode == "editrule":
-        pass
-
     return HttpResponse(template.render(context, request))
     
 @is_authenticated

vycontrol/vycontrol_vyos_api.py

@@ -240,3 +240,124 @@ def set_firewall_rule_destination_addressgroup_delete(hostname, firewall_name, r
         description = "delete daddressgroup",
     )
     return v     
+
+
+def set_firewall_rule_source_networkgroup(hostname, firewall_name, rulenumber, snetworkgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "network-group", snetworkgroup],
+        description = "set snetworkgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_networkgroup(hostname, firewall_name, rulenumber, dnetworkgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group", dnetworkgroup],
+        description = "set dnetworkgroup",
+    )
+    return v 
+
+def set_firewall_rule_source_networkgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "network-group"],
+        description = "delete snetworkgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_networkgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "network-group"],
+        description = "delete dnetworkgroup",
+    )
+    return v         
+
+def set_firewall_rule_source_portgroup(hostname, firewall_name, rulenumber, sportgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "port-group", sportgroup],
+        description = "set sportgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_portgroup(hostname, firewall_name, rulenumber, dportgroup):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "port-group", dportgroup],
+        description = "set dportgroup",
+    )
+    return v 
+
+def set_firewall_rule_source_portgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "group", "port-group"],
+        description = "delete sportgroup",
+    )
+    return v  
+
+def set_firewall_rule_destination_portgroup_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "destination", "group", "port-group"],
+        description = "delete dportgroup",
+    )
+    return v             
+
+def set_firewall_rule_source_mac(hostname, firewall_name, rulenumber, smac_txt):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "mac-address", smac_txt],
+        description = "set source mac",
+    )
+    return v
+
+def set_firewall_rule_source_mac_delete(hostname, firewall_name, rulenumber):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "source", "mac-address"],
+        description = "delete dportgroup",
+    )
+    return v
+
+def set_firewall_rule_packetstate(hostname, firewall_name, rulenumber, packetstate):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "set",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "state", packetstate, "enable"],
+        description = "set packetstate",
+    )
+    return v
+
+def set_firewall_rule_packetstate_delete(hostname, firewall_name, rulenumber, packetstate):
+    v = vapilib.api (
+        hostname=   hostname,
+        api =       "post",
+        op =        "delete",
+        cmd =       ["firewall", "name", firewall_name, "rule", rulenumber, "state", packetstate],
+        description = "delete packetstate",
+    )
+    return v