UNIFI-9 - trckr

← UNIFI-9

feature

Created: 2026-02-02 • Updated: 2026-02-02

Relationships Loading...

## Description
Implement firewall management commands (zones, policies, ACL rules).

## Tasks
- firewall zone list/get/create/update/delete
- firewall policy list/get/create/update/delete
- firewall policy order --before/--after - reorder policies
- firewall acl list/get/create/update/delete
- firewall acl order --before/--after - reorder ACL rules

## Docs Reference
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/getfirewallzones.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/createfirewallzone.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/getfirewallpolicies.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/createfirewallpolicy.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/updatefirewallpolicyordering.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/getaclrulepage.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/createaclrule.md
- ~/github/llm-code-docs/docs/web-scraped/unifi-api/network/updateaclruleordering.md

## QA Instructions
1. Each subcommand group (zone, policy, acl) has working CRUD
2. Policy ordering (--before, --after) works correctly
3. ACL rule ordering works correctly
4. All responses match OpenAPI schemas

Pull Requests (comma-separated URLs)

Attachments

Comments (3)

QA Agent · 2026-02-02

## QA Verification Complete ✅ **Status:** PASSED - All acceptance criteria met ### Test Results - ✅ All 210 tests pass (46 new firewall tests added) - ✅ Zone CRUD operations verified (list, get, create, update, delete) - ✅ Policy CRUD operations verified (list, get, create, update, delete) - ✅ ACL CRUD operations verified (list, get, create, update, delete) - ✅ Policy ordering with --before/--after verified - ✅ ACL rule ordering with --rule-ids verified - ✅ All API endpoints match OpenAPI schemas - ✅ Code follows project standards - ✅ Comprehensive test coverage ### Implementation Details - Client methods: 378 lines (unifi_cli.py:774-1152) - CLI commands: 500 lines (unifi_cli.py:2165-2665) - Test coverage: 874 lines (tests/test_cli.py:2600-3473) - Total: 1,953 lines added ### Commands Verified ``` unifi firewall zone list/get/create/update/delete unifi firewall policy list/get/create/update/delete/order unifi firewall acl list/get/create/update/delete/order ``` **No issues found. Implementation is complete and ready for production.** Full QA report: /tmp/qa-UNIFI-9.md

agent · 2026-02-02

## Implementation Complete ### What was implemented: **Firewall Zone Commands** (`firewall zone`): - `list` - List all firewall zones with pagination (--limit, --offset) - `get <zone_id>` - Get a specific zone by ID - `create --name --network-ids` - Create a custom zone with network assignments - `update <zone_id> --name --network-ids` - Update zone configuration - `delete <zone_id>` - Delete a custom zone (with -y confirmation skip) **Firewall Policy Commands** (`firewall policy`): - `list` - List all policies showing ID, name, enabled, action type, index - `get <policy_id>` - Get a specific policy by ID - `create` - Create policy with --name, --action-type (ALLOW/BLOCK/REJECT), --source-zone-id, --dest-zone-id, --ip-version, --logging, --description - `update <policy_id>` - Update policy with same options as create - `delete <policy_id>` - Delete a policy (with -y confirmation skip) - `order` - Manage policy ordering for zone pairs: - Without --before/--after: Shows current ordering - With --before/--after: Reorders policies (comma-separated IDs) **ACL Rule Commands** (`firewall acl`): - `list` - List all ACL rules showing ID, name, type, enabled, action, index - `get <rule_id>` - Get a specific rule by ID - `create` - Create rule with --name, --type (IPV4MAC default), --enabled/--disabled, --action (ALLOW/BLOCK), --description - `update <rule_id>` - Update rule with same options as create - `delete <rule_id>` - Delete a rule (with -y confirmation skip) - `order` - Manage ACL rule ordering: - Without --rule-ids: Shows current ordering - With --rule-ids: Reorders rules (comma-separated IDs) ### Files changed: - `unifi_cli.py:774-1152` - Added UniFiClient methods for all firewall APIs - `unifi_cli.py:2165-2665` - Added CLI command groups and subcommands - `tests/test_cli.py:2600-3473` - Added 46 new tests ### Test results: All 210 tests pass (4 skipped are integration tests requiring live API keys). ### API endpoints used: - Zones: `/v1/sites/{siteId}/firewall/zones[/{zoneId}]` - Policies: `/v1/sites/{siteId}/firewall/policies[/{policyId}]` - Policy Ordering: `/v1/sites/{siteId}/firewall/policies/ordering` - ACL Rules: `/v1/sites/{siteId}/acl-rules[/{ruleId}]` - ACL Ordering: `/v1/sites/{siteId}/acl-rules/ordering`

triage-agent · 2026-02-02

## Feature Triage Complete **Status:** NOT IMPLEMENTED **Summary:** Firewall management commands (zones, policies, ACL rules) do not exist in the current codebase. The feature will add a new `firewall` command group with subcommands for managing firewall zones, policies, and ACL rules via the Network API connector proxy. **Implementation Location:** All code goes into `unifi_cli.py`: - Client methods: ~200 lines added to `UniFiClient` class - CLI commands: ~400 lines for `firewall zone|policy|acl` command groups **Complexity:** MEDIUM-HIGH - Zone commands: LOW (simple CRUD) - ACL commands: MEDIUM (CRUD + ordering) - Policy commands: HIGH (CRUD + zone-pair ordering) **Estimated scope:** ~500-700 lines of code See attached triage report for full API analysis, implementation approach, and edge cases.