From 7b00ceee37411e7faaf40aeee3d2977b384d837b Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Fri, 16 Jan 2026 14:46:43 -0300
Subject: [PATCH] add enforce route policy field and validation to forms

---
 routing_templates/forms.py | 13 +++++++++++++
 routing_templates/views.py |  4 ++++
 2 files changed, 17 insertions(+)

diff --git a/routing_templates/forms.py b/routing_templates/forms.py
index e5f5d21..61031f9 100644
--- a/routing_templates/forms.py
+++ b/routing_templates/forms.py
@@ -16,6 +16,7 @@ class RoutingTemplateForm(forms.ModelForm):
             'route_type',
             'custom_routes',
             'allow_peer_custom_routes',
+            'enforce_route_policy',
         ]
 
     def __init__(self, *args, **kwargs):
@@ -28,6 +29,7 @@ class RoutingTemplateForm(forms.ModelForm):
         self.fields['route_type'].label = _("Route Type")
         self.fields['custom_routes'].label = _("Custom Routes")
         self.fields['allow_peer_custom_routes'].label = _("Allow Peer Custom Routes")
+        self.fields['enforce_route_policy'].label = _("Enforce Route Policy")
 
         back_label = _("Back")
         delete_label = _("Delete")
@@ -56,7 +58,9 @@ class RoutingTemplateForm(forms.ModelForm):
             ),
             Row(
                 Column('default_template', css_class='form-group col-md-6 mb-0'),
+                Column('enforce_route_policy', css_class='form-group col-md-6 mb-0'),
                 Column('allow_peer_custom_routes', css_class='form-group col-md-6 mb-0'),
+
                 css_class='form-row'
             ),
             Row(
@@ -68,3 +72,12 @@ class RoutingTemplateForm(forms.ModelForm):
                 css_class='form-row'
             )
         )
+
+    def clean(self):
+        cleaned_data = super().clean()
+        allow_custom = cleaned_data.get('allow_peer_custom_routes')
+        enforce_policy = cleaned_data.get('enforce_route_policy')
+
+        if allow_custom and enforce_policy:
+            raise forms.ValidationError(_("You cannot enable 'Enforce Route Policy' when 'Allow Peer Custom Routes' is checked."))
+        return cleaned_data
diff --git a/routing_templates/views.py b/routing_templates/views.py
index 052c31d..8f36ef0 100644
--- a/routing_templates/views.py
+++ b/routing_templates/views.py
@@ -76,6 +76,10 @@ def view_manage_routing_template(request):
         
         <h5>Allow Peer Custom Routes</h5>
         <p>If checked, allows specific peers to add their own custom routes on top of this template.</p>
+        
+        <h5>Enforce Route Policy</h5>
+        <p>If enabled, firewall rules will be applied to strictly enforce this routing policy.<br>The peer will only be able to access networks explicitly defined by the assigned routing template.<br>Any traffic to destinations outside these routes will be blocked.</p>
+        <p>Note: depending on the number of routes and peers, enabling this option may generate a large number of firewall rules.</p>
         ''')
     }