diff --git a/circle/firewall/management/commands/add_rule.py b/circle/firewall/management/commands/add_rule.py
new file mode 100644
index 0000000..5d3094b
--- /dev/null
+++ b/circle/firewall/management/commands/add_rule.py
@@ -0,0 +1,122 @@
+#
+# CIRCLE is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along
+# with CIRCLE. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import unicode_literals, absolute_import
+
+from django.core.management.base import BaseCommand, CommandError
+
+from firewall.models import Vlan, VlanGroup, Rule
+from django.contrib.auth.models import User
+
+
+class Command(BaseCommand):
+
+ def add_arguments(self, parser):
+
+ parser.add_argument('--port',
+ action='store',
+ dest='port',
+ type=int,
+ required=True,
+ help='port which will open (0-65535)')
+
+ parser.add_argument('--protocol',
+ action='store',
+ dest='proto',
+ default=False,
+ choices=('tcp', 'udp', 'icmp'),
+ help='protocol name')
+
+ parser.add_argument('--action',
+ action='store',
+ dest='action',
+ default='accept',
+ choices=('accept', 'drop', 'ignore'),
+ help='action of the rule')
+
+ parser.add_argument('--dir',
+ action='store',
+ dest='dir',
+ default='in',
+ choices=('in', 'out'),
+ help='direction of the rule')
+
+ parser.add_argument('--vlan',
+ action='store',
+ dest='vlan',
+ required=True,
+ help='vlan name where the port will open')
+
+ parser.add_argument('--vlan-group',
+ action='store',
+ dest='vlan_group',
+ required=True,
+ help='vlan group name where the port will open')
+
+ parser.add_argument('--owner',
+ action='store',
+ dest='owner',
+ required=True,
+ help='name of user who owns the rule')
+
+ def handle(self, *args, **options):
+
+ port = options['port']
+ proto = options['proto']
+ action = options['action']
+ dir = options['dir']
+ owner = options['owner']
+ vlan = options['vlan']
+ fnet = options['vlan_group']
+
+ if port < 0 or port > 65535:
+ raise CommandError("Port '%i' not in range [0-65535]" % port)
+
+ try:
+ owner = User.objects.get(username=owner)
+ vlan = Vlan.objects.get(name=vlan)
+ fnet = VlanGroup.objects.get(name=fnet)
+ except User.DoesNotExist:
+ raise CommandError("User '%s' does not exist" % owner)
+ except Vlan.DoesNotExist:
+ raise CommandError("Vlan '%s' does not exist" % vlan)
+ except VlanGroup.DoesNotExist:
+ raise CommandError("VlanGroup '%s' does not exist" % fnet)
+
+ if proto:
+ self.add_rule(port, proto, action, dir, owner, vlan, fnet)
+ else:
+ self.add_rule(port, 'tcp', action, dir, owner, vlan, fnet)
+ self.add_rule(port, 'udp', action, dir, owner, vlan, fnet)
+
+ def add_rule(self, port, proto, action, dir, owner, vlan, fnet):
+
+ if self.is_exist(port, proto, action, dir, owner, vlan, fnet):
+ raise CommandError('Rule does exist, yet')
+
+ rule = Rule(direction=dir, dport=port, proto=proto, action=action,
+ vlan=vlan, foreign_network=fnet, owner=owner)
+
+ rule.save()
+
+ def is_exist(self, port, proto, action, dir, owner, vlan, fnet):
+
+ try:
+ Rule.objects.get(direction=dir, dport=port, proto=proto,
+ action=action, vlan=vlan,
+ foreign_network=fnet, owner=owner)
+ except Rule.DoesNotExist:
+ return False
+ else:
+ return True