diff --git a/circle/firewall/management/commands/add_rule.py b/circle/firewall/management/commands/add_rule.py
new file mode 100644
index 0000000..5d3094b
--- /dev/null
+++ b/circle/firewall/management/commands/add_rule.py
@@ -0,0 +1,122 @@
+#
+# CIRCLE is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along
+# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import unicode_literals, absolute_import
+
+from django.core.management.base import BaseCommand, CommandError
+
+from firewall.models import Vlan, VlanGroup, Rule
+from django.contrib.auth.models import User
+
+
+class Command(BaseCommand):
+
+    def add_arguments(self, parser):
+
+        parser.add_argument('--port',
+                            action='store',
+                            dest='port',
+                            type=int,
+                            required=True,
+                            help='port which will open (0-65535)')
+
+        parser.add_argument('--protocol',
+                            action='store',
+                            dest='proto',
+                            default=False,
+                            choices=('tcp', 'udp', 'icmp'),
+                            help='protocol name')
+
+        parser.add_argument('--action',
+                            action='store',
+                            dest='action',
+                            default='accept',
+                            choices=('accept', 'drop', 'ignore'),
+                            help='action of the rule')
+
+        parser.add_argument('--dir',
+                            action='store',
+                            dest='dir',
+                            default='in',
+                            choices=('in', 'out'),
+                            help='direction of the rule')
+
+        parser.add_argument('--vlan',
+                            action='store',
+                            dest='vlan',
+                            required=True,
+                            help='vlan name where the port will open')
+
+        parser.add_argument('--vlan-group',
+                            action='store',
+                            dest='vlan_group',
+                            required=True,
+                            help='vlan group name where the port will open')
+
+        parser.add_argument('--owner',
+                            action='store',
+                            dest='owner',
+                            required=True,
+                            help='name of user who owns the rule')
+
+    def handle(self, *args, **options):
+
+        port = options['port']
+        proto = options['proto']
+        action = options['action']
+        dir = options['dir']
+        owner = options['owner']
+        vlan = options['vlan']
+        fnet = options['vlan_group']
+
+        if port < 0 or port > 65535:
+            raise CommandError("Port '%i' not in range [0-65535]" % port)
+
+        try:
+            owner = User.objects.get(username=owner)
+            vlan = Vlan.objects.get(name=vlan)
+            fnet = VlanGroup.objects.get(name=fnet)
+        except User.DoesNotExist:
+            raise CommandError("User '%s' does not exist" % owner)
+        except Vlan.DoesNotExist:
+            raise CommandError("Vlan '%s' does not exist" % vlan)
+        except VlanGroup.DoesNotExist:
+            raise CommandError("VlanGroup '%s' does not exist" % fnet)
+
+        if proto:
+            self.add_rule(port, proto, action, dir, owner, vlan, fnet)
+        else:
+            self.add_rule(port, 'tcp', action, dir, owner, vlan, fnet)
+            self.add_rule(port, 'udp', action, dir, owner, vlan, fnet)
+
+    def add_rule(self, port, proto, action, dir, owner, vlan, fnet):
+
+        if self.is_exist(port, proto, action, dir, owner, vlan, fnet):
+            raise CommandError('Rule does exist, yet')
+
+        rule = Rule(direction=dir, dport=port, proto=proto, action=action,
+                    vlan=vlan, foreign_network=fnet, owner=owner)
+
+        rule.save()
+
+    def is_exist(self, port, proto, action, dir, owner, vlan, fnet):
+
+        try:
+            Rule.objects.get(direction=dir, dport=port, proto=proto,
+                             action=action, vlan=vlan,
+                             foreign_network=fnet, owner=owner)
+        except Rule.DoesNotExist:
+            return False
+        else:
+            return True