feat(fw): Frontend /firewall mit 6 Tabs (Rules/NAT/Address-Objects/-Groups/Services/-Groups)

management-ui/src/pages/Firewall/: * index.tsx — AntD Tabs default=Rules * AddressObjects.tsx — Table + Modal (kind-Switch ändert Placeholder) * AddressGroups.tsx — Members als Multi-Select aus Address-Objects * Services.tsx — Builtin-Rows sind Edit/Delete-disabled mit Tooltip, Form blendet Port-Felder bei proto != tcp/udp aus * ServiceGroups.tsx — analog AddressGroups * Rules.tsx — Renderer mit object/group/cidr/any-Switch pro Seite + Service-Picker; Action+Zone als Tags in der Tabelle * NATRules.tsx — kind-spezifische Form (DNAT braucht in_zone+dport, SNAT/MASQ braucht out_zone, MASQ verbietet target_addr) Sidebar bekommt eigene Sektion "Sicherheit" mit FireOutlined-Icon für /firewall. i18n de/en für alle 6 Tabs + Form-Labels. Backend war schon im vorigen Commit fertig — diese Pages konsumieren direkt /api/v1/firewall/{address-objects,address-groups,services, service-groups,rules,nat-rules}. Renderer (nft aus den Joins) + auto-apply folgen in den nächsten Commits — bis dahin sind die Rules in der DB sichtbar aber noch nicht aktiv im Kernel. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 11:44:00 +02:00
parent c9dd0b4cb1
commit e2bdce9271
12 changed files with 1283 additions and 1 deletions
--- a/management-ui/src/i18n/locales/en/common.json
+++ b/management-ui/src/i18n/locales/en/common.json
@@ -19,9 +19,69 @@
      "overview": "Overview",
      "routing": "Routing",
      "network": "Network",
+      "security": "Security",
      "system": "System"
    }
  },
+  "fw": {
+    "title": "Firewall",
+    "intro": "Fortigate-style: rules built from zones × address objects/groups × services/service groups × action. NAT is separate. Top-down, first-match.",
+    "tabs": {
+      "rules": "Rules",
+      "nat": "NAT",
+      "addrObj": "Address objects",
+      "addrGrp": "Address groups",
+      "services": "Services",
+      "svcGrp": "Service groups"
+    },
+    "ao": {
+      "name": "Name", "kind": "Kind", "value": "Value", "description": "Description",
+      "add": "Add address object", "edit": "Edit address object",
+      "deleteConfirm": "Really delete address object {{name}}?"
+    },
+    "ag": {
+      "name": "Name", "members": "Members", "description": "Description",
+      "add": "Add address group", "edit": "Edit address group",
+      "selectMembers": "Select address objects",
+      "deleteConfirm": "Really delete address group {{name}}?"
+    },
+    "svc": {
+      "name": "Name", "proto": "Protocol", "ports": "Ports",
+      "portStart": "Port (start)", "portEnd": "Port (end)",
+      "description": "Description", "builtinHint": "Built-in — not editable",
+      "add": "Add service", "edit": "Edit service",
+      "deleteConfirm": "Really delete service {{name}}?"
+    },
+    "sg": {
+      "name": "Name", "members": "Members", "description": "Description",
+      "add": "Add service group", "edit": "Edit service group",
+      "selectMembers": "Select services",
+      "deleteConfirm": "Really delete service group {{name}}?"
+    },
+    "rule": {
+      "name": "Name", "priority": "Priority", "enabled": "Enabled", "log": "Log",
+      "action": "Action", "src": "Source", "dst": "Destination", "service": "Service",
+      "srcZone": "Source zone", "dstZone": "Dest. zone",
+      "srcKind": "Source kind", "dstKind": "Dest. kind",
+      "object": "Address object", "group": "Address group",
+      "serviceKind": "Service kind", "serviceGroup": "Service group",
+      "comment": "Comment",
+      "add": "Add rule", "edit": "Edit rule",
+      "deleteConfirm": "Really delete this rule?"
+    },
+    "nat": {
+      "name": "Name", "priority": "Priority", "kind": "Kind", "enabled": "Enabled",
+      "match": "Match", "target": "Target",
+      "inZone": "Ingress zone", "outZone": "Egress zone", "proto": "Protocol",
+      "matchSrcCidr": "Source CIDR (match)", "matchDstCidr": "Dest. CIDR (match)",
+      "matchDstCidrHint": "empty = any dest IP (e.g. box's public IP)",
+      "dportStart": "Port (start)", "dportEnd": "Port (end)",
+      "targetAddr": "Target address", "targetPortStart": "Target port (start)", "targetPortEnd": "Target port (end)",
+      "comment": "Comment",
+      "add": "Add NAT rule", "edit": "Edit NAT rule",
+      "deleteConfirm": "Really delete this NAT rule?"
+    }
+  },
  "networks": {
    "title": "Network interfaces",
    "intro": "Manage WAN, LAN, VLAN and bond interfaces. Read-only kernel discovery above; declared configuration below — runtime apply via systemd-networkd lands in a later release.",