package models import "time" // FirewallNATRule covers the three nft NAT shapes in one table: // // - kind=dnat: in_zone + match_dport_* → target_addr [+ target_port_*] // (port-forward incoming traffic) // - kind=snat: out_zone + match_src_cidr → target_addr // (rewrite source IP to a fixed address) // - kind=masquerade: out_zone [+ match_src_cidr] // (rewrite source to out-iface IP — typical lan→wan) // // Validation of kind-specific field combinations lives in the // handler. type FirewallNATRule struct { ID int64 `gorm:"primaryKey" json:"id"` Name *string `gorm:"column:name" json:"name,omitempty"` Priority int `gorm:"column:priority" json:"priority"` Enabled bool `gorm:"column:enabled" json:"enabled"` Kind string `gorm:"column:kind" json:"kind"` // dnat|snat|masquerade InZone *string `gorm:"column:in_zone" json:"in_zone,omitempty"` OutZone *string `gorm:"column:out_zone" json:"out_zone,omitempty"` Proto *string `gorm:"column:proto" json:"proto,omitempty"` MatchSrcCIDR *string `gorm:"column:match_src_cidr" json:"match_src_cidr,omitempty"` MatchDstCIDR *string `gorm:"column:match_dst_cidr" json:"match_dst_cidr,omitempty"` MatchDPortStart *int `gorm:"column:match_dport_start" json:"match_dport_start,omitempty"` MatchDPortEnd *int `gorm:"column:match_dport_end" json:"match_dport_end,omitempty"` TargetAddr *string `gorm:"column:target_addr" json:"target_addr,omitempty"` TargetPortStart *int `gorm:"column:target_port_start" json:"target_port_start,omitempty"` TargetPortEnd *int `gorm:"column:target_port_end" json:"target_port_end,omitempty"` Comment *string `gorm:"column:comment" json:"comment,omitempty"` CreatedAt time.Time `gorm:"column:created_at" json:"created_at"` UpdatedAt time.Time `gorm:"column:updated_at" json:"updated_at"` } func (FirewallNATRule) TableName() string { return "firewall_nat_rules" }