package models import "time" // FirewallRule is the v2 (Fortigate-style) policy row. Source and // destination each carry exactly one of: // - AddressObjectID → primitive address object // - AddressGroupID → address group // - CIDR → inline CIDR // - all three nil → "any" // // Same rule applies to ServiceObjectID / ServiceGroupID — exactly one // or both nil for "any service". // // Validation lives in the handler layer (DB doesn't enforce // "exactly one" because expressive CHECK constraints get unwieldy). type FirewallRule struct { ID int64 `gorm:"primaryKey" json:"id"` Name *string `gorm:"column:name" json:"name,omitempty"` Priority int `gorm:"column:priority" json:"priority"` Enabled bool `gorm:"column:enabled" json:"enabled"` Action string `gorm:"column:action" json:"action"` // accept|drop|reject SrcZone string `gorm:"column:src_zone" json:"src_zone"` SrcAddressObjectID *int64 `gorm:"column:src_address_object_id" json:"src_address_object_id,omitempty"` SrcAddressGroupID *int64 `gorm:"column:src_address_group_id" json:"src_address_group_id,omitempty"` SrcCIDR *string `gorm:"column:src_cidr" json:"src_cidr,omitempty"` DstZone string `gorm:"column:dst_zone" json:"dst_zone"` DstAddressObjectID *int64 `gorm:"column:dst_address_object_id" json:"dst_address_object_id,omitempty"` DstAddressGroupID *int64 `gorm:"column:dst_address_group_id" json:"dst_address_group_id,omitempty"` DstCIDR *string `gorm:"column:dst_cidr" json:"dst_cidr,omitempty"` ServiceObjectID *int64 `gorm:"column:service_object_id" json:"service_object_id,omitempty"` ServiceGroupID *int64 `gorm:"column:service_group_id" json:"service_group_id,omitempty"` Log bool `gorm:"column:log" json:"log"` Comment *string `gorm:"column:comment" json:"comment,omitempty"` CreatedAt time.Time `gorm:"column:created_at" json:"created_at"` UpdatedAt time.Time `gorm:"column:updated_at" json:"updated_at"` } func (FirewallRule) TableName() string { return "firewall_rules" }