0307dc68bb
Models (internal/models/): * FirewallAddressObject (host|network|range|fqdn) * FirewallAddressGroup mit MemberIDs gorm:"-"-Slice * FirewallService (proto+ports, builtin-Flag) * FirewallServiceGroup mit MemberIDs * FirewallRule (v2-Shape, src/dst nullable refs, exactly-one-of-Validation in Handler-Layer) * FirewallNATRule (kind=dnat|snat|masquerade, alle nullable) Repos (internal/services/firewall/, ein Paket): * AddressObjectsRepo, AddressGroupsRepo (mit Members-Junction-Ops) * ServicesRepo (refused Update/Delete für builtin=TRUE Rows), ServiceGroupsRepo * RulesRepo, NATRulesRepo Jeweils Standard-CRUD; Group-Repos handhaben Members atomic in einer TX (Update ersetzt komplette Membership). Handler + Renderer-Rewrite + Frontend folgen in den nächsten Commits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
2.2 KiB
Go
41 lines
2.2 KiB
Go
package models
|
|
|
|
import "time"
|
|
|
|
// FirewallNATRule covers the three nft NAT shapes in one table:
|
|
//
|
|
// - kind=dnat: in_zone + match_dport_* → target_addr [+ target_port_*]
|
|
// (port-forward incoming traffic)
|
|
// - kind=snat: out_zone + match_src_cidr → target_addr
|
|
// (rewrite source IP to a fixed address)
|
|
// - kind=masquerade: out_zone [+ match_src_cidr]
|
|
// (rewrite source to out-iface IP — typical lan→wan)
|
|
//
|
|
// Validation of kind-specific field combinations lives in the
|
|
// handler.
|
|
type FirewallNATRule struct {
|
|
ID int64 `gorm:"primaryKey" json:"id"`
|
|
Name *string `gorm:"column:name" json:"name,omitempty"`
|
|
Priority int `gorm:"column:priority" json:"priority"`
|
|
Enabled bool `gorm:"column:enabled" json:"enabled"`
|
|
Kind string `gorm:"column:kind" json:"kind"` // dnat|snat|masquerade
|
|
|
|
InZone *string `gorm:"column:in_zone" json:"in_zone,omitempty"`
|
|
OutZone *string `gorm:"column:out_zone" json:"out_zone,omitempty"`
|
|
Proto *string `gorm:"column:proto" json:"proto,omitempty"`
|
|
MatchSrcCIDR *string `gorm:"column:match_src_cidr" json:"match_src_cidr,omitempty"`
|
|
MatchDstCIDR *string `gorm:"column:match_dst_cidr" json:"match_dst_cidr,omitempty"`
|
|
MatchDPortStart *int `gorm:"column:match_dport_start" json:"match_dport_start,omitempty"`
|
|
MatchDPortEnd *int `gorm:"column:match_dport_end" json:"match_dport_end,omitempty"`
|
|
|
|
TargetAddr *string `gorm:"column:target_addr" json:"target_addr,omitempty"`
|
|
TargetPortStart *int `gorm:"column:target_port_start" json:"target_port_start,omitempty"`
|
|
TargetPortEnd *int `gorm:"column:target_port_end" json:"target_port_end,omitempty"`
|
|
|
|
Comment *string `gorm:"column:comment" json:"comment,omitempty"`
|
|
CreatedAt time.Time `gorm:"column:created_at" json:"created_at"`
|
|
UpdatedAt time.Time `gorm:"column:updated_at" json:"updated_at"`
|
|
}
|
|
|
|
func (FirewallNATRule) TableName() string { return "firewall_nat_rules" }
|