Seperate Definitions by Sub System

internal/definitions/firewall/destination_nat.go

@@ -0,0 +1,7 @@
+package firewall
+
+type DestinationNATRule struct {
+	Rule
+	Address string `json:"address,omitempty"`
+	Service string `json:"service,omitempty"`
+}

internal/definitions/firewall/firewall.go

@@ -0,0 +1,7 @@
+package firewall
+
+type Firewall struct {
+	ForwardRules        []ForwardRule        `json:"forward_rules" validate:"required,dive"`
+	DestinationNATRules []DestinationNATRule `json:"destination_nat_rules" validate:"required,dive"`
+	SourceNATRules      []SourceNATRule      `json:"source_nat_rules" validate:"required,dive"`
+}

internal/definitions/firewall/match.go

@@ -0,0 +1,8 @@
+package firewall
+
+type Match struct {
+	TCPDestinationPort   uint64   `json:"tcp_destination_port,omitempty"`
+	Services             []string `json:"services,omitempty"`
+	SourceAddresses      []string `json:"source_addresses,omitempty"`
+	DestinationAddresses []string `json:"destination_addresses,omitempty"`
+}

internal/definitions/firewall/rule.go

@@ -0,0 +1,50 @@
+package firewall
+
+import "encoding/json"
+
+type Rule struct {
+	ID      uint64 `json:"id" validate:"required,gt=0"`
+	Name    string `json:"name" validate:"required"`
+	Match   Match  `json:"match" validate:"required,dive"`
+	Comment string `json:"comment,omitempty"`
+	Counter bool   `json:"counter,omitempty"`
+}
+
+type ForwardRule struct {
+	Rule
+	Verdict Verdict `json:"verdict" validate:"min=0,max=2"`
+}
+
+type Verdict int
+
+const (
+	Accept Verdict = iota
+	Drop
+	Continue
+)
+
+func (t Verdict) String() string {
+	return [...]string{"accept", "drop", "continue"}[t]
+}
+
+func (t *Verdict) FromString(input string) Verdict {
+	return map[string]Verdict{
+		"accept":   Accept,
+		"drop":     Drop,
+		"continue": Continue,
+	}[input]
+}
+
+func (t Verdict) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
+
+func (t *Verdict) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+	*t = t.FromString(s)
+	return nil
+}

internal/definitions/firewall/source_nat.go

@@ -0,0 +1,42 @@
+package firewall
+
+import "encoding/json"
+
+type SourceNATRule struct {
+	Rule
+	Type    SnatType `json:"type" validate:"min=0,max=1"`
+	Address string   `json:"address,omitempty"`
+	Service string   `json:"service,omitempty"`
+}
+
+type SnatType int
+
+const (
+	Snat SnatType = iota
+	Masquerade
+)
+
+func (t SnatType) String() string {
+	return [...]string{"snat", "masquerade"}[t]
+}
+
+func (t *SnatType) FromString(input string) SnatType {
+	return map[string]SnatType{
+		"snat":       Snat,
+		"masquerade": Masquerade,
+	}[input]
+}
+
+func (t SnatType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(t.String())
+}
+
+func (t *SnatType) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+	*t = t.FromString(s)
+	return nil
+}