define protocol types and rule model

controllers/acls.go

@@ -52,6 +52,73 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 			// models.NetmakerIPAclID,
 			// models.NetmakerSubNetRangeAClID,
 		},
+		ProtocolTypes: []models.ProtocolType{
+			{
+				Name: "HTTP",
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "80",
+			},
+			{
+				Name: "HTTPS",
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "443",
+			},
+			{
+				Name: "MySQL",
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "3306",
+			},
+			{
+				Name: "DNS TCP",
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "53",
+			},
+			{
+				Name: "DNS UDP",
+				AllowedProtocols: []models.Protocol{
+					models.UDP,
+				},
+				PortRange: "53",
+			},
+			{
+				Name: "All TCP",
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "All ports",
+			},
+			{
+				Name: "All UDP",
+				AllowedProtocols: []models.Protocol{
+					models.UDP,
+				},
+				PortRange: "All ports",
+			},
+			{
+				Name: "ICMP",
+				AllowedProtocols: []models.Protocol{
+					models.ICMP,
+				},
+				PortRange: "",
+			},
+			{
+				Name: "Custom",
+				AllowedProtocols: []models.Protocol{
+					models.UDP,
+					models.TCP,
+				},
+				PortRange:        "All ports",
+				AllowPortSetting: true,
+			},
+		},
 	}
 	logic.ReturnSuccessResponseWithJson(w, r, resp, "fetched acls types")
 }

models/acl.go

@@ -1,6 +1,7 @@
 package models
 
 import (
+	"net"
 	"time"
 )
 
@@ -14,6 +15,16 @@ const (
 	TrafficDirectionBi
 )
 
+// Protocol - allowed protocol
+type Protocol int
+
+const (
+	ALL Protocol = iota
+	UDP
+	TCP
+	ICMP
+)
+
 type AclPolicyType string
 
 const (
@@ -51,14 +62,16 @@ type AclPolicy struct {
 }
 
 type Acl struct {
-	ID               string                  `json:"id"`
-	Default          bool                    `json:"default"`
-	MetaData         string                  `json:"meta_data"`
-	Name             string                  `json:"name"`
-	NetworkID        NetworkID               `json:"network_id"`
-	RuleType         AclPolicyType           `json:"policy_type"`
-	Src              []AclPolicyTag          `json:"src_type"`
-	Dst              []AclPolicyTag          `json:"dst_type"`
+	ID               string         `json:"id"`
+	Default          bool           `json:"default"`
+	MetaData         string         `json:"meta_data"`
+	Name             string         `json:"name"`
+	NetworkID        NetworkID      `json:"network_id"`
+	RuleType         AclPolicyType  `json:"policy_type"`
+	Src              []AclPolicyTag `json:"src_type"`
+	Dst              []AclPolicyTag `json:"dst_type"`
+	Proto            []Protocol     // tcp, udp, etc.
+	Port             []int
 	AllowedDirection AllowedTrafficDirection `json:"allowed_traffic_direction"`
 	Enabled          bool                    `json:"enabled"`
 	CreatedBy        string                  `json:"created_by"`
@@ -66,7 +79,24 @@ type Acl struct {
 }
 
 type AclPolicyTypes struct {
+	ProtocolTypes []ProtocolType
 	RuleTypes     []AclPolicyType `json:"policy_types"`
 	SrcGroupTypes []AclGroupType  `json:"src_grp_types"`
 	DstGroupTypes []AclGroupType  `json:"dst_grp_types"`
 }
+
+type ProtocolType struct {
+	Name             string     `json:"name"`
+	AllowedProtocols []Protocol `json:"allowed_protocols"`
+	PortRange        string     `json:"port_range"`
+	AllowPortSetting bool       `json:"allow_port_setting"`
+}
+
+type AclRule struct {
+	SrcIP     net.IPNet
+	DstIP     net.IPNet
+	Proto     Protocol // tcp, udp, etc.
+	Port      []int
+	Direction AllowedTrafficDirection // inbound or outbound
+	Allowed   bool
+}

models/mqtt.go

@@ -94,6 +94,7 @@ type FwUpdate struct {
 	IsIngressGw bool                   `json:"is_ingress_gw"`
 	EgressInfo  map[string]EgressInfo  `json:"egress_info"`
 	IngressInfo map[string]IngressInfo `json:"ingress_info"`
+	AclRules    []AclRule              `json:"acl_rules"`
 }
 
 // FailOverMeReq - struct for failover req