CREATE TABLE firewall_rules (
    id SERIAL NOT NULL PRIMARY KEY,

    allow_role_id SERIAL NOT NULL REFERENCES roles(id), -- all roles: use the organization role itself

    protocol INTEGER NOT NULL, -- 0: any, 1: icmp, 2: udp, 3: tcp
    port VARCHAR(256) NOT NULL, -- port range (ignore if protocol==1)
    description VARCHAR(256) NOT NULL -- description
)