Hi,
Though the docs say Address_Sets contain address, MACs, IP4, IP6 could
they contain
protocol port numbers too, it would also greatly help when construction
ACLs, for example
say I have:
ovn-nbctl acl-add ls_external_ugw from-lport 32700 'inport == "ln-ls_external_ugw" && (ip4.dst
== $private_allowed && ip4.src == $mn_mapping_ips) && (tcp.dst == 22)' allow-stateless
ovn-nbctl acl-add ls_external_ugw from-lport 32700 'inport == "ln-ls_external_ugw" && (ip4.dst
== $private_allowed && ip4.src == $mn_mapping_ips) && (tcp.dst == 80)' allow-stateless
I could do this instead:
ovn-nbctl acl-add ls_external_ugw from-lport 32700 'inport == "ln-ls_external_ugw" && (ip4.dst
== $private_allowed && ip4.src == $mn_mapping_ips) && (tcp.dst == $allowed_ports)' allow-stateless
Then I just have one ACL, and as IPs/ports are added I just update the
address set.
Brendan.
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
