Hi Andrew, First of all thanks for your answer
Sorry, maybe my question was ambiguous. Indeed, what I want to know is whether ACL plugin in 17.04 can provide me zone-based policy functionality. For example, Interface A is a member of trust zone and Interface B is a member of untrust zone. Could I define a special ACL that affect on packets forward from trust to untrust zone? In other words, I want to have a ACL that filter packets received from interface A *and* egress from interface B while doesn't filter packets recieved from interface A* and* egress from interface C. is there this feature already or in vpp future plan? Best Regards, -- Mahmood Gholipour M.Sc Candidate, School of Electrical and Computer Engineering, College of Engineering, University of Tehran On Mon, May 8, 2017 at 9:05 PM, Andrew 👽 Yourtchenko <ayour...@gmail.com> wrote: > > > --a > > On 8 May 2017, at 13:25, mahmood gholipour <mahmood.gholip...@gmail.com> > wrote: > > Hi > I have read the SecurityGroups page in your Wiki about acl plugin and > executed some of functionality test on this feature. So, my question is > whether we have input and output acl simultaneously? > > > Yes, an interface can have an ingress and egress ACL at the same time. > > > In other words, could have we an acl that affect on packets that are > recieved from interface A and egress interface B? > > > This wording I don't understand - could you please clarify what you are > looking to achieve ? > > You can also have a look at the newly committed extended stateful acl test > in master, that one really goes pretty much packet per packet, so could be > useful to play with. > > --a > > Best Regards, > > -- > > > Mahmood Gholipour > M.Sc Candidate, > School of Electrical and Computer Engineering, > College of Engineering, > University of Tehran > > > _______________________________________________ > vpp-dev mailing list > vpp-dev@lists.fd.io > https://lists.fd.io/mailman/listinfo/vpp-dev > >
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
