--a
> On 9 May 2017, at 11:13, mahmood gholipour <mahmood.gholip...@gmail.com> > wrote: > > Hi Andrew, > > First of all thanks for your answer > > Sorry, maybe my question was ambiguous. Indeed, what I want to know is > whether ACL plugin in 17.04 can provide me zone-based policy functionality. > > For example, Interface A is a member of trust zone and Interface B is a > member of untrust zone. Could I define a special ACL that affect on packets > forward from trust to untrust zone? In other words, I want to have a ACL that > filter packets received from interface A and egress from interface B while > doesn't filter packets recieved from interface A and egress from interface C. > is there this feature already or in vpp future plan? Why not use an outbound ACL applied on interface B, matching traffic with sources on interface A, to achieve this ? --a > > Best Regards, > > > > > > -- > > > Mahmood Gholipour > M.Sc Candidate, > School of Electrical and Computer Engineering, > College of Engineering, > University of Tehran > > > > > On Mon, May 8, 2017 at 9:05 PM, Andrew 👽 Yourtchenko <ayour...@gmail.com> > wrote: >> >> >> --a >> >>> On 8 May 2017, at 13:25, mahmood gholipour <mahmood.gholip...@gmail.com> >>> wrote: >>> >>> Hi >>> I have read the SecurityGroups page in your Wiki about acl plugin and >>> executed some of functionality test on this feature. So, my question is >>> whether we have input and output acl simultaneously? >> >> Yes, an interface can have an ingress and egress ACL at the same time. >> >> >>> In other words, could have we an acl that affect on packets that are >>> recieved from interface A and egress interface B? >> >> This wording I don't understand - could you please clarify what you are >> looking to achieve ? >> >> You can also have a look at the newly committed extended stateful acl test >> in master, that one really goes pretty much packet per packet, so could be >> useful to play with. >> >> --a >> >>> Best Regards, >>> >>> -- >>> >>> >>> Mahmood Gholipour >>> M.Sc Candidate, >>> School of Electrical and Computer Engineering, >>> College of Engineering, >>> University of Tehran >>> >>> _______________________________________________ >>> vpp-dev mailing list >>> vpp-dev@lists.fd.io >>> https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
