faucet.acl module¶
Configuration for ACLs.
-
class
faucet.acl.
ACL
(_id, dp_id, conf)[source]¶ Bases:
faucet.conf.Conf
Contains the state for an ACL, including the configuration.
ACL Config
ACLs are configured under the ‘acls’ configuration block. The acls block contains a dictionary of individual acls each keyed by its name.
Each acl contains a list of rules, a packet will have the first matching rule applied to it.
Each rule is a dictionary containing the single key ‘rule’ with the value the matches and actions for the rule.
The matches are key/values based on the ryu RESTFul API. The key ‘actions’ contains a dictionary with keys/values as follows:
- allow (bool): if True allow the packet to continue through the Faucet pipeline, if False drop the packet.
- meter (str): meter to apply to the packet
- output (dict): used to output a packet directly. details below.
The output action contains a dictionary with the following elements:
- port (int or string): the port to output the packet to
- swap_vid (int): rewrite the vlan vid of the packet when outputting
- failover (dict): Output with a failover port. The following elements can be configured.
- group_id (int): the ofp group id to use for the group
- ports (list): a list of the ports the packet can be output through
-
defaults
= {'rules': None, 'exact_match': False}¶
-
defaults_types
= {'rules': <class 'list'>, 'exact_match': <class 'bool'>}¶
-
exact_match
= None¶
-
mirror_destinations
= set()¶
-
rules
= None¶