ACL

All acl value types are described here.

Basic Type

acl action

yaml value: str

There are 4 types of acl actions:

• forbid_log

  Forbid if match the rule and log. Alternatives: deny_log, reject_log.

• forbid

  Forbid if match the rule. Alternatives: deny, reject.

• permit_log

  Permit if match the rule and log. Alternatives: allow_log, accept_log.

• permit

  Permit if match the rule. Alternatives: allow, accept.

The match order is the same as the list order above.

acl rule

yaml value: mix

All the rules share the same config format described in this section.

An acl rule is consisted of many records, each of them has an associated acl action. A default missed action can be set in the rule, it set the default action if no record matches.

The value in map format is consisted of the following fields:

• default

  Set the default acl action if no rule match.

  Default action if rule is set but with default omitted: forbid if not specified in the rule’s doc.

• any of the acl actions as the key str

  The value should be a valid record or a list of them, with the key string as the acl action. See detail types for the format of each record type.

The value could also be a single record or a list of them, which means only them are permitted with no log.

The default missed action is forbid and the default found action is permit, if they are not specified in the detail types.

Detail Type

network acl rule

yaml value: acl rule

The record type should be ip network str.

ingress network acl rule

yaml value: network acl rule

The same type as network acl rule. Default added: permit 127.0.0.1 and ::1.