faucet.acl module

Configuration for ACLs.

class faucet.acl.ACL(_id, dp_id, conf)[source]

Bases: faucet.conf.Conf

Contains the state for an ACL, including the configuration.

ACL Config

ACLs are configured under the ‘acls’ configuration block. The acls block contains a dictionary of individual acls each keyed by its name.

Each acl contains a list of rules, a packet will have the first matching rule applied to it.

Each rule is a dictionary containing the single key ‘rule’ with the value the matches and actions for the rule.

The matches are key/values based on the ryu RESTFul API. The key ‘actions’ contains a dictionary with keys/values as follows:

  • allow (bool): if True allow the packet to continue through the Faucet pipeline, if False drop the packet.
  • meter (str): meter to apply to the packet
  • output (dict): used to output a packet directly. details below.

The output action contains a dictionary with the following elements:

  • port (int or string): the port to output the packet to
  • swap_vid (int): rewrite the vlan vid of the packet when outputting
  • failover (dict): Output with a failover port. The following elements can be configured.
  • group_id (int): the ofp group id to use for the group
  • ports (list): a list of the ports the packet can be output through
defaults = {'exact_match': False, 'rules': None}
defaults_types = {'exact_match': <class 'bool'>, 'rules': <class 'list'>}
exact_match = None
mirror_destinations = set()
rules = None
to_conf()[source]