summaryrefslogtreecommitdiffstats
path: root/examples/ncclient/acl/config_acl.xml
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2018-08-21 15:19:11 +0200
committerMarek Gradzki <mgradzki@cisco.com>2018-08-21 15:28:57 +0200
commit579bc2fc74a764a149afa30291d734f6ebe18b94 (patch)
treea848a0febc977a9673f555b4d3ceb8a3c6b18dab /examples/ncclient/acl/config_acl.xml
parent160ba2a4f7586e48ff1e53caed871b0010660c73 (diff)
examples/ncclient: update readme with <validate> example
Change-Id: Id5aa173292d00aee0dd37d0853d46cb98e2cce05 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'examples/ncclient/acl/config_acl.xml')
-rw-r--r--examples/ncclient/acl/config_acl.xml185
1 files changed, 185 insertions, 0 deletions
diff --git a/examples/ncclient/acl/config_acl.xml b/examples/ncclient/acl/config_acl.xml
new file mode 100644
index 000000000..164fd5aaa
--- /dev/null
+++ b/examples/ncclient/acl/config_acl.xml
@@ -0,0 +1,185 @@
+<!--
+ ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+<config>
+ <nat xmlns="urn:ietf:params:xml:ns:yang:ietf-nat">
+ <instances>
+ <instance>
+ <id>0</id>
+ <policy>
+ <id>0</id>
+ </policy>
+ </instance>
+ </instances>
+ </nat>
+ <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
+ <interface>
+ <name>local0</name>
+ <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type>
+ <enabled>false</enabled>
+ </interface>
+ <interface>
+ <name>loop1</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>00:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>tcp-acl</name>
+ </vpp-acls>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>udp-acl</name>
+ </vpp-acls>
+ <vpp-macip-acl>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
+ <name>macip-acl</name>
+ </vpp-macip-acl>
+ </ingress>
+ </acl>
+ </interface>
+ </interfaces>
+ <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acl>
+ <acl-name>macip-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>macip-rule</rule-name>
+ <matches>
+ <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ </vpp-macip-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-v6-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-v6-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ <icmp-v6-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-v6-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>udp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>udp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <udp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ </udp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>tcp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>tcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <tcp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ <tcp-flags-mask>1</tcp-flags-mask>
+ <tcp-flags-value>7</tcp-flags-value>
+ </tcp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ </access-lists>
+</config>