Acl cli reference

clear acl-plugin sessions

clear acl-plugin sessions

Declaration: aclplugin_clear_command src/plugins/acl/acl.c line 3566

Implementation: acl_clear_aclplugin_fn

set acl-plugin

set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>

Declaration: aclplugin_set_command src/plugins/acl/acl.c line 3500

Implementation: acl_set_aclplugin_fn

set acl-plugin acl

set acl-plugin acl <permit|deny> src <PREFIX> dst <PREFIX> proto X sport X-Y dport X-Y [tag FOO] {use comma separated list for multiple rules}

Create an Access Control List (ACL): an ACL is composed of more than one Access control element (ACE). Multiple ACEs can be specified with this command using a comma separated list.

Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP ports, but this CLI does not).

An ACL can optionally be assigned a ‘tag’ - which is an identifier understood by the client. VPP does not examine it in any way.

set acl-plugin acl <permit|deny> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> [tag FOO]

Declaration: aclplugin_set_acl_command src/plugins/acl/acl.c line 3602

Implementation: acl_set_aclplugin_acl_fn

set acl-plugin interface

set acl-plugin interface <interface> <input|output> <acl INDEX> [del]

[un]Apply an ACL to an interface.: The ACL is applied in a given direction, either input or output. The ACL being applied must already exist.

set acl-plugin interface <input|output> acl <index> [del]

Declaration: aclplugin_set_interface_command src/plugins/acl/acl.c line 3581

Implementation: acl_set_aclplugin_interface_fn

show acl-plugin acl

show acl-plugin acl [index N]

Declaration: aclplugin_show_acl_command src/plugins/acl/acl.c line 3506

Implementation: acl_show_aclplugin_acl_fn

show acl-plugin decode 5tuple

show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX

Declaration: aclplugin_show_decode_5tuple_command src/plugins/acl/acl.c line 3524

Implementation: acl_show_aclplugin_decode_5tuple_fn

show acl-plugin interface

show acl-plugin interface [sw_if_index N] [acl]

Declaration: aclplugin_show_interface_command src/plugins/acl/acl.c line 3530

Implementation: acl_show_aclplugin_interface_fn

show acl-plugin lookup context

show acl-plugin lookup context [index N]

Declaration: aclplugin_show_lookup_context_command src/plugins/acl/acl.c line 3512

Implementation: acl_show_aclplugin_lookup_context_fn

show acl-plugin lookup user

show acl-plugin lookup user [index N]

Declaration: aclplugin_show_lookup_user_command src/plugins/acl/acl.c line 3518

Implementation: acl_show_aclplugin_lookup_user_fn

show acl-plugin macip acl

show acl-plugin macip acl [index N]

Declaration: aclplugin_show_macip_acl_command src/plugins/acl/acl.c line 3554

Implementation: acl_show_aclplugin_macip_acl_fn

show acl-plugin macip interface

show acl-plugin macip interface

Declaration: aclplugin_show_macip_interface_command src/plugins/acl/acl.c line 3560

Implementation: acl_show_aclplugin_macip_interface_fn

show acl-plugin memory

show acl-plugin memory

Declaration: aclplugin_show_memory_command src/plugins/acl/acl.c line 3536

Implementation: acl_show_aclplugin_memory_fn

show acl-plugin sessions

show acl-plugin sessions

Declaration: aclplugin_show_sessions_command src/plugins/acl/acl.c line 3542

Implementation: acl_show_aclplugin_sessions_fn

show acl-plugin tables

show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]

Declaration: aclplugin_show_tables_command src/plugins/acl/acl.c line 3548

Implementation: acl_show_aclplugin_tables_fn