Example condition 1

Only packets whose network source is in are allowed through to network You can accomplish this a few different ways.

One way is to construct a DROP or REJECT rule that has a Condition and an ACCEPT rule with these attributes specify:

  1. DROP when (ethertype equal 2048) AND (src NOT equal (, 16))
  2. ACCEPT when (dst equal (, 24))
  3. DROP

The unconditional drop is needed to make rule 2 meaningful.

To create a rule chain with the above attributes:

  1. If necessary, use the sett command or some other means to access the desired tenant.

    midonet> sett 10a83af63f9342118433c3a43a329528
    tenant_id: 10a83af63f9342118433c3a43a329528
  2. Enter the command to create a new rule chain and assign it a name:

    midonet> chain create name "drop_not_src_mynetwork_INBOUND"
  3. Enter the command to drop IPv4 traffic that does not have the source

    midonet> chain chain5 add rule ethertype 2048 src ! type drop
  4. Enter the command to accept IPv4 traffic with the destination

    midonet> chain chain5 add rule ethertype 2048 dst pos 2 type accept
  5. Enter the command to list the rules added to the new rule chain:

    midonet> chain chain5 list rule
    rule rule3 ethertype 2048 src ! proto 0 tos 0 pos 1 type drop
    rule rule2 ethertype 2048 dst proto 0 tos 0 pos 2 type accept
Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.

loading table of contents...