Condition

A mirror condition uses the same fields as a chain rule. See the section called “Rule”.

Field NameTypePOST/PUTRequiredDescription

condInvert

Boolean

POST/PUT

No

Inverts the conjunction of all the other predicates.

dlDst

String

POST/PUT

No

Matches the destination physical (MAC) address.

dlSrc

String

POST/PUT

No

Matches the source physical (MAC) address.

dlDstMask

String

POST/PUT

No

Destination physical (MAC) address mask in the format xxxx.xxxx.xxxx where each x is a hexadecimal digit.

dlSrcMask

String

POST/PUT

No

Source physical (MAC) address mask in the format xxxx.xxxx.xxxx where each x is a hexadecimal digit.

dlType

Integer

POST/PUT

No

Matches the ethertype provided by the data link layer. The value must be in the interval [0x800, 0xFFFF].

fragmentPolicy

String

POST/PUT

No

Matches the datagram fragmentation. The value can be one of the following: any (matches any fragment), header (matches the first fragment, nonheader (matches subsequent fragments), unfragmented (matches unfragmented datagrams).

inPorts

Array of UUID

POST/PUT

No

Matches the list of (interior or exterior) ingress ports.

ipAddrGroupDst

UUID

POST/PUT

No

Matches the destination IP address with an IP address from the specified IP address group.

ipAddrGroupSrc

UUID

POST/PUT

No

Matches the source IP address with an IP address from the specified IP address group.

invDlDst

Boolean

POST/PUT

No

Inverts the destination data link (MAC) address predicate. It has no effect unless the dlDst field is also set.

invDlSrc

Boolean

POST/PUT

No

Inverts the source data link (MAC) address predicate. It has no effect unless the dlSrc field is also set.

invDlType

Boolean

POST/PUT

No

Inverts the data link ethertype predicate. It has no effect unless the dlType field is also set.

invInPorts

Boolean

POST/PUT

No

Inverts the ingress ports predicate.

invIpAddrGroupDst

Boolean

POST/PUT

No

Inverts the destination IP address group predicate.

invIpAddrGroupSrc

Boolean

POST/PUT

No

Inverts the source IP address group predicate.

invNwDst

Boolean

POST/PUT

No

Inverts the network layer destination address predicate. It has no effect unless the nwDst field is also set.

invNwProto

Boolean

POST/PUT

No

Inverts the network layer protocol number predicate. It has no effect unless the nwProto field is also set.

invNwSrc

Boolean

POST/PUT

No

Inverts the network layer source address predicate. It has no effect unless the nwSrc field is also set.

invNwTos

Boolean

POST/PUT

No

Inverts the network layer type-of-service (ToS) predicate. It has no effect unless the nwTos field is also set.

invOutPorts

Boolean

POST/PUT

No

Inverts the egress ports predicate.

invPortGroup

Boolean

POST/PUT

No

Inverts the port group predicate.

invTpDst

Boolean

POST/PUT

No

Inverts the destination TCP/UDP port range predicate.

invTpSrc

Boolean

POST/PUT

No

Inverts the source TCP/UDP port range predicate.

invTraversedDevice

Boolean

POST/PUT

No

Inverts the traversed device predicate.

matchForwardFlow

Boolean

POST/PUT

No

Matches a forward flow.

matchReturnFlow

Boolean

POST/PUT

No

Matches a return flow.

noVlan

Boolean

POST/PUT

No

Matches if the traffic does not belong to a VLAN.

nwDstAddress

String

POST/PUT

No

Matches the network layer destination address.

nwDstLength

Integer

POST/PUT

No

Matches the network layer destination address nwDstAddress for the specified prefix length.

nwProto

Integer

POST/PUT

No

Matches the network layer protocol number.

nwSrcAddress

String

POST/PUT

No

Matches the network layer source address.

nwSrcLength

Integer

POST/PUT

No

Matches the network layer source address nwSrcAddress for the specified prefix length.

nwTos

Integer

POST/PUT

No

Matches the value of the IP datagram type-of-service (ToS) field.

outPorts

Array of UUID

POST/PUT

No

Matches the list of (interior or exterior) egress ports.

portGroup

UUID

POST/PUT

No

Matches the traffic originated from an exterior port from the specified port group.

tpDst

(Integer, Integer)

POST/PUT

No

Matches the range of the TCP/UDP destination ports. It is a JSON object with two integer fields start and end defining the boundaries of the port range interval. See the section called “Transport Layer Port Range”.

tpSrc

(Integer, Integer)

POST/PUT

No

Matches the range of the TCP/UDP source ports. It is a JSON object with two integer fields start and end defining the boundaries of the port range interval. See the section called “Transport Layer Port Range”.

traversedDevice

UUID

POST/PUT

No

Matches that the traffic traverses the device with the specified identifier.

vlan

Boolean

POST/PUT

No

Matches the VLAN identifier.

Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.