Rule

Media Type
[application/vnd.org.midonet.Rule-v2+json]
GET     /chains/:chainId/rules
GET     /rules/:ruleId
POST    /chains/:chainId/rules
DELETE  /rules/:ruleId

Rule is an entity that represents a rule on a virtual router chain in MidoNet. It contains the following fields:

Field NameTypePOST/PUTRequiredDescription

uri

URI

  

A GET against this URI refreshes the representation of this resource.

id

UUID

POST

No

A unique identifier of the resource. If this field is omitted in the POST request, a random UUID is generated.

type

String

POST

Yes

The rule type. It must be one of the following: accept, continue, dnat, drop, jump, rev_dnat, rev_snat, reject, return, snat, trace.

condInvert

Boolean

POST

No

Inverts the conjunction of all the other predicates.

dlDst

String

POST

No

Matches the destination physical (MAC) address.

dlSrc

String

POST

No

Matches the source physical (MAC) address.

dlDstMask

String

POST

No

Destination physical (MAC) address mask in the format xxxx.xxxx.xxxx where each x is a hexadecimal digit.

dlSrcMask

String

POST

No

Source physical (MAC) address mask in the format xxxx.xxxx.xxxx where each x is a hexadecimal digit.

dlType

Integer

POST

No

Matches the ethertype provided by the data link layer. The value must be in the interval [0x800, 0xFFFF].

fragmentPolicy

String

POST

No

Matches the datagram fragmentation. The value can be one of the following: any (matches any fragment), header (matches the first fragment, nonheader (matches subsequent fragments), unfragmented (matches unfragmented datagrams).

inPorts

Array of UUID

POST

No

Matches the list of (interior or exterior) ingress ports.

ipAddrGroupDst

UUID

POST

No

Matches the destination IP address with an IP address from the specified IP address group.

ipAddrGroupSrc

UUID

POST

No

Matches the source IP address with an IP address from the specified IP address group.

invDlDst

Boolean

POST

No

Inverts the destination data link (MAC) address predicate. It has no effect unless the dlDst field is also set.

invDlSrc

Boolean

POST/PUT

No

Inverts the source data link (MAC) address predicate. It has no effect unless the dlSrc field is also set.

invDlType

Boolean

POST

No

Inverts the data link ethertype predicate. It has no effect unless the dlType field is also set.

invInPorts

Boolean

POST

No

Inverts the ingress ports predicate.

invIpAddrGroupDst

Boolean

POST

No

Inverts the destination IP address group predicate.

invIpAddrGroupSrc

Boolean

POST

No

Inverts the source IP address group predicate.

invNwDst

Boolean

POST

No

Inverts the network layer destination address predicate. It has no effect unless the nwDst field is also set.

invNwProto

Boolean

POST

No

Inverts the network layer protocol number predicate. It has no effect unless the nwProto field is also set.

invNwSrc

Boolean

POST

No

Inverts the network layer source address predicate. It has no effect unless the nwSrc field is also set.

invNwTos

Boolean

POST

No

Inverts the network layer type-of-service (ToS) predicate. It has no effect unless the nwTos field is also set.

invOutPorts

Boolean

POST

No

Inverts the egress ports predicate.

invPortGroup

Boolean

POST

No

Inverts the port group predicate.

invTpDst

Boolean

POST

No

Inverts the destination TCP/UDP port range predicate.

invTpSrc

Boolean

POST

No

Inverts the source TCP/UDP port range predicate.

invTraversedDevice

Boolean

POST

No

Inverts the traversed device predicate.

matchForwardFlow

Boolean

POST

No

Matches a forward flow.

matchReturnFlow

Boolean

POST

No

Matches a return flow.

noVlan

Boolean

POST

No

Matches if the traffic does not belong to a VLAN.

nwDstAddress

String

POST

No

Matches the network layer destination address.

nwDstLength

Integer

POST

No

Matches the network layer destination address nwDstAddress for the specified prefix length.

nwProto

Integer

POST

No

Matches the network layer protocol number.

nwSrcAddress

String

POST

No

Matches the network layer source address.

nwSrcLength

Integer

POST

No

Matches the network layer source address nwSrcAddress for the specified prefix length.

nwTos

Integer

POST

No

Matches the value of the IP datagram type-of-service (ToS) field.

outPorts

Array of UUID

POST

No

Matches the list of (interior or exterior) egress ports.

position

Integer

POST

No

The position at which this rule should be inserted. The value must be greater than or equal to 1 and less than or equal to the greatest position in the chain. The default is one (1).

portGroup

UUID

POST

No

Matches the traffic originated from an exterior port from the specified port group.

tpDst

(Integer, Integer)

POST

No

Matches the range of the TCP/UDP destination ports. It is a JSON object with two integer fields start and end defining the boundaries of the port range interval. See the section called “Transport Layer Port Range”.

tpSrc

(Integer, Integer)

POST

No

Matches the range of the TCP/UDP source ports. It is a JSON object with two integer fields start and end defining the boundaries of the port range interval. See the section called “Transport Layer Port Range”.

traversedDevice

UUID

POST

No

Matches that the traffic traverses the device with the specified identifier.

vlan

Boolean

POST

No

Matches the VLAN identifier.

action

String

  

The action applied by this rule. It can be one of the following: accept, continue, drop, jump, reject, return.

chainId

UUID

  

The identifier of the chain to which the rule belongs.

The rules of type jump include the following fields.

Field NameTypePOST/PUTRequiredDescription

jumpChainId

UUID

POST

Yes

The identifier of the chain where to jump.

jumpChainName

String

  

The name of the jump chain.

The rules of type dnat, snat, rev_dnat and rev_dnat include the following fields.

Field NameTypePOST/PUTRequiredDescription

flowAction

String

POST

Yes

The action to take on each flow. The value must be one of the following: accept, continue, return.

The rules of type dnat and snat include the following fields.

Field NameTypePOST/PUTRequiredDescription

natTargets

Array of (String, String, Integer, Integer)

POST

No

The list of NAT targets for a forward NAT rule. See: the section called “NAT Targets”.

Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.