3 namespace "urn:opendaylight:netvirt:aclservice";
6 import ietf-access-control-list { prefix ietf-acl;}
7 import ietf-yang-types { prefix "yang"; revision-date 2013-07-15; }
8 import yang-ext { prefix ext; revision-date 2013-07-09;}
9 import ietf-interfaces { prefix "ietf-if"; revision-date 2014-05-08;}
10 import ietf-inet-types { prefix "inet"; revision-date 2013-07-15; }
15 revision "2016-06-08" {
20 identity direction-base {
21 description "Base identity for direction";
24 identity direction-ingress {
25 description "Ingress direction.";
29 identity direction-egress {
30 description "Egress direction.";
35 typedef ip-prefix-or-address {
36 description "ip prefix or ip address";
43 augment "/ietf-acl:access-lists/ietf-acl:acl/ietf-acl:access-list-entries/ietf-acl:ace" {
44 description "Security Rule Attributes";
45 ext:augment-identifier "security-rule-attr";
46 leaf remote-group-id {
47 description "The remote group ID to be associated with this security group rule.";
52 base "direction-base";
54 description "The direction in which metering rule is applied.
55 For a compute instance, an ingress security group rule is
56 applied to incoming (ingress) traffic for that instance.
57 An egress rule is applied to traffic leaving the instance.";
61 augment "/ietf-if:interfaces/ietf-if:interface" {
62 description "Apply ACL to interfaces";
63 ext:augment-identifier "interface-acl";
64 leaf port-security-enabled {
66 description "The port security status. The status is enabled (true) or disabled (false).";
68 leaf-list security-groups {
70 description "The security group ID to associate with this interface.";
72 list allowed-address-pairs {
73 description "Allowed address pairs for this interface.";
74 key "mac-address ip-address";
76 type yang:mac-address;
79 type ip-prefix-or-address;
84 container ports-subnet-ip-prefixes {
85 list port-subnet-ip-prefixes {
89 description "Port ID";
91 leaf-list subnet-ip-prefixes {
92 type ip-prefix-or-address;
93 description "Subnet IP Prefixes of the Port.";
98 container acl-ports-lookup {
100 description "Container used to manage list of ports per ACL based on
101 port's IP address/prefix (including IP address/prefix specified in
102 allowed-address-pair)";
104 list acl-ports-by-ip {
106 description "Refers to an ACL which are associated with list of
107 ports filtered based on IP address/prefix.";
111 description "ACL name.";
113 list acl-ip-prefixes {
115 description "IP Prefixes and Allowed-Address-Pairs owned by
116 ports where all such ports enforce the same ACL identified
120 type ip-prefix-or-address;
121 description "IP address/prefix";
125 description "Contains a list of ports that are enforcing
126 the same ACL identified by acl-name.";
129 description "Port UUID string";