These commands operates on ACL objects for a given entity. The
entity can be either a logical switch or a port group. The entity
can be specified as uuid or name. The --type option can be used
to specify the type of the entity, in case both a logical switch
and a port groups exist with the same name specified for entity.
type must be either switch or port-group.
[--type={switch | port-group}] [--log] [--meter=meter]
[--severity=severity] [--name=name] [--may-exist] acl-add
entity direction priority match verdict
Adds the specified ACL to entity. direction must be
either from-lport or to-lport. priority must be
between 0 and 32767, inclusive. A full description
of the fields are in ovn-nb(5). If --may-exist is
specified, adding a duplicated ACL succeeds but the
ACL is not really created. Without --may-exist,
adding a duplicated ACL results in error.
The --log option enables packet logging for the
ACL. The options --severity and --name specify a
severity and name, respectively, for log entries
(and also enable logging). The severity must be one
of alert, warning, notice, info, or debug. If a
severity is not specified, the default is info. The
--meter=meter option is used to rate-limit packet
logging. The meter argument names a meter
configured by meter-add.
[--type={switch | port-group}] acl-del entity [direction
[priority match]]
Deletes ACLs from entity. If only entity is
supplied, all the ACLs from the entity are deleted.
If direction is also specified, then all the flows
in that direction will be deleted from the entity.
If all the fields are given, then a single flow
that matches all the fields will be deleted.
[--type={switch | port-group}] acl-list entity
Lists the ACLs on entity.
