Lines Matching refs:rule
70 # Every PF rule needs to be labeled so that we can later kill the state
71 # associated with that rule (using pfctl -k label -k 110). It is hard
72 # to come up with a meaningfully named label for each PF rule, so we
173 for rule in security_group_rules:
174 if rule.get('ethertype') == constants.IPv4:
175 ipv4_sg_rules.append(rule)
176 elif rule.get('ethertype') == constants.IPv6:
177 if rule.get('protocol') in ['icmp', 'icmp6']:
178 rule['protocol'] = 'ipv6-icmp'
179 ipv6_sg_rules.append(rule)
183 return [rule
184 for rule in port.get('security_group_rules', [])
185 if rule['direction'] == direction]
246 for rule in self.sg_rules.get(sg_id, []):
247 if rule['direction'] == direction:
250 rule, port, direction))
253 def _expand_sg_rule_with_remote_ips(self, rule, port, direction):
254 """Expand a remote group rule to rule per remote group IP."""
255 remote_group_id = rule.get('remote_group_id')
257 ethertype = rule['ethertype']
259 LOG.debug("Expanding rule: %s with remote IPs: %s" %
260 (rule, self.sg_members[remote_group_id][ethertype]))
263 ip_rule = rule.copy()
270 yield rule
276 for rule in self.sg_rules.get(sg_id, []):
277 if not direction or rule['direction'] == direction:
278 remote_sg_id = rule.get('remote_group_id')
279 ether_type = rule.get('ethertype')
311 ''' Add a generic block everything rule. The default security group