Filter
A filter is a policy object defined within an application template that specifies criteria for network traffic. Filters are composed of one or more entries, each defining specific rules based on parameters like Ethernet type, protocol, source/destination ports, and statefulness. These filters are fundamental for creating contracts and defining granular access control policies within the ACI fabric.
Location in GUI: Manage » Tenant Templates[Application] » Schema (within a template's configuration)
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”templates (ndo.schemas)
Section titled “templates (ndo.schemas)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| filters | List | [filters] | No |
filters (ndo.schemas.templates)
Section titled “filters (ndo.schemas.templates)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| entries | List | [entries] | No |
entries (ndo.schemas.templates.filters)
Section titled “entries (ndo.schemas.templates.filters)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| ethertype | Choice | unspecified, ipv4, trill, arp, ipv6, mpls_ucast, mac_security, fcoe, ip | No | ip |
| protocol | Any | Integer[min: 0, max: 255] or Choice[unspecified, icmp, igmp, tcp, egp, igp, udp, icmpv6, eigrp, ospfigp, pim, l2tp] | No | tcp |
| source_from_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | unspecified |
| source_to_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | |
| destination_from_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | unspecified |
| destination_to_port | Any | Integer[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh] | No | |
| stateful | Boolean | true, false | No | false |
Examples
Section titled “Examples”Example-1: FILTER1 with HTTP Filter Entry
This example defines a filter named http_filter within the site1_app_template application template, which is part of the example_schema schema. The http_filter filter contains a single entry named http_filter_ent. This http_filter_ent entry is configured to match IPv4 ethertype ip, TCP traffic protocol tcp, and HTTP traffic with destination_from_port http and destination_to_port http. The stateful: true attribute indicates that the filter should track the connection state for this traffic. This filter could be used in a contract to allow HTTP web traffic.
ndo: schemas: - name: example_schema templates: - name: site1_app_template filters: - name: http_filter entries: - name: http_filter_ent description: HTTP Filter Entry ethertype: ip protocol: tcp source_from_port: unspecified source_to_port: unspecified destination_from_port: http destination_to_port: http stateful: true