On Sun, Apr 22, 2018 at 09:52:35AM -0700, Han Zhou wrote: > The new option --port-group is supported for ovn-nbctl ACL related > commands. User can now ovn-nbctl to add/delete/list ACLs on port > groups. E.g. > > ovn-nbctl --port-group acl-add port_group1 to-lport 1000 \ > 'outport == @port_group1 && ip4.src == $port_group1_ip4' \ > allow-related > > Signed-off-by: Han Zhou <hzh...@ebay.com>
Thanks for working on making ovn-nbctl more useful here. The documentation is pretty inconsistent about whether it mentions --port-group. I think that in most cases the names of port groups and lswitches are going to be different. As a user interface convenience, I suggest that there be *two* options: --port-group and --lswitch (or whatever). If either one is given, then the command works with that kind of entity. If neither one is given, then the command works with whichever one actually exists with the given name, or exits with an error if both exist. Thanks, Ben. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
