On Thu, Feb 15, 2018 at 12:36:35AM +0100, Daniel Alvarez Sanchez wrote:
> If we would have the Port_Set we could simply write the match part as
> "outport == $security_group1 && ip4 && ip4.src == 0.0.0.0/0 && tcp &&
> tcp.dst == 22"
> and reduce the number of ACLs to 1 per security group rule instead of 1 per
> group rule per port as it is right now. As you can see, we're referencing
> the relevant security group rule in the CMS through the
> key in the external_ids column so we would reduce all ACLs which correspond
> the same SG rule to just 1.
OK, that matches up with what Han says. Han is going to rebase the
"port set" patches, so I think we'll have a solution for this soon after
discuss mailing list