module ietf-acl { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-acl"; prefix acl; import ietf-yang-types { prefix "ietf"; } import packet-fields { prefix "packet-fields"; } organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group"; contact "WG Web: WG List: WG Chair: Juergen Schoenwaelder WG Chair: Tom Nadeau Editor: Dean Bogdanovic Editor: Kiran Agrahara Sreenivasa Editor: Lisa Huang Editor: Dana Blair"; description "This YANG module defines a component that describing the configuration of Access Control Lists (ACLs)."; revision 2014-10-10 { description "Creating base model for netmod."; reference "RFC 6020: YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)"; } identity acl-base { description "Base acl type for all ACL type identifiers."; } identity ip-acl { base "acl:acl-base"; description "layer 3 ACL type"; } identity eth-acl { base "acl:acl-base"; description "layer 2 ACL type"; } typedef acl-type { type identityref { base "acl-base"; } description "This type is used to refer to an Access Control List (ACL) type"; } typedef acl-ref { type leafref { path "/acl:access-lists/acl:access-list/acl:acl-name"; } description "This type is used by data models that need to referenced an acl"; } container access-lists { description "Access control lists."; list access-list { key acl-name; description " An access list (acl) is an ordered list of access list entries (ace). Each ace has a sequence number to define the order, list of match criteria, and a list of actions. Since there are several kinds of acls implementeded with different attributes for each and different for each vendor, this model accomodates customizing acls for each kind and for each vendor. "; leaf acl-name { type string; description "The name of access-list. A device MAY restrict the length and value of this name, possibly space and special characters are not allowed."; } leaf acl-type { type acl-type; description "Type of ACL"; } container acl-oper-data { config false; description "Overall ACL operational data"; leaf match-counter { type ietf:counter64; description "Total match count for ACL"; } leaf-list targets { type string; description "List of targets where ACL is applied"; } } container access-list-entries { description "The access-list-entries container contains a list of access-list-entry(ACE)."; list access-list-entry { key rule-name; ordered-by user; description "List of access list entries(ACE)"; leaf rule-name { type string; description "Entry name."; } container matches { description "Define match criteria"; choice ace-type { description "Type of ace."; case ace-ip { uses packet-fields:acl-ip-header-fields; choice ace-ip-version { description "Choice of IP version."; case ace-ipv4 { uses packet-fields:acl-ipv4-header-fields; } case ace-ipv6 { uses packet-fields:acl-ipv6-header-fields; } } } case ace-eth { uses packet-fields:acl-eth-header-fields; } } uses packet-fields:metadata; } container actions { description "Define action criteria"; choice packet-handling { default deny; description "Packet handling action."; case deny { leaf deny { type empty; description "Deny action."; } } case permit { leaf permit { type empty; description "Permit action."; } } } } container ace-oper-data { config false; description "Per ace operational data"; leaf match-counter { type ietf:counter64; description "Number of matches for an ace"; } } } } } } }