diff --git a/scripts/caclmgrd b/scripts/caclmgrd index ea3b6b4df362..8a9f99829636 100755 --- a/scripts/caclmgrd +++ b/scripts/caclmgrd @@ -82,7 +82,6 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): }, "EXTERNAL_CLIENT": { "ip_protocols": ["tcp"], - "dst_ports": ["8081"], "multi_asic_ns_to_host_fwd":True }, "ANY": { @@ -550,7 +549,8 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): # Obtain default IP protocol(s) and destination port(s) for this service ip_protocols = self.ACL_SERVICES[acl_service]["ip_protocols"] - dst_ports = self.ACL_SERVICES[acl_service]["dst_ports"] + if "dst_ports" in self.ACL_SERVICES[acl_service]: + dst_ports = self.ACL_SERVICES[acl_service]["dst_ports"] acl_rules = {} @@ -576,6 +576,19 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): elif self.is_rule_ipv4(rule_props): table_ip_version = 4 + # Read DST_PORT info from Config DB, insert it back to ACL_SERVICES + if acl_service == 'EXTERNAL_CLIENT' and "L4_DST_PORT" in rule_props: + dst_ports = [rule_props["L4_DST_PORT"]] + self.ACL_SERVICES[acl_service]["dst_ports"] = dst_ports + elif acl_service == 'EXTERNAL_CLIENT' and "L4_DST_PORT_RANGE" in rule_props: + dst_ports = [] + port_ranges = rule_props["L4_DST_PORT_RANGE"].split("-") + port_start = int(port_ranges[0]) + port_end = int(port_ranges[1]) + for port in range(port_start, port_end + 1): + dst_ports.append(port) + self.ACL_SERVICES[acl_service]["dst_ports"] = dst_ports + if (self.is_rule_ipv6(rule_props) and (table_ip_version == 4)): self.log_error("CtrlPlane ACL table {} is a IPv4 based table and rule {} is a IPV6 rule! Ignoring rule." .format(table_name, rule_id))