Some initial plumbing for sfatables

[sfa.git] / sfatables / README

diff --git a/sfatables/README b/sfatables/README
new file mode 100644 (file)
index 0000000..ed7b7ac
--- /dev/null
+++ b/sfatables/README
@@ -0,0 +1,17 @@
+Examples:
+
+Add rules:
+
+e.g. 
+* sfatables -A INCOMING --requestor-hrn ple.emaniacs.* -j ACCEPT
+* sfatables -A INCOMING --requestor-hrn ple.* -j RESTRICT_NODES --include-only ple.emaniacs.pool_ple
+
+or
+
+* sfatables -A INCOMING --requestor-hrn=plc.princeton.coblitz requested=plc.tp.*[tp_coblitz=true] -> result=true
+requester=plc.princeton.other_whitelisted_slice requested=plc.tp.*[tp_coblitz=true] -> result=true
+requester=* requested=plc.tp.*[tp_coblitz=true] -> result=false
+
+Default policy:
+
+* sfatables -P INCOMING REJECT