The SONiC header designation has the following format:
target:: sonic filter-name {inet|inet6|mixed}
-
filter-name: defines the name of the filter. This is a required field. Note that the filter name will be present as a key of every ACE (i.e. rule) in generated policy. For example if the filter-name is 'MyPolicy', each ACE will come out like:
{ 'ACL_RULE': { 'MyPolicy|RULE_10': {...}, 'MyPolicy|RULE_20': {...}, ... } }
- action:: The action to take when matched. See Actions section for valid options.
- destination-address:: One or more destination address tokens.
- destination-port:: One or more service definition tokens.
- expiration:: Stop rendering this term after specified date. Date format: YYYY-MM-DD.
- protocol:: The network protocols this term will match, such as tcp, udp, or sctp.
- source-address:: One or more source address tokens.
- source-port:: One or more service definition tokens.
- accept
- deny
- tcp-established:: Only match "established" connections. It is not stateful - any TCP packet with ACK and/or RST TCP flag set will match.