module openconfig-acl {

    yang-version 1;

    namespace
      "http://openconfig.net/yang/acl";

    prefix oc-acl;

    import openconfig-packet-match {
      prefix oc-match;
    }
    import openconfig-interfaces {
      prefix oc-if;
    }
    import openconfig-yang-types {
      prefix oc-yang;
    }
    import openconfig-extensions {
      prefix oc-ext;
    }

    organization "OpenConfig working group";

    contact
      "OpenConfig working group
    www.openconfig.net";

    description
      "This module defines configuration and operational state
    data for network access control lists (i.e., filters, rules,
    etc.).  ACLs are organized into ACL sets, with each set
    containing one or more ACL entries.  ACL sets are identified
    by a unique name, while each entry within a set is assigned
    a sequence-id that determines the order in which the ACL
    rules are applied to a packet.

    Individual ACL rules specify match criteria based on fields in
    the packet, along with an action that defines how matching
    packets should be handled. Entries have a type that indicates
    the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.";

    revision "2017-05-26" {
      description
        "Separated ACL entries by type";
      reference
        "1.0.0";

    }

    revision "2016-08-08" {
      description
        "OpenConfig public release";
      reference
        "0.2.0";

    }

    revision "2016-01-22" {
      description "Initial revision";
      reference
        "TBD";

    }

    oc-ext:openconfig-version "1.0.0";

    identity ACL_TYPE {
      description
        "Base identity for types of ACL sets";
    }

    identity ACL_IPV4 {
      base ACL_TYPE;
      description
        "IP-layer ACLs with IPv4 addresses";
    }

    identity ACL_IPV6 {
      base ACL_TYPE;
      description
        "IP-layer ACLs with IPv6 addresses";
    }

    identity ACL_L2 {
      base ACL_TYPE;
      description "MAC-layer ACLs";
    }

    identity ACL_MIXED {
      base ACL_TYPE;
      description
        "Mixed-mode ACL that specifies L2 and L3 protocol
      fields.  This ACL type is not implemented by many
      routing/switching devices.";
    }

    identity FORWARDING_ACTION {
      description
        "Base identity for actions in the forwarding category";
    }

    identity ACCEPT {
      base FORWARDING_ACTION;
      description "Accept the packet";
    }

    identity DROP {
      base FORWARDING_ACTION;
      description
        "Drop packet without sending any ICMP error message";
    }

    identity REJECT {
      base FORWARDING_ACTION;
      description
        "Drop the packet and send an ICMP error message to the source";
    }

    identity LOG_ACTION {
      description
        "Base identity for defining the destination for logging
      actions";
    }

    identity LOG_SYSLOG {
      base LOG_ACTION;
      description "Log the packet in Syslog";
    }

    identity LOG_NONE {
      base LOG_ACTION;
      description "No logging";
    }

    identity ACL_COUNTER_CAPABILITY {
      description
        "Base identity for system to indicate how it is able to report
      counters";
    }

    identity INTERFACE_ONLY {
      base ACL_COUNTER_CAPABILITY;
      description
        "ACL counters are available and reported only per interface";
    }

    identity AGGREGATE_ONLY {
      base ACL_COUNTER_CAPABILITY;
      description
        "ACL counters are aggregated over all interfaces, and reported
      only per ACL entry";
    }

    identity INTERFACE_AGGREGATE {
      base ACL_COUNTER_CAPABILITY;
      description
        "ACL counters are reported per interface, and also aggregated
      and reported per ACL entry.";
    }
  }  // module openconfig-acl