Patent attributes
Some embodiments provide a method for configuring a hardware switch to implement a security policy associated with a logical router of a logical network. The method receives a logical router definition. The logical router logically connects a physical machine, connected to a physical port of the hardware switch, to several VMs that execute on a set of host machines. The method defines a set of routing components for the logical router, each of which, has several interfaces. The method receives a security policy that includes a set of security rules for the physical machine and populates an ACL table with ACL rules data generated based on the received set of security rules. The method then for at least one interface of one of the routing components, generates linking data that links a set of one or more ACL rules in the ACL table to the interface of the routing component.
