for the <code>from-lport</code> direction. <code>allow</code>
ACLs translate into logical flows with the <code>next;</code>
action, <code>allow-related</code> ACLs translate into logical
- flows with the <code>ct_next;</code> action, other ACLs translate
- to <code>drop;</code>. The <code>priority</code> values from the
- <code>ACL</code> table are used directly.
+ flows with the <code>ct_commit; next;</code> actions, other ACLs
+ translate to <code>drop;</code>. The <code>priority</code> values
+ from the <code>ACL</code> table have a limited range and have 1000
+ added to them to leave room for OVN default flows at both higher
+ and lower priorities.
</p>
<p>
<dt><code>ct_commit;</code></dt>
<dd>
- Commit the flow to the connection tracking entry associated
- with it by a previous call to <code>ct_next</code>.
+ <p>
+ Commit the flow to the connection tracking entry associated
+ with it by a previous call to <code>ct_next</code>.
+ </p>
+ <p>
+ Note that if you want processing to continue in the next table,
+ you must execute the <code>next</code> action after
+ <code>ct_commit</code>.
+ </p>
</dd>
<dt><code>arp { <var>action</var>; </code>...<code> };</code></dt>