Intro
VMWare has a nice product called NSX-T which allows you to build a sort of a cloud provider network infrastructure for your virtualized environment (and K8s). It has network segmentation, routing, NAT, stateful firewall, IDS, traffic inspection, etc.
What if you already have a good and working cloud-like architecture and just want to insert some simple ACLs directly on the virtualization layer to outsource traffic filtering directly to the hypervisor, and do not want fancy things like firewall, NAT, IDS, etc. ?
vSwitch doesn't support this; NSX-T does, but it is expensive... What about VDS???
Python scripts used available at git repository: https://github.com/liviozanol/vmware_vds_traffic_filter