Ingress and Egress table in Calico Network policy

Hi all,

I gone through the official documentation of Calico policy and I have come across the below table. When both Ingress and Egress rule is set as “NO” why the value taken as “Ingress”?

Can anyone please explain the logic behind this.

Ingress rule present? Egress rule present? Value
No No Ingress
Yes No Ingress
No Yes Egress
Yes Yes Ingress, Egress

The intent here is to match kubernetes network policy behaviour.

For example, the “enable isolation” policy in the kubernetes basic policy demo: Kubernetes policy, basic tutorial is:

kind: NetworkPolicy
  name: default-deny
  namespace: policy-demo
    matchLabels: {}

And the effect of that is to block all ingress traffic to all pods in the policy-demo namespace.

It would be confusing if a similar Calico network policy didn’t result in the same behaviour.