Enhance ACNP applied to NodePort Service

Signed-off-by: graysonwu <wgrayson@vmware.com>

Author: GraysonWu

pkg/agent/openflow/pipeline.go

@@ -2113,7 +2113,7 @@ func (f *featureNetworkPolicy) ingressClassifierFlows() []binding.Flow {
 			Action().GotoTable(IngressMetricTable.GetID()).
 			Done(),
 	}
-	if f.proxyAll {
+	if f.enableAntreaPolicy && f.proxyAll {
 		// This generates the flow to match the NodePort Service packets and forward them to AntreaPolicyIngressRuleTable.
 		// Policies applied on NodePort Service will be enforced in AntreaPolicyIngressRuleTable.
 		flows = append(flows, IngressSecurityClassifierTable.ofTable.BuildFlow(priorityNormal+1).

test/e2e/antreapolicy_test.go

@@ -3734,7 +3734,7 @@ func testACNPNodePortServiceSupport(t *testing.T, data *TestData) {
 	testcases := []podToAddrTestStep{
 		{
 			Pod(fmt.Sprintf("%s/%s", data.testNamespace, clientName)),
-			nodeIP(1),
+			nodeIP(0),
 			svc1.Spec.Ports[0].NodePort,
 			Rejected,
 		},