This feature allows users to migrate the egress firewall configuration when migrating the cluster network provider from OpenShift SDN to OVNKubernetes, and rollback.

All the existing EgressNetworkPolicy CRs will be converted to EgressFirewall CRs during the SDN migration by default. If users don't want such automatic conversion, they can disable it by

oc patch network.operator cluster --type='merge' --patch  '{"spec":{"migration":{"features":{"egressfirewall":false}}}}' 

NOTE: For EgressFirewall CRs, the name can only be set to 'default', but there is no such limitation for EgressNetworkPolicy CRs. So when rolling back, all the names of EgressNetworkPolicy CRs will be set to 'default' instead of using their origin name.