[ovs-dev] [PATCH 2/2] FAQ: Mention packet filter incompatibility

YAMAMOTO Takashi yamamoto at valinux.co.jp
Mon May 5 00:13:53 UTC 2014

Signed-off-by: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
 FAQ | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/FAQ b/FAQ
index fc21af4..716c1de 100644
--- a/FAQ
+++ b/FAQ
@@ -676,6 +676,19 @@ A: On Linux kernels before 3.11, the OVS GRE module and Linux GRE module
    can then reload the OVS module following the directions in INSTALL,
    which will ensure that dependencies are satisfied.
+Q: Open vSwitch does not seem to obey my packet filter rules.
+A: It's by design.  Open vSwitch interacts with packets at a lower layer
+   than typical packet-filter implementations like iptables.
+   For simple filtering rules, it might be possible to achieve similar
+   by installing appropriate OpenFlow flows instead.
+   If the use of a particular packet filter software is essential,
+   Open vSwitch might not be the best choice for you.  On Linux, you might
+   want to consider to use Linux Bridge, which works with iptables.
+   On NetBSD, you might want to consider to use bridge(4) with BRIDGE_IPF
+   option.
 Quality of Service (QoS)

More information about the dev mailing list