[ovs-dev] [RFC 3/3] OVN: add acl reject rule support using icmp4 action
Ben Pfaff
blp at ovn.org
Tue Jan 23 20:44:16 UTC 2018
On Wed, Jan 10, 2018 at 06:59:01PM +0100, Lorenzo Bianconi wrote:
> Whenever the acl reject rule is hit send back an ICMPv4 destination
> unreachable packet and do not handle reject rule as drop one
>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
It's nice to finally get this right! Thank you.
I wonder about the treatment for TCP connections. A connection attempt
to a TCP port that is not listening ordinarily yields a TCP RST
response. I do not know whether an ICMP reply is acceptable. Do you
have any thoughts on that?
I think that this should add an item to NEWS that describes the new
feature.
Thanks,
Ben.
More information about the dev
mailing list