[ovs-discuss] [ACL 2/3] vswitchd: Implement local ACL functionality.
Ben Pfaff
blp at nicira.com
Mon Aug 10 17:39:44 UTC 2009
Jesse Gross <jesse at nicira.com> writes:
>> I'm not sure that I'm explaining well. I would expect the
>> following configuration would cause all incoming traffic on
>> bonded port bond0 (interfaces eth0 and eth1) to be dropped. With
>> your implementation, will that happen?
>>
>> bridge.br0.port = bond0
>> bridge.br0.port = eth2
>> bonding.bond0.slave = eth0
>> bonding.bond0.slave = eth1
>> acl.group.nuke.1 = deny
>> acl.port.bond0.out = nuke
>>
>
> Yes, this set of rules will do what you expect. From a user's
> perspective, ACL's work on ports. From an implementation perspective,
> they work on interfaces.
OK, thanks, glad to hear that.
More information about the discuss
mailing list