[ovs-discuss] ovs + iptables + xcp
pf shineyear
shinepf at gmail.com
Wed Jul 25 23:07:35 UTC 2012
thanks for your reply jesse,
my question is ,
i just want to use ovs + iptables to limit all the input access, like drop
all request to ip 10.1.0.3 , but only accept all request send from vm, like
wget www.google.com.
i already use ovs-ofctl to drop all input access from outside, like
dl_type=0x800,nw_dst=10.1.0.3,action=drop
but iptables can not work for the request send from inside.
could u please tell me the alternate way to write the rule?
thanks.
On Thu, Jul 26, 2012 at 3:22 AM, Jesse Gross <jesse at nicira.com> wrote:
> On Tue, Jul 24, 2012 at 5:59 PM, pf shineyear <shinepf at gmail.com> wrote:
> > hi all ,
> >
> > i have a big problem with ovs + iptables + xcp in ubuntu 12.04
> >
> > i can limit every request input on xenbr1, but i can not do like iptables
> > established filter for the vm output,
> >
> > when a vm send a request output , i can see it success to go out , and in
> > eth1, i can see the response come back very good,
> >
> > but in the vm i can see nothing, because the input already been limited
> in
> > xenbr1, and iptables can not work well with ovs.
>
> I don't understand what you're trying to do. It's true that iptables
> doesn't hook into OVS but there's probably an alternate way to write
> the rule. Half of your question seems to be about adding filters on
> traffic and the other half seems to be about traffic not getting
> through so you'll have to explain the use case better.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120726/d2620fe1/attachment.html>
More information about the discuss
mailing list