[ovs-discuss] How implent ACL rule in 'out' direction.

Flavio Leitner fbl at sysclose.org
Tue May 26 13:58:20 UTC 2015


On Wed, May 13, 2015 at 07:38:02AM +0800, Huanle Han wrote:
> Hi, guys
> I'm working with ovs in normal mode.
> 
> I have a question about the implent ACL rule in 'out' direction.
> For example, How can I implement such rules using ovs flow table?
> 
> Rule 1: deny the flow whose tp_dst==22 output to VIF1, but permit to other
> VIFs

if you mean action NORMAL then that is not possible because once the
action is executed, the packet is forwarded to the ports and you have
no control over that.

> Rule 2: permit the flow whose nw_src==1.1.1.1 output to VIF2, but deny to
> other VIFs

I am afraid you will need to implement the action normal features
adding your restrictions yourself. Look at the Tutorial.md for
how to implement MAC-learning.

fbl





More information about the discuss mailing list