[ovs-discuss] Using OVS as a stateful firewall

Ben Pfaff blp at ovn.org
Mon Jan 6 21:43:05 UTC 2020


On Sat, Jan 04, 2020 at 03:40:32PM -0500, Noah Everett wrote:
> I'm trying to use OVS as a stateful firewall for all the VMs connected to a
> OVS bridge. I'm trying to use the conntrack feature to achieve this based
> off examples I've put together, but have yet to make it work fully.
> 
> My end goal is to be able to block or allow a port for a VM for egress or
> ingress.

Have you read the OVS conntrack tutorial?  If not, then it is a good
place to start:
http://docs.openvswitch.org/en/latest/tutorials/ovs-conntrack/


More information about the discuss mailing list