[ovs-discuss] A Drop rule with less priority is served before a normal rule with higher priority

Oliver Dzombic info at layer7.net
Tue Mar 10 20:49:02 UTC 2020

Hi folks,

why does this drop rule, with lower priority, is served before the
normal rule ?

 cookie=0x0, duration=1309.733s, table=0, n_packets=792, n_bytes=34414,
priority=1000,dl_src=16:ec:3d:6e:f4:b9 actions=drop

 cookie=0x0, duration=1309.950s, table=0, n_packets=0, n_bytes=0,
priority=2000,ip,dl_dst=16:ec:3d:6e:f4:b9,nw_dst= actions=NORMAL

Is it as simple as, that a rule that is less specific will be served
before a rule with more specific, even it has a higher priority ?

The goal is that a specific mac address shall only be allowed to
communicate over a specific IP address. If the traffic to or from this
mac is for/from another IP, it shall be dropped.

I will be very thankful for every hint or advice.

Thank you !

Mit freundlichen Gruessen / Best regards

Oliver Dzombic
Layer7 Networks

mailto:info at layer7.net


Layer7 Networks GmbH
Zum Sonnenberg 1-3
63571 Gelnhausen

HRB 96293 beim Amtsgericht Hanau
Geschäftsführung: Oliver Dzombic
UST ID: DE259845632

More information about the discuss mailing list