On Feb 15, 2010, at 3:27 AM, [email protected] wrote: > I can use ovs-ofctl to add flow to deny or allow specific network traffic. > Does it supports TCP flags (SYN,ACK etc.)? Is there any way that define > direction (inbound/outbound) of this traffic?
Open vSwitch's flow matching capabilities are mostly based on what's defined by OpenFlow. OpenFlow is based on flow-matching, and as such, does not support match of TCP flags. Also, there's no way to define matching based on direction. Obviously, you can limit based on ingress port, but I suspect that's not sufficient for you. Jesse has a branch that supports more advanced ACLs when the switch is disconnected from a controller. It should be merged into our mainline branches before too long. I don't remember the capabilities off the top of my head. Jesse, I know it doesn't support inbound/outbound directly, but it does support egress port, correct? --Justin _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
