On Mon, May 3, 2010 at 12:13 AM, <mandar...@aim.com> wrote: > > Hi, > > I have a rule in iptables (with source ip address) to allow https traffic > for Xen server as well as on the bridge there is a flow to deny all IP > protocol traffic coming on the Xen bridge. > > Now, when I try to open the Xen Center from the IP matching iptables rule, > it does not succeed in connecting the Xen server, but then, if I update the > flows with the https allow rule with my IP, the Xen center is successfully > connected. > > why is the traffic to access Xen server is blocked even when the iptables > had the allow rule? > > Does iptables hold the same control of traffic, meant for the Xen sever > host (excluding internal VMs) )in presence of open vswitch flows ? > > Can anyone explain the behavior of flows with iptables ? >
Traffic to dom0 flows first through OVS and then the IP stack (and by extension iptables). If either has a rule to deny traffic the packet will be dropped. There is no shared configuration between the two so adding a rule to iptables does not update the OVS flow table.
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
