You can drop packets by using the "drop" action. It's equivalent to not
listing any actions. Keep in mind the rules you've specified overlap, so
you'll need priorities to disambiguate them. (This was just discussed in the
"icmp paket matching ip packet rule" thread.)
--Justin
On Apr 6, 2012, at 2:57 AM, Kaushal Shubhank wrote:
> Hello,
>
> I was reading about OpenVSwitch and really appreciated the concept. I am a
> newbie and do not have a good understanding of OVS yet. I installed OVS and
> and I was able to create a bridge reading the instructions.
>
> I read that ebtables is useless in case of OVS and ovs-ofctl can do things
> similar to ebtables.
>
> I want to filter packets for port 80 http traffic only. For this when I was
> using ebtables operating on a Linux bridge. But with ovs I was able to add
> flow but I am not sure on how to get the ebtables -j DROP type functionality
> using OVS.
>
> The commands which I used with ovs-ofctl ware as follow:
>
> ovs-ofctl add-flow br0 "in_port=ANY out_port=ANY action=NORMAL" # for my
> bridge traffic
> ovs-ofctl add-flow br0 "in_port=1 tcp, tp_src=80 action=NORMAL"
> ovs-ofctl add-flow br0 "in_port=2 tcp, tp_dst=80 action=NORMAL"
>
> I also tried using action=LOCAL but then I was not able to use port 80
> traffic below the bridge.
>
> Any help on this will be appreciated. If there is some documentation out
> there with examples for a similar case kindly redirect me to it.
>
> PS: I have no VMs in my system and I was wondering whether I can use the
> capabilities of OVS bridge which is transparent to VLAN trunk where I can
> filter port 80 traffic from different VLAN.
>
> {Router, Gateway}
> | |
> | |
> | |{VLAN TRUNK}
> {OVS- BRIDGE}
> | |
> | |
> | |{Local Network}
> _______________________________________________
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
