thanks for your reply jesse, my question is ,
i just want to use ovs + iptables to limit all the input access, like drop all request to ip 10.1.0.3 , but only accept all request send from vm, like wget www.google.com. i already use ovs-ofctl to drop all input access from outside, like dl_type=0x800,nw_dst=10.1.0.3,action=drop but iptables can not work for the request send from inside. could u please tell me the alternate way to write the rule? thanks. On Thu, Jul 26, 2012 at 3:22 AM, Jesse Gross <je...@nicira.com> wrote: > On Tue, Jul 24, 2012 at 5:59 PM, pf shineyear <shin...@gmail.com> wrote: > > hi all , > > > > i have a big problem with ovs + iptables + xcp in ubuntu 12.04 > > > > i can limit every request input on xenbr1, but i can not do like iptables > > established filter for the vm output, > > > > when a vm send a request output , i can see it success to go out , and in > > eth1, i can see the response come back very good, > > > > but in the vm i can see nothing, because the input already been limited > in > > xenbr1, and iptables can not work well with ovs. > > I don't understand what you're trying to do. It's true that iptables > doesn't hook into OVS but there's probably an alternate way to write > the rule. Half of your question seems to be about adding filters on > traffic and the other half seems to be about traffic not getting > through so you'll have to explain the use case better. >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
