is it programmble? i mean: ex. nw_dst!=10.147.20.0/24 ? i misunderstand your example, i think you mean the enable the allowed network, which is the other ip. I want to clarify. Here in this bridge, I have two traffic only 1- from 10.147.20.0/24 other ports on the bridge. 2- outside the bridge to the local ethernet port 192.168.188.0/24
I want to disable traffic outside the bridge from interface enp1s0f0, which is connected to the NAS driver, so that it is not open to the internet. i think the rule should be as follows, to accept traffic to 10.147.20.0/24 and other than that reject? priority=200,in_port=enp1s0f0,ip,nw_dst=10.147.20.0/24,actions= <http://192.168.188.0/24,actions=do_something_else>accept priority=199,in_port=enp1s0f0,ip,actions=drop thank you kind regards Sherif Omran On Thu, Feb 23, 2023 at 3:25 PM Ilya Maximets <i.maxim...@ovn.org> wrote: > On 2/23/23 14:26, Dr. Omran via discuss wrote: > > Hello guys, > > > > i want to do this rule but instead of giving the destination as ip, i > want to say a destination that is not equal to 10.147.20.0/24 < > http://10.147.20.0/24> > > > > ovs-ofctl add-flow br0 "priority=200,ip,nw_dst= > 192.168.188.0/24,in_port=enp1s0f0,actions=drop" > > > > how do you do it? > > You either carefully craft multiple rules that cover all the subnets > outside of 192.168.188.0/24, or you create a high priority rule that > matches on 192.168.188.0/24 and does something else (jumps to another > tbale, for example) and have a lower priority rule that doesn't have > a match on nw_dst and drops all the traffic, e.g.: > > priority=200,in_port=enp1s0f0,ip,nw_dst= > 192.168.188.0/24,actions=do_something_else > priority=199,in_port=enp1s0f0,ip,actions=drop > > Best regards, Ilya Maximets. >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
