Thanks, I applied this to master.
On Tue, Jul 17, 2012 at 11:38:45PM -0700, Justin Pettit wrote: > Looks reasonable to me. > > --Justin > > > On Jul 16, 2012, at 3:13 PM, Ben Pfaff wrote: > > > Reported-by: Ed Maste <[email protected]> > > Signed-off-by: Ben Pfaff <[email protected]> > > --- > > INSTALL.userspace | 13 +++++++++++++ > > 1 files changed, 13 insertions(+), 0 deletions(-) > > > > diff --git a/INSTALL.userspace b/INSTALL.userspace > > index 6e6fcd4..10511b1 100644 > > --- a/INSTALL.userspace > > +++ b/INSTALL.userspace > > @@ -47,6 +47,19 @@ ovs-vswitchd will create a TAP device as the bridge's > > local interface, > > named the same as the bridge, as well as for each configured internal > > interface. > > > > +Firewall Rules > > +-------------- > > + > > +On Linux, when a physical interface is in use by the userspace > > +datapath, packets received on the interface still also pass into the > > +kernel TCP/IP stack. This can cause surprising and incorrect > > +behavior. You can use "iptables" to avoid this behavior, by using it > > +to drop received packets. For example, to drop packets received on > > +eth0: > > + > > + iptables -A INPUT -i eth0 -j DROP > > + iptables -A FORWARD -i eth0 -j DROP > > + > > Bug Reporting > > ------------- > > > > -- > > 1.7.2.5 > > > > _______________________________________________ > > dev mailing list > > [email protected] > > http://openvswitch.org/mailman/listinfo/dev > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
