On Wed, May 13, 2015 at 07:38:02AM +0800, Huanle Han wrote: > Hi, guys > I'm working with ovs in normal mode. > > I have a question about the implent ACL rule in 'out' direction. > For example, How can I implement such rules using ovs flow table? > > Rule 1: deny the flow whose tp_dst==22 output to VIF1, but permit to other > VIFs
if you mean action NORMAL then that is not possible because once the action is executed, the packet is forwarded to the ports and you have no control over that. > Rule 2: permit the flow whose nw_src==1.1.1.1 output to VIF2, but deny to > other VIFs I am afraid you will need to implement the action normal features adding your restrictions yourself. Look at the Tutorial.md for how to implement MAC-learning. fbl _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
