Hi Matthias, do I need to create an "int" port for this? Currently I bind an IP directly to br0.
Thank you! Kind regards Kevin Am Di., 14. Mai 2019 um 08:00 Uhr schrieb Matthias May via discuss < ovs-discuss@openvswitch.org>: > On 14/05/2019 07:26, Kevin Olbrich wrote: > > Hi! > > > > I've got an OVS that has a bridge "br0" and has about 100x L2TP tunnels. > > These tunnels run batman-adv, a mesh protocol for L2 routing over L3. > > > > For efficient routing, only nodes that are in the same building are > allowed > > to see each other. > > To filter out traffic between the ports, I used ebtables: ebtables -A > > FORWARD --logical-in br0 -j DROP > > > > This allows traffic from the node to the server hosting the bridge and > > reverse but not between the ports. > > As OVS does not work with ebtables, all nodes now see each other over > L2TP, > > resulting in all nodes meshing with each other (without any benefit). > > > > How can I implement something like "ebtables -A FORWARD --logical-in br0 > -j > > DROP" with OVS? > > I tried "ovs-ofctl mod-port ovsbr-de01-mesh "$INTERFACE" no-forward" but > > that also stopped traffic to the host port (by host port, I mean an IP > > directly on br0). > > > > How can I do it correctly? > > The client ports of br0 never must communicate with each other, just the > > server hosting the bridge. > > > > Thank you! > > > > Kind regards > > Kevin > > > > > > _______________________________________________ > > discuss mailing list > > disc...@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > > > You could: > * Delete the default NORMAL action (del-flows br0) > * Create a rule with priority=1 action=<your_server_port > * Create a rule with priority=2 in_port=<your_server_port> action=NORMAL > > This should allow frames from the server to be forwarded as usual, and > frames for all other ports only to the server. > > BR > Matthias > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss