I have done some research now, and it seem the we can only implement a stateless firewall with openflow. Some recent OVS addition allows at least to match tcp_flags, but this is not comparable with real (iptables) connection tracking. I will do further tests.
_______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
