Reported-by: Ed Maste <[email protected]> Signed-off-by: Ben Pfaff <[email protected]> --- INSTALL.userspace | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/INSTALL.userspace b/INSTALL.userspace index 6e6fcd4..10511b1 100644 --- a/INSTALL.userspace +++ b/INSTALL.userspace @@ -47,6 +47,19 @@ ovs-vswitchd will create a TAP device as the bridge's local interface, named the same as the bridge, as well as for each configured internal interface. +Firewall Rules +-------------- + +On Linux, when a physical interface is in use by the userspace +datapath, packets received on the interface still also pass into the +kernel TCP/IP stack. This can cause surprising and incorrect +behavior. You can use "iptables" to avoid this behavior, by using it +to drop received packets. For example, to drop packets received on +eth0: + + iptables -A INPUT -i eth0 -j DROP + iptables -A FORWARD -i eth0 -j DROP + Bug Reporting ------------- -- 1.7.2.5 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
