On 7/25/12 8:07 PM, pf shineyear wrote:
i just want to use ovs + iptables to limit all the input access, like
drop all request to ip 10.1.0.3 , but only accept all request send
from vm, like wget www.google.com <http://www.google.com>.
i already use ovs-ofctl to drop all input access from outside, like
dl_type=0x800,nw_dst=10.1.0.3,action=drop
but iptables can not work for the request send from inside.
could u please tell me the alternate way to write the rule?
dl_type=0x800,nw_src=10.1.0.3,action=normal
So, if the source is the 10.1.0.3(which I think it's the VM IP), you do
the normal action.
Hmmm actually I don't know if it's gonna create the flow to accept the
response, the packet might go out but get dropped by the
nw_dst=10.1.0.3,action=drop.
Well, give it a try =)
--
Luiz Henrique Ozaki
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
