Just in case anyone else is interested. After some testing it works for me...
# Delete old rules for source ip ovs-ofctl del-flows br0 "in_port=51,table=0,ip,vlan_tci=0x0000,nw_src=10.134.38.194/32" # Default action for source ip ovs-ofctl add-flow br0 "in_port=51,table=0,ip,vlan_tci=0x0000,idle_timeout=0,nw_src=10.134.38.194/32,priority=1,actions=drop" # Allow ping, DNS and RDP ovs-ofctl add-flow br0 "in_port=51,table=0,ip,vlan_tci=0x0000,idle_timeout=0,nw_src=10.134.38.194/32,priority=2,nw_proto=1,actions=normal" ovs-ofctl add-flow br0 "in_port=51,table=0,udp,vlan_tci=0x0000,idle_timeout=0,nw_src=10.134.38.194/32,priority=2,tp_dst=53,actions=normal" ovs-ofctl add-flow br0 "in_port=51,table=0,tcp,vlan_tci=0x0000,idle_timeout=0,nw_src=10.134.38.194/32,priority=2,tp_dst=3389,actions=normal" You need to change to in_port and nw_src with your real values. Also when openvpn isn't running as root you must use sudo without password. Regards, Klaus -----Original Message----- From: Ben Pfaff [mailto:b...@nicira.com] Sent: Friday, December 06, 2013 6:13 PM To: Klaus Hochlehnert Cc: 'discuss@openvswitch.org' Subject: Re: [ovs-discuss] OVS + OpenVPN + firewall ovs-ofctl(8)? On Fri, Dec 06, 2013 at 04:52:26PM +0000, Klaus Hochlehnert wrote: > Never used this before. > Maybe any hint (link, ...)? > > -----Original Message----- > From: Ben Pfaff [mailto:b...@nicira.com] > Sent: Friday, December 06, 2013 5:43 PM > To: Klaus Hochlehnert > Cc: 'discuss@openvswitch.org' > Subject: Re: [ovs-discuss] OVS + OpenVPN + firewall > > On Fri, Dec 06, 2013 at 04:32:44PM +0000, Klaus Hochlehnert wrote: > > currently I'm using OVS together with OpenVPN. > > Now I want to restrict access of some (not all) VPN clients to DNS and RDP. > > > > I've seen that iptables is not working. > > Is here any other way to apply firewall rules? > > OpenFlow? > _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
