Dears, I have some rules in table0. Can I split the layer2 rules, layer 3 rules, for table? Like the layer2 rules, has an action to send to layer 3 rules, after processing.
I try to do universal rules, likeDHCP, DNS for all switch port. And specific anti spoofing rules, mac/ip peer port and specific layer 3 rules by ip and port. I try this. #drop everything ovs-ofctl add-flow br0 "priority=10 actions=drop" #allow icmp ovs-ofctl add-flow br0 "table=0,priority=65535,icmp actions=normal" #allow dns ovs-ofctl add-flow br0 "table=0,priority=65534,udp,tp_src=*,tp_dst=53 actions=normal" #allow traffic in out public interface #public interface ovs-ofctl add-flow br0 "in_port=4 actions=NORMAL" #antispoofing ovs-ofctl add-flow br0 "table=0 priority=500,arp,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 actions=normal" ovs-ofctl add-flow br0 "table=0 priority=500,ip,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 actions=normal" #drop ip ovs-ofctl add-flow br0 "table=0,priority=400,ip,in_port=3 actions=drop" #allow ports ovs-ofctl add-flow br0 "table=0,priority=550,tcp,in_port=3,dl_src=00:50:56:b5:02:07,dl_dst=*,nw_src=10.133.22.107,nw_dst=*,nw_tos=0,tp_src=22,tp_dst=* actions=normal" I want to separate layer2 rules and layer3 rules in tables, after past in layer2 rules send directly to layer3 rules. Make sense, is it possible? Thanks in advanced []'s José Augusto de Sousa Skype: jaugustos1 Gtalk: [email protected] ________________________________ AVISO: A informação contida neste e-mail, bem como em qualquer de seus anexos, é CONFIDENCIAL e destinada ao uso exclusivo do(s) destinatário(s) acima referido(s), podendo conter informações sigilosas e/ou legalmente protegidas. Caso você não seja o destinatário desta mensagem, informamos que qualquer divulgação, distribuição ou cópia deste e-mail e/ou de qualquer de seus anexos é absolutamente proibida. Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, e que o original desta mensagem e de seus anexos, bem como toda e qualquer cópia e/ou impressão realizada a partir destes, sejam permanentemente apagados e/ou destruídos. Informações adicionais sobre nossa empresa podem ser obtidas no site http://sobre.uol.com.br/. NOTICE: The information contained in this e-mail and any attachments thereto is CONFIDENTIAL and is intended only for use by the recipient named herein and may contain legally privileged and/or secret information. If you are not the e-mail´s intended recipient, you are hereby notified that any dissemination, distribution or copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please immediately notify the sender replying to the above mentioned e-mail address, and permanently delete and/or destroy the original and any copy of this e-mail and/or its attachments, as well as any printout thereof. Additional information about our company may be obtained through the site http://www.uol.com.br/ir/. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
