Three thoughts. First, you might consider using l2_learning instead. It's somewhat simpler and would probably work just as well for a simple reactive firewall depending on exactly what you have in mind.
Second, saying you want a restrictive (default deny) firewall that blocks based on IP addresses can be a bit problematic unless you're only talking about IP traffic. And even then, there are some less than straightforward cases (e.g., DHCP). Third, you might take a look at the misc.mac_blocker component. It's similar to what you want to do except it's permissive (you specify what you want to block) and it works on Ethernet addresses instead of IP addresses, but a lot of it should carry over. Worth noting is that it does it without modifying l2_learning or whatever -- it puts in a higher priority PacketIn handler as a way of intercepting them before the forwarding component gets them. If it doesn't want the forwarding component to install a rule for them, it just eats the event. Hope that gets you started. -- Murphy On Jun 14, 2013, at 2:21 AM, <[email protected]> wrote: > Hi all, > I’m new in using POX and openflow > I’ve to create a sort of firewall with pox. I thought to use l3_learning > switch. > I have to blocking all traffic eccept packets coming from a list of IP > addresses. > I think I should modify the function handle_PacketIn but I don’t know how. > Can somebody help me?! > > Thanks
