[prev in list] [next in list] [prev in thread] [next in thread]
List: openvswitch-discuss
Subject: [ovs-discuss] [ovs-dev] Query on ACLs
From: jpettit () nicira ! com (Justin Pettit)
Date: 2010-02-18 2:04:27
Message-ID: 0ECD74A5-74B8-490A-ADBA-59ABBE1D6CA7 () nicira ! com
[Download RAW message or body]
Your questions are likely answered in the various "ACL" threads in the "discuss" \
mailing list archive from this month:
http://openvswitch.org/pipermail/discuss_openvswitch.org/2010-February/thread.html
If you have additional questions feel free to ask, but please at least look at the \
"ovs-ofctl" man page first.
In the future, please don't cross-post. These sorts of end-user questions are best \
sent to the discuss at openvswitch.org mailing list.
--Justin
On Feb 17, 2010, at 5:48 PM, Kaushik Kumar Ram wrote:
> Hello,
>
> I heard that open vswitch has basic support for ACLs. Can someone clarify what sort \
> of support is available and how ACLs can be installed? To be more precise, I would \
> like to install a ACL with a rule of type "drop all traffic to TCP port XYZ".
> I understand that so called "negative flows" can be used to achieve the same, i.e. \
> drop all traffic matching particular flow(s) (to TCP port XYZ in this example). \
> This would also be more efficient since the packet would be dropped in the \
> in-kernel fast-path itself. But then it is not possible to match against packet \
> header fields outside the 10-tuple (like TCP flags for example).
> Any feedback would be appreciated.
>
> Thanks.
> -Kaushik
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic