[prev in list] [next in list] [prev in thread] [next in thread]
List: openvswitch-discuss
Subject: [ovs-discuss] Openflow Tables Openvswitch
From: jasousa () uoldiveo ! com (Jose Augusto de Sousa)
Date: 2014-03-27 21:20:17
Message-ID: EBCCF64945E0B44289D406C94E6B56410134EB9323 () A4-SALOMAO8 ! uolcorp ! intranet
[Download RAW message or body]
Dears,
I have some rules in table0.
Can I split the layer2 rules, layer 3 rules, for table?
Like the layer2 rules, has an action to send to layer 3 rules, after processing.
I try to do universal rules, likeDHCP, DNS for all switch port.
And specific anti spoofing rules, mac/ip peer port and specific layer 3 rules by ip \
and port.
I try this.
#drop everything
ovs-ofctl add-flow br0 "priority=10 actions=drop"
#allow icmp
ovs-ofctl add-flow br0 "table=0,priority=65535,icmp actions=normal"
#allow dns
ovs-ofctl add-flow br0 "table=0,priority=65534,udp,tp_src=*,tp_dst=53 actions=normal"
#allow traffic in out public interface
#public interface
ovs-ofctl add-flow br0 "in_port=4 actions=NORMAL"
#antispoofing
ovs-ofctl add-flow br0 "table=0 \
priority=500,arp,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 \
actions=normal" ovs-ofctl add-flow br0 "table=0 \
priority=500,ip,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 \
actions=normal"
#drop ip
ovs-ofctl add-flow br0 "table=0,priority=400,ip,in_port=3 actions=drop"
#allow ports
ovs-ofctl add-flow br0 \
"table=0,priority=550,tcp,in_port=3,dl_src=00:50:56:b5:02:07,dl_dst=*,nw_src=10.133.22.107,nw_dst=*,nw_tos=0,tp_src=22,tp_dst=* \
actions=normal"
I want to separate layer2 rules and layer3 rules in tables, after past in layer2 \
rules send directly to layer3 rules.
Make sense, is it possible?
Thanks in advanced
[]'s
Jos? Augusto de Sousa
Skype: jaugustos1
Gtalk: Joseaugusto.sousa at gmail.com
________________________________
AVISO: A informa??o contida neste e-mail, bem como em qualquer de seus anexos, ? \
CONFIDENCIAL e destinada ao uso exclusivo do(s) destinat?rio(s) acima referido(s), \
podendo conter informa??es sigilosas e/ou legalmente protegidas. Caso voc? n?o seja o \
destinat?rio desta mensagem, informamos que qualquer divulga??o, distribui??o ou \
c?pia deste e-mail e/ou de qualquer de seus anexos ? absolutamente proibida. \
Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, \
e que o original desta mensagem e de seus anexos, bem como toda e qualquer c?pia e/ou \
impress?o realizada a partir destes, sejam permanentemente apagados e/ou destru?dos. \
Informa??es adicionais sobre nossa empresa podem ser obtidas no site \
http://sobre.uol.com.br/.
NOTICE: The information contained in this e-mail and any attachments thereto is \
CONFIDENTIAL and is intended only for use by the recipient named herein and may \
contain legally privileged and/or secret information. If you are not the e-mail?s \
intended recipient, you are hereby notified that any dissemination, distribution or \
copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please \
immediately notify the sender replying to the above mentioned e-mail address, and \
permanently delete and/or destroy the original and any copy of this e-mail and/or its \
attachments, as well as any printout thereof. Additional information about our \
company may be obtained through the site http://www.uol.com.br/ir/.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic