> So, what doesn't work with iptables and openvswitch ? layer2 filtering only? We cannot do any filtering on individual ports. But maybe openflow is good enough for that. I guess simply Allow/Deny some tcp/udp ports is no problem.