[pve-devel] ovs masqueraded bridge

Alexandre DERUMIER aderumier at odiso.com
Thu Dec 19 13:33:32 CET 2013


>>But maybe openflow is good enough for that. I guess simply Allow/Deny some 
>>tcp/udp ports is no problem. 

just found this openflow firewall project:
http://www.openflowhub.org/display/floodlightcontroller/Firewall+(Dev)

seem that they can do filtering on mac-ip-protocol


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 19 Décembre 2013 13:13:54 
Objet: RE: [pve-devel] ovs masqueraded bridge 

> So, what doesn't work with iptables and openvswitch ? layer2 filtering only? 

We cannot do any filtering on individual ports. 

But maybe openflow is good enough for that. I guess simply Allow/Deny some 
tcp/udp ports is no problem. 


More information about the pve-devel mailing list