> >>But maybe openflow is good enough for that. I guess simply Allow/Deny > >>some tcp/udp ports is no problem. > > just found this openflow firewall project: > http://www.openflowhub.org/display/floodlightcontroller/Firewall+(Dev) > > seem that they can do filtering on mac-ip-protocol AFAIK that is just basic openflow, see # man ovs-ofctl