我正在使用ovs和conntrack设置有状态防火墙,但是遇到以下问题?
我已经尝试过Google并搜索stackoverflow,但仍然找不到解决方案。
ovs-ofctl添加流程br0“表= 0,优先级= 2000,ct_state = -trk,tcp,actions = ct(表= 31)” ovs-ofctl add-flow br0“表= 0,优先级= 10,icmp,操作=正常” ovs-ofctl add-flow br0“ table = 0,priority = 10,arp,actions = NORMAL”
ovs-ofctl添加流程br0“表= 31,优先级= 1000,ct_state = + new + trk,tcp,tp_dst = 80,in_port = veth_l0,actions = ct(commit),输出:veth_r0”
ovs-ofctl添加流程br0“表= 31,优先级= 900,ct_state = + est + trk,in_port = veth_l0,actions = output:veth_r0” ovs-ofctl add-flow br0“ table = 31,优先级= 900,ct_state = + est + trk,in_port = veth_r0,actions = output:veth_l0”
以上代码可以通过http从l0到r0连接到Web服务器。 但是添加dl_dst
之后ovs-ofctl add-flow br0“ table = 31,priority = 1000,ct_state = + new + trk,tcp,dl_dst = 3a:68:e3:a6:42:90,tp_dst = 80 actions = ct(commit ),输出:veth_r0“
它不再工作了。...