I can allow access to the machine and block everything else using:
ovs-ofctl add-flow xenbr0 "dl_src={mac-address} priority=39000 dl_type=0x0800 nw_dst={ip-address} idle_timeout=65000 action=normal"
ovs-ofctl add-flow xenbr0 "dl_src={mac-address} priority=38000 dl_type=0x0800 nw_src=ANY idle_timeout=65000 action=drop"
but I would like to allow any IP address to connect on port 3389 only. How can I do this?
I've tried adding tp_dst=3389 to the first rule and setting nw_dst=* but that doesn't seem to work.
I'm struggling to understand the manual for this so apologies if I've missed it: http://openvswitch.org/cgi-bin/ovsman.cgi?page=utilities%2Fovs-ofctl.8
Edit: I'm still having no luck with this. I've tried different variations of params but can't allow RDP port 3389 but disable access to anything else.
Best Answer
it has to be something like this