H, The OVS flow based Neutron firewall driver is long supported by the community and used by many operators in production, please check the documentation: https://docs.openstack.org/neutron/latest/admin/config-ovsfwdriver.html For some details how it works please check the related internals doc: https://docs.openstack.org/neutron/latest/contributor/internals/openvswitch_firewall.html Best wished Lajos (lajoskatona) Satish Patel <satish.txt at gmail.com> ezt írta (időpont: 2023. ápr. 24., H, 3:40): > Folks, > > As we know, openvswitch uses a linuxbridge based firewall to implement > security-groups on openstack. It works great but it has so many packet > hops. It also makes troubleshooting a little complicated. > > OpenvSwitch does support native firewall features in flows, Does it mature > enough to implement in production and replace it with LinuxBridge based > IPtables firewall? > > ~S > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230424/4adc4d33/attachment.htm>