X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=INSTALL.userspace;h=10511b1653912bd1539c9db40c9433f04dd7e7e2;hb=refs%2Fheads%2Fof1.1;hp=c13365a42090fe86f61990b9d9eb41ceffdecbdf;hpb=5f55c39b21e69025045437ffbd3bb98fe6ce2e89;p=openvswitch

diff --git a/INSTALL.userspace b/INSTALL.userspace
index c13365a4..10511b16 100644
--- a/INSTALL.userspace
+++ b/INSTALL.userspace
@@ -47,17 +47,18 @@ ovs-vswitchd will create a TAP device as the bridge's local interface,
 named the same as the bridge, as well as for each configured internal
 interface.
 
-Using the Userspace Datapath with ovs-openflowd
------------------------------------------------
-
-To use ovs-openflowd in userspace mode, specify a datapath name that
-begins with "netdev@", and specify --ports with the names of the ports
-that should be included in the datapath as argument.  For example:
-
-    ovs-openflowd netdev@br0 --ports=eth0,eth1,eth2
-
-ovs-openflowd will create a TAP device as the bridge's local
-interface, named the same as the bridge minus the "netdev@" prefix.
+Firewall Rules
+--------------
+
+On Linux, when a physical interface is in use by the userspace
+datapath, packets received on the interface still also pass into the
+kernel TCP/IP stack.  This can cause surprising and incorrect
+behavior.  You can use "iptables" to avoid this behavior, by using it
+to drop received packets.  For example, to drop packets received on
+eth0:
+
+    iptables -A INPUT -i eth0 -j DROP
+    iptables -A FORWARD -i eth0 -j DROP
 
 Bug Reporting
 -------------