The Linux iptables can be applied to all or individual Solarflare interfaces.
Onload iptables are only applied to the receive filter path. The user can select the INPUT CHAIN or a user defined CHAIN to parse from the iptables. The default CHAIN is INPUT. To adopt the rules from iptables even though some rules will be rejected enter the following command identifying the Solarflare interface the rules should be applied to:
# onload_iptables -i ethN -c
# onload_iptables -a -c
Running the onload_iptables command will overwrite existing rules in the Onload firewall when used with the -i (interface) or -a (all interfaces) options.
onload_iptables will import all rules to the identified interface - even rules specified on another interface. To avoid importing rules specified on ‘other’ interfaces using the --use-extended option.