To Convert Linux iptables to Onload Firewall Rules

Onload User Guide (UG1586)

Document ID
Release Date
1.2 English

The Linux iptables can be applied to all or individual Solarflare interfaces.

Onload iptables are only applied to the receive filter path. The user can select the INPUT CHAIN or a user defined CHAIN to parse from the iptables. The default CHAIN is INPUT. To adopt the rules from iptables even though some rules will be rejected enter the following command identifying the Solarflare interface the rules should be applied to:

# onload_iptables -i ethN -c
# onload_iptables -a -c

Running the onload_iptables command will overwrite existing rules in the Onload firewall when used with the -i (interface) or -a (all interfaces) options.

Note: Applying the Linux iptables to a Solarflare interface is optional. The alternatives are to create user-defined firewall rules per interface or not to apply any firewall rules per interface (default behavior).
Note: onload_iptables will import all rules to the identified interface - even rules specified on another interface. To avoid importing rules specified on ‘other’ interfaces using the --use-extended option.