Firewall execution in SDN
Check the MAC address against the firewall rules available in the POX controller. Is transparent=False, and either Ether type is LLDP or the packet’s destination address is a Bridge Filtered Address? If yes, DROP. Is the destination multi-cast? If yes, FLOOD. Install the flow table entry in the switch so that this entry will be used when a similar packet reappears. To start this, you will find a skeleton class file at pox/pox/misc/l2_firewall.py. This is currently not blocking any traffic and you will need to modify this skeleton code to add your own logic later. Here, I have added some rules to block the packet from a specific address. To test the firewall, put the l2_ firewall.py in the pox/pox/misc directory and run the POX controller as shown below: