Add openflow to drop traffic for nodePort service

Author: pliurh

go-controller/pkg/node/gateway_shared_intf.go

@@ -334,6 +334,10 @@ func (npw *nodePortWatcher) updateServiceFlowCache(service *corev1.Service, netI
 						fmt.Sprintf("cookie=%s, priority=110, in_port=%s, %s, tp_dst=%d, "+
 							"actions=%s",
 							cookie, npw.ofportPhys, flowProtocol, svcPort.NodePort, actions),
+						// table=0, matches on service traffic towards nodePort from OVN and drops it, to prevent the traffic goes to the host
+						fmt.Sprintf("cookie=%s, priority=110, in_port=%s, %s, tp_dst=%d, "+
+							"actions=drop",
+							cookie, netConfig.OfPortPatch, flowProtocol, svcPort.NodePort),
 						// table=0, matches on return traffic from service nodePort and sends it out to primary node interface (br-ex)
 						fmt.Sprintf("cookie=%s, priority=110, in_port=%s, dl_src=%s, %s, tp_src=%d, "+
 							"actions=output:%s",