Packets delivered to an application via the accelerated path are not visible to the OS kernel. As a result, these packets are not visible to the kernel firewall (iptables) and therefore firewall rules will not be applied to accelerated traffic. The onload_iptables feature can be used to enforce Linux iptables rules as hardware filters on the Solarflare adapter, refer to onload_iptables.
Note: Hardware filtering on the network adapter will ensure that accelerated applications receive traffic only on ports to which they are bound.