Question about firewalling on Dell S4048-on

Hi I am testing a Dell S4048-ON network switch , I have the option of running cumulus on it. Quick question about the firewalling. The testing I have done on the native dell OS. around ACL is that they are stateless. so if I have to interfaces say VLAN 213 and VLAN250. create an ACL like permit host host 22 deny ip any any attach it to the interface vlan 213 on the ingress. WHat happens when i run telnet 22 from I see packets leave on I see the Syn packet and it replies with a SYN/ACK. The Syn/ACK's never make it back and the rule set above doesn't handle that. Does cumulus work in the same way, is it stateless ?

1 reply

Userlevel 2
That is correct. The ACLs on Cumulus are stateless. Although it's iptables rules, the hardware on the S4048 (and the other platforms currently on the hardware compatibility list) does not support stateful ACL checking.