Question about firewalling on Dell S4048-on


Hi I am testing a Dell S4048-ON network switch , I have the option of running cumulus on it. Quick question about the firewalling. The testing I have done on the native dell OS. around ACL is that they are stateless. so if I have to interfaces say VLAN 213 and VLAN250. create an ACL like permit host 10.10.213.213 host 10.10.250.250 22 deny ip any any attach it to the interface vlan 213 on the ingress. WHat happens when i run telnet 10.10.250.250 22 from 10.10.213.213. I see packets leave 10.10.25.250 on 10.10.213.213 I see the Syn packet and it replies with a SYN/ACK. The Syn/ACK's never make it back and the rule set above doesn't handle that. Does cumulus work in the same way, is it stateless ?

1 reply

Userlevel 2
That is correct. The ACLs on Cumulus are stateless. Although it's iptables rules, the hardware on the S4048 (and the other platforms currently on the hardware compatibility list) does not support stateful ACL checking.

Reply