Question about firewalling on Dell S4048-on

  • 1
  • Question
  • Updated 2 years ago

I am testing a Dell S4048-ON network switch , I have the option of running cumulus on it.

Quick question about the firewalling. The testing I have done on the native dell OS. around ACL is that they are stateless.

so if I have to interfaces say VLAN 213 and VLAN250.

create an ACL like

permit host host 22
deny ip any any

attach it to the interface vlan 213 on the ingress.

WHat happens when i run telnet 22 from

I see packets leave
on I see the Syn packet and it replies with a SYN/ACK.

The Syn/ACK's never make it back and the rule set above doesn't handle that.

Does cumulus work in the same way, is it stateless ?
Photo of Alex Samad YB

Alex Samad YB

  • 484 Points 250 badge 2x thumb

Posted 2 years ago

  • 1
Photo of Pete Lumbis

Pete Lumbis, Employee

  • 614 Points 500 badge 2x thumb
That is correct. The ACLs on Cumulus are stateless. Although it's iptables rules, the hardware on the S4048 (and the other platforms currently on the hardware compatibility list) does not support stateful ACL checking.