Access Control Lists (ACLs) - amybuck/SONiC-NAS GitHub Wiki
ACLs are flexible, hardware-accelerated sets of rules that match packets using packet header criteria and perform actions on the selected packets. You can configure an ACL on a physical port (NPU) only by using the SONiC Object Library API. The SONiC NAS Host Adapter does not support ACL configuration using Linux commands or an open-source application.
See SONiC Object Library Application Examples for information on how to program ACLs using the
dell-base-acl.yangmodel and the SONiC Object Library API.
ACL support includes:
- Ingress and egress ACL rules.
- Matching packet header fields, including MAC address, Ethertype, IP address, IP protocol, TCP/ UDP port numbers, and In Port.
- Packet actions, including drop, trap/forward to the CPU, redirect to port, change packet fields, and meter.
- Grouping ACL rules to enable multiple rule match for a single packet.