I'm trying to figure out what is the difference between ACLs, Firewall and static rules in FloodLight OpenFlow controller.
Having look at https://floodlight.atlassian.net/wiki/display/floodlightcontroller/Floodlight+REST+API, there are 3 different things I can do about the controller. I can define ACLs, Firewall rules and static entries.
I have a network background and I know that basically ACL = firewall. Now, coming to the OpenFlow and SDN world, it's hard for me to understand the difference between the 3 of them. Can somebody please explain it?
Best Answer
The difference between an ACL and a firewall is keyword stateful. A firewall keeps a state table whereas a basic ACL simply filters based on layer 3/4 properties. In a router, firewall functionality has been called Context based acccess control, CBAC. There are also reflexive ACL's. We now have NGFW's with deepest packet inspection (application aware firewalls).
Static Entries