[question] caclmgrd, how is the CP filtering done on Arista platform?

[maq123]

In one of the pull requests: fcd1bb6 I see the information that Arista uses its own proprietary solution to implement CP ACLs.

Could anyone shed more light onto this mechanism? Is it completely independent from iptables?

[lguohan]

we will drop their CP implementation and unified to use iptables. it is no longer needed.

[maq123]

thanks. But is this feature working currently with this Arista specific thing? I wanted to be able to verify if the rules were applied but can't figure out where to look.

[jleveque]

@maq123: With the current Arista solution, for SSH, allowed IPs/ranges will be written to /etc/sshd.allow in the base image, and for SNMP, allowed IPs/ranges will be written to /etc/snmp/snmpd.conf inside the SNMP container. Please let me know if you have further questions.

[maq123]

Hi @jleveque , thank you for the clarifications!