Amazon VPC NACL默认规则评估顺序 [英] Amazon VPC NACL default rules evaluation order

问题描述

据我了解，NACL(网络访问控制列表)是子网防火墙.

With my understanding, NACL (Network Access Control List) is the subnet firewall.

我试图了解创建NACL时的默认值:

I'm trying to understand what are the defaults when creating a NACL:

• 第100条规则-默认情况下允许所有IP的所有端口，否则
• 全部被拒绝

那么，底线是全部允许还是拒绝?我知道，根据AWS最佳实践，默认情况下应禁用所有访问权限.

So, bottom line, is all allowed or denied? I know that according to AWS best practices, all access should be disabled by default.

推荐答案

以数字顺序评估规则.

流量符合规则后，就会应用允许/拒绝"并结束评估.

As soon as the traffic matches the rule, the Allow/Deny is applied and evaluation ends.

因此，您显示在允许所有流量上方的默认规则.没有任何东西可以成为默认规则.

Therefore, the default rule that you show above Allows all traffic. Nothing falls through to the default rule.

这种编号的逻辑对于这样的事情很方便，它拒绝ICMP流量，然后允许其他所有内容:

This numbered logic is handy for something like this, that denies ICMP traffic, then allows everything else:

以下是使用默认规则仅允许HTTPS的一种:

Here's one that uses the default rule to only allow HTTPS:

这篇关于Amazon VPC NACL默认规则评估顺序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！