Amazon VPC NACL默认规则评估顺序 [英] Amazon VPC NACL default rules evaluation order
问题描述
据我了解,NACL(网络访问控制列表)是子网防火墙.
With my understanding, NACL (Network Access Control List) is the subnet firewall.
我试图了解创建NACL时的默认值:
I'm trying to understand what are the defaults when creating a NACL:
- 第100条规则-默认情况下允许所有IP的所有端口,否则
- 全部被拒绝
那么,底线是全部允许还是拒绝?我知道,根据AWS最佳实践,默认情况下应禁用所有访问权限.
So, bottom line, is all allowed or denied? I know that according to AWS best practices, all access should be disabled by default.
推荐答案
以数字顺序评估规则.
流量符合规则后,就会应用允许/拒绝"并结束评估.
As soon as the traffic matches the rule, the Allow/Deny is applied and evaluation ends.
因此,您显示在允许所有流量上方的默认规则.没有任何东西可以成为默认规则.
Therefore, the default rule that you show above Allows all traffic. Nothing falls through to the default rule.
这种编号的逻辑对于这样的事情很方便,它拒绝ICMP流量,然后允许其他所有内容:
This numbered logic is handy for something like this, that denies ICMP traffic, then allows everything else:
以下是使用默认规则仅允许HTTPS的一种:
Here's one that uses the default rule to only allow HTTPS:
这篇关于Amazon VPC NACL默认规则评估顺序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!