NACL
Network Access Control List
Overview
is a virtual firewall that controls inbound and outbount traffic at the
SUBNET
level.like a passport control officer, who can
allow
ordisallow
a packet go through yoursubnet
.contains numbered list of rules. Lowest number = Highest priority.
vs. Security Group
level | instance level | subnet level |
state | statefull | stateless (remember nothing) |
rule | only support | support both |
default | - deny all inbound - allow all outbound | allow all in/outbound traffic |
evaluate | all the rule before deciding | proceed by pritority number, start from 100.. |
Trivia
Only 1 NACL / subnet
By default, NACL allows all inbound, outbound traffic
Once a rule match, NACL stops proceed to the next rule.
Last updated