NACL
Network Access Control List
Last updated
Network Access Control List
Last updated
is a virtual firewall that controls inbound and outbount traffic at the SUBNET
level.
like a passport control officer, who can allow
or disallow
a packet go through your subnet
.
contains numbered list of rules. Lowest number = Highest priority.
level
instance level
subnet level
state
statefull
stateless (remember nothing)
rule
only support Allow
rule
support both Allow
& Deny
rules
default
- deny all inbound - allow all outbound
allow all in/outbound traffic
evaluate
all the rule before deciding
proceed by pritority number, start from 100..
Only 1 NACL / subnet
By default, NACL allows all inbound, outbound traffic
Once a rule match, NACL stops proceed to the next rule.