DevOps

NACL

Network Access Control List

Overview

  • is a virtual firewall that controls inbound and outbount traffic at the SUBNET level.

  • like a passport control officer, who can allow or disallow a packet go through your subnet.

  • contains numbered list of rules. Lowest number = Highest priority.

vs. Security Group

level

instance level

subnet level

state

statefull

stateless (remember nothing)

rule

only support Allow rule

support both Allow & Deny rules

default

- deny all inbound - allow all outbound

allow all in/outbound traffic

evaluate

all the rule before deciding

proceed by pritority number, start from 100..

Trivia

  • Only 1 NACL / subnet

  • By default, NACL allows all inbound, outbound traffic

  • Once a rule match, NACL stops proceed to the next rule.

PreviousSubnetNextInternet Gateway

Last updated