Find answers, ask questions, and connect with our
community around the world.


  • Network ACL and the rules

     Japo_Japo updated 2 months, 3 weeks ago 1 Member · 1 Post
  • Japo_Japo

    September 7, 2021 at 8:04 pm

    The Network Access Control List (ACL) is an optional security layer for your VPC. It acts as a firewall for controlling traffic flow o and from one or more subnets. Network ACLs can be set up with rules similar to your security groups

    Each network ACL includes a rule an * (asterisk) as the rule number. The rule makes sure that if a packet is identified as not matching any of the other numbered rules, traffic is denied. You can’t modify or remove this rule.

    For traffic coming on the inbound:

    Rule 100 would allow traffic from all sources

    Rule * would deny traffic from all sources

    Network ACL Rules

    • Every subnet in your VPC must be associated with an ACL, failing which the subnet gets automatically associated with your default ACL.
    • One subnet can only be linked with one ACL. On the other hand, an ACL can be linked to multiple subnets.
    • An ACL has a list of numbered rules that are evaluated in order, starting with the lowest. As soon as a rule matches, traffic is supplied regardless of any higher-numbered rules that may contradict it. AWS recommends incrementing your rules by a factor of 100. This allows for plenty of room to implement new rules at a later date.
    • Unlike security groups, ACLs are stateless; responses to allow inbound traffic is subject to the rules for outbound traffic.
Viewing 1 of 1 replies
Reply to: Japo_Japo
Your information:

Original Post
0 of 0 posts June 2018