NACL = Network Access List
NACL: an optional layer of security that act as a firewall for controlling traffic in and out of subnet
- virtual firewall at subnet level
- vpc auto get a default nacl allow all outbound and inbound traffic
- tiap subnet cm boleh associated dengann 1 nacl. klo ad alebih dari 1 bakal nge overwrite previous rule sblmnya
- tiap nacl ada rules allow atau deny traffic inbound (into ) and outbound ( out of ) subnets
- nacl ada inbound dan outbound rules
- ada rule number # => determine order of evaluation. from lowest to highest. 0 - 32766. // recomended increment 10 / 100
- bs block single ip adress ( ga bs klo pake security groups )
- ada allow / deny
- stateless
- deny all traffic by default when create nacl
===================
// nacl use case -- subnet level
- block single ip address from internet
- block incoming all ssh port
=============
No comments:
Post a Comment