Skip to content
This repository has been archived by the owner on Aug 30, 2024. It is now read-only.

Network ACL Tests - Rules #222

Open
nephomaniac opened this issue Jan 6, 2017 · 0 comments
Open

Network ACL Tests - Rules #222

nephomaniac opened this issue Jan 6, 2017 · 0 comments

Comments

@nephomaniac
Copy link
Collaborator

nephomaniac commented Jan 6, 2017

Add tests per these points...

Network ACL Rules

You can add or remove rules from the default network ACL, or create additional network ACLs for your VPC. When you add or remove rules from a network ACL, the changes are automatically applied to the subnets it's associated with.

The following are the parts of a network ACL rule:

Rule number. Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it's applied regardless of any higher-numbered rule that may contradict it.
Protocol. You can specify any protocol that has a standard protocol number. For more information, see Protocol Numbers. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.
[Inbound rules only] The source of the traffic (CIDR range) and the destination (listening) port or port range.
[Outbound rules only] The destination for the traffic (CIDR range) and the destination port or port range.
Choice of ALLOW or DENY for the specified traffic.

Note:
When you add or delete a rule from an ACL, any subnets associated with the ACL are subject to the change. You don't have to terminate and relaunch the instances in the subnet; the changes take effect after a short period.

If you're using the Amazon EC2 API or a command line tool, you can't modify rules; you can only add and delete rules.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant