{"id":700,"date":"2017-10-30T00:42:44","date_gmt":"2017-10-30T00:42:44","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=700"},"modified":"2017-10-30T00:57:03","modified_gmt":"2017-10-30T00:57:03","slug":"network-access-control-lists-basics","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=700","title":{"rendered":"Network Access Control Lists Basics"},"content":{"rendered":"

This is not part of the course, but noted from my own experience<\/p>\n

Important INBOUND Rules<\/h2>\n\n\n\n\n\n\n\n\n
Type<\/th>\nProtocol<\/th>\nPort Range<\/th>\nSource<\/th>\nRule<\/th>\nNote<\/th>\n<\/tr>\n
All Traffic<\/td>\nALL<\/td>\nALL<\/td>\n10.0.0.0\/16<\/td>\nAllow<\/td>\nAccept all communications from any resource on the VPC<\/td>\n<\/tr>\n
All ICMP<\/td>\nICMP<\/td>\nALL<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nPing<\/td>\n<\/tr>\n
SSH<\/td>\nTCP<\/td>\n22<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nSSH Access<\/td>\n<\/tr>\n
HTTP<\/td>\nTCP<\/td>\n80<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nWeb Traffic<\/td>\n<\/tr>\n
Custom TCP<\/td>\nTCP<\/td>\n32768-65535<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nAllow incoming traffic for yum, curl, aws, etc. (Ephemeral Ports)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Important OUTBOUND Rules<\/h2>\n\n\n\n\n\n\n\n\n
Type<\/th>\nProtocol<\/th>\nPort Range<\/th>\nSource<\/th>\nRule<\/th>\nNote<\/th>\n<\/tr>\n
All Traffic<\/td>\nALL<\/td>\nALL<\/td>\n10.0.0.0\/16<\/td>\nAllow<\/td>\nPermit all communications to any resource on the VPC<\/td>\n<\/tr>\n
All ICMP<\/td>\nICMP<\/td>\nALL<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nPing<\/td>\n<\/tr>\n
HTTP<\/td>\nTCP<\/td>\n80<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\ncurl<\/td>\n<\/tr>\n
HTTPS<\/td>\nTCP<\/td>\n443<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nyum, aws<\/td>\n<\/tr>\n
Custom TCP<\/td>\nTCP<\/td>\n32768-65535<\/td>\n0.0.0.0\/0<\/td>\nAllow<\/td>\nAllow outgoing traffic for all allowed incoming ports (Ephemeral Ports)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

This is not part of the course, but noted from my own experience Important INBOUND Rules Type Protocol Port Range Source Rule Note All Traffic ALL ALL 10.0.0.0\/16 Allow Accept all communications from any resource on the VPC All ICMP ICMP ALL 0.0.0.0\/0 Allow Ping SSH TCP 22 0.0.0.0\/0 Allow SSH Access HTTP TCP 80 ..<\/p>\n

<\/div>\n

Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,22,21],"tags":[],"class_list":["post-700","post","type-post","status-publish","format-standard","hentry","category-amazon-web-services-aws","category-networking-amazon-web-services-aws","category-vpc"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=700"}],"version-history":[{"count":3,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/700\/revisions"}],"predecessor-version":[{"id":703,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/700\/revisions\/703"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}