Re: VPC ACLs SRC and DST
to be honest, I would not know answer to that - this is not part of VPC if
I understand correctly ? If so, I can't really tell, but again, its worth
checking both GUI and API eventually to see if such thing is supported.
When configuring such thing (static NAT) to a VM inside VPC - same rules
apply for ACL - NAT is just replacing IP inside the IP packet, but you
still need to allow traffic and so on, via ACLs.
On Wed, 18 Jul 2018 at 18:30, Jon Marshall <jms.123@xxxxxxxxxxxxx> wrote:
> Hi Andrija
> Following on from that if you are using an isolated guest network and
> static IP for NAT to a VM private IP is there anyway in the IP address
> firewall configuration to deny certain traffic as well as permit traffic.
> From: Andrija Panic <andrija.panic@xxxxxxxxx>
> Sent: 18 July 2018 16:17
> To: users
> Subject: Re: VPC ACLs SRC and DST
> Hi Adam,
> unless something has changed in most recent version (doubt that) - no, you
> can only define one CIDR in each ACL rule, which, if creating
> egress/outbound rule is considered as destination IP/CIDR to which you
> alow/deny access from your VPC network, or if using ingress (inbound) rule,
> then this CIDR represents the SOURCE from which access is allowed/denied to
> your VPC network (whole VPC network in both cases - i.e. it's not granular
> on single IP/VM level - for this you need to use local firewall if really
> Hope that answers your question.
> On Wed, 18 Jul 2018 at 17:07, Adam Witwicki <awitwicki@xxxxxxxxxxxxx>
> > Hello
> > Is there a way we can add the DST IP to the ACL lists in a VPC as well as
> > the SRC IP (outbound)
> > Thanks
> > Adam
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not guarantee
> > that they are virus-free. You must therefore take full responsibility for
> > virus checking.
> > This message and any attachments are confidential and should only be read
> > by those to whom they are addressed. If you are not the intended
> > please contact us, delete the message from your computer and destroy any
> > copies. Any distribution or copying without our prior permission is
> > prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before acting
> > on the contents. Any views or opinions presented are solely those of the
> > author and do not necessarily represent those of Oakford Technology
> > Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> > Devizes, Wiltshire. SN10 2RT.
> > Registered in England and Wales No. 5971519
> Andrija Panić