osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPC ACLs SRC and DST


Hi Jon,

to be honest, I would not know answer to that - this is not part of VPC if
I understand correctly ? If so, I can't really tell, but again, its worth
checking both GUI and API eventually to see if such thing is supported.
When configuring such thing (static NAT) to a VM inside VPC - same rules
apply for ACL - NAT is just replacing IP inside the IP packet, but you
still need to allow traffic and so on, via ACLs.

Best

On Wed, 18 Jul 2018 at 18:30, Jon Marshall <jms.123@xxxxxxxxxxxxx> wrote:

> Hi Andrija
>
>
> Following on from that if you are using an isolated guest network and
> static IP for NAT to a VM private IP is there anyway in the IP address
> firewall configuration to deny certain traffic as well as permit traffic.
>
>
> Jon
>
>
> ________________________________
> From: Andrija Panic <andrija.panic@xxxxxxxxx>
> Sent: 18 July 2018 16:17
> To: users
> Subject: Re: VPC ACLs SRC and DST
>
> Hi Adam,
>
> unless something has changed in most recent version (doubt that) - no, you
> can only define one CIDR in each ACL rule, which, if creating
> egress/outbound rule is considered as destination IP/CIDR to which you
> alow/deny access from your VPC network, or if using ingress (inbound) rule,
> then this CIDR represents the SOURCE from which access is allowed/denied to
> your VPC network (whole VPC network in both cases - i.e.  it's not granular
> on single IP/VM level - for this you need to use local firewall if really
> needed)
>
> Hope that answers your question.
>
>
> Andrija
>
> On Wed, 18 Jul 2018 at 17:07, Adam Witwicki <awitwicki@xxxxxxxxxxxxx>
> wrote:
>
> > Hello
> >
> > Is there a way we can add the DST IP to the ACL lists in a VPC as well as
> > the SRC IP (outbound)
> >
> > Thanks
> >
> > Adam
> >
> >
> >
> > Disclaimer Notice:
> > This email has been sent by Oakford Technology Limited, while we have
> > checked this e-mail and any attachments for viruses, we can not guarantee
> > that they are virus-free. You must therefore take full responsibility for
> > virus checking.
> > This message and any attachments are confidential and should only be read
> > by those to whom they are addressed. If you are not the intended
> recipient,
> > please contact us, delete the message from your computer and destroy any
> > copies. Any distribution or copying without our prior permission is
> > prohibited.
> > Internet communications are not always secure and therefore Oakford
> > Technology Limited does not accept legal responsibility for this message.
> > The recipient is responsible for verifying its authenticity before acting
> > on the contents. Any views or opinions presented are solely those of the
> > author and do not necessarily represent those of Oakford Technology
> Limited.
> > Registered address: Oakford Technology Limited, 10 Prince Maurice Court,
> > Devizes, Wiltshire. SN10 2RT.
> > Registered in England and Wales No. 5971519
> >
> >
>
> --
>
> Andrija Panić
>


-- 

Andrija Panić