Certified Security - Specialty

Sign Up Free or Log In to participate!

NACL – ALLOW/DENY priority

If I have an inbound rule number 100 for a NACL that Denies access to Port 3343 and then another inbound rule number 200 that Allows ephemeral ports (1024-65525) will port 3343 be allowed or denied?

1 Answers

NACL rules are processed in order, so the 100 rule would be hit first.  Port 3343 would be denied.  For details see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-basics

Joao da Graca

Ok, so it explicitly denies it in the first rule so the same port in allowed in the second rule will be ignored?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?