If I have an inbound rule number 100 for a NACL that Denies access to Port 3343 and then another inbound rule number 200 that Allows ephemeral ports (1024-65525) will port 3343 be allowed or denied?
NACL rules are processed in order, so the 100 rule would be hit first. Port 3343 would be denied. For details see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-basics
Ok, so it explicitly denies it in the first rule so the same port in allowed in the second rule will be ignored?