Network ACLs

Question 1

What does NACL stand for?

Answer 1

Network Access Control List

Question 2

What are the default settings for the default NACL that comes with your VPC?

Answer 2

Allow all inbound and outbound traffic

Question 3

What are the default settings for a custom NACL?

Answer 3

Deny all inbound and outbound traffic until you add rules

Question 4

Do you have to associate a subnet with a NACL?

Answer 4

Yes

If you dont choose one, if associates with the default VPC

Question 5

Can you block IP addresses using NACLs?

Answer 5

Yes

Question 6

Can you associate a subnet with more than one NACL?

Answer 6

No

_{(When you associate a subnet with a new NACL, the old association is removed)}

Question 7

Suppose the custom NACL associated with my subnet has inbound rules:

• Rule 100 DENY from all IPs
• Rule 400 ALLOW from IP X

What will happen when I try to access the subnet from IP X?

Answer 7

Deny

When NACL numbered rules are evaluated, precedence is given from the lowest number to the highest number

Question 8

Suppose the custom NACL associated with my subnet has inbound rules:

• Rule 100 ALLOW from all IPs
• Rule 400 DENY from IP X

What will happen when I try to access the subnet from my IP Y != X?

Answer 8

Traffic will be allowed in but NOT back out!

• NACLs have separate inbound and outbound rules, and each can either allow or deny
• NACLs are stateless, responses allowed to inbound traffic are subject to outbound traffic