Network ACLs should enforce outbound traffic restrictions
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Investigate AWS Network Access Control Lists (NACLs) for rules that utilize multiple ports and limit outbound traffic access to a specific port range.
Rationale
Eliminate the threat of unauthorized access by setting a specified port range.
From the console
Follow the Adding and deleting rules docs to limit ingress traffic access based on port range.
From the command line
Run replace-network-acl-entry to create a rule that sets a specific port range for egress traffic.
replace-network-acl-entry.sh
aws ec2 replace-network-acl-entry
--network-acl-id id-01234567
--egress
--rule-number 02
--protocol tcp
--port-range From=000,To=000
--rule-action allow
