In security groups, if you add an inbound rule for port 80, then an outbound rule for port 80 it is automatically added. You don't need to explicitly add an outbound rule in security groups if you add an inbound rule. This is not true in NACL i.e., the inbound and outbound rules have to be defined explicitly.
FAQ 1:
Suppose I add an inbound rule for port 80 in a security group, an outbound rule for port 80 will be added by default. In this case, will I see an explicit outbound rule for port 80 in that security group in AWS console?
Ans:
No. It is inherently added.
FAQ 2:
I don't want to allow incoming traffic on port 80 but to deny all incoming traffic on port 80 - How to do this in a security group?
Ans:
You don't need to do anything for this in a security group because everything is denied by default in security groups. This means, you set rules only to allow. On contradiction, in NACLs, you can set rules both to deny and allow. This gives you more control.
Comments
Post a Comment