feat(nacl): finish doc

Author: RoRoJ

menu/navigation.json

@@ -3078,6 +3078,10 @@
                     "label": "Understanding DNS",
                     "slug": "dns"
                   },
+                  {
+                    "label": "Understanding NACLs",
+                    "slug": "understanding-nacls"
+                  },
                   {
                     "label": "Getting the most from Private Networks",
                     "slug": "getting-most-private-networks"

pages/vpc/concepts.mdx

@@ -65,7 +65,7 @@ When an IPv6-compatible resource is attached to a Private Network, it has a priv
 ## Network ACL
 
 <Message type="important">
-NACLs are currently in Public Beta, and available only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. They will be coming soon to the Scaleway console.
+NACLs are currently in Public Beta, and configurable only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. This feature will be coming soon to the Scaleway console.
 </Message>
 
 A VPC's Network **A**ccess **C**ontrol **L**ist is composed of stateless rules to control the flow of traffic between Private Networks. By default, the list contains no rules and therefore traffic is allowed to flow unrestrictedly between the VPC's Private Networks. Add rules to the list to start creating restrictions. [Take a deeper diver into NACLs](/vpc/reference-content/understanding-nacls/).

pages/vpc/faq.mdx

@@ -46,6 +46,18 @@ This is not currently possible. You may consider using a VPN tunnel to achieve t
 
 Managed Databases do not currently support VPC routing - see our [dedicated documentation](/vpc/reference-content/understanding-routing/#limitations)
 
+## Can I control traffic flow between my VPC's Private Networks?
+
+Yes, use the [Network ACL feature](/vpc/how-to/manage-nacl) to filter packets flowing between the different Private Networks of your VPC. By default all traffic is allowed to pass, until you start to add rules to the VPC's NACL.
+
+<Message type="important">
+NACLs are currently in Public Beta, and configurable only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. This feature will be coming soon to the Scaleway console.
+</Message>
+
+## How are NACLs different to security groups?
+
+[Security groups](/instances/how-to/use-security-groups/) filter **public** traffic on your Instances, whereas NACLs filter traffic to/from Private Networks only.
+
 ## Private Networks
 
 ### What are Private Networks?

pages/vpc/index.mdx

@@ -6,9 +6,9 @@ meta:
 
 <Alert
   sentiment="info"
-  title="VPC Basic Use Case"
+  title="Network Access Control List"
 >
-  Read our [Basic VPC use case](/vpc/reference-content/use-case-basic/) documentation for full details of how to create a simple infrastructure that leverages the advantages of Private Networks, including accompanying Terraform/OpenTofu templates.
+  Network Access Control Lists (NACLs) are now in Public Beta, allowing you to control routing between the Private Networks of your VPC. Currently, NACLs are configurable only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. This feature will be coming soon to the Scaleway console..
 
 </Alert>
 

pages/vpc/reference-content/assets/scaleway-nacl-diag-detail.webp

@@ -14,10 +14,10 @@ categories:
 ---
 
 <Message type="important">
-NACLs are currently in Public Beta, and available only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. They will be coming soon to the Scaleway console.
+NACLs are currently in Public Beta, and configurable only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. This feature will be coming soon to the Scaleway console.
 </Message>
 
-Every VPC has a Network **A**ccess **C**ontrol **L**ist (NACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks fo the VPC. By default, at first the list contains no rules and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow  according to your requirements.
+Every VPC has a Network **A**ccess **C**ontrol **L**ist (NACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, at first the list contains no rules and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow  according to your requirements.
 
 This document sets out general information and best practices about Scaleway VPC NACLs.
 
@@ -67,7 +67,7 @@ Therefore, if you create a rule to allow traffic in one direction, you may also
 
 Each NACL must have a default rule, which applies its action to all traffic that did not match any other rules in the list.
 
-Best practice is to set your default rule to **Deny** (drop), and for all other rules to use the **Allow** (accept) action. In this way, you have fine-grained control over the traffic that is allowed to flow, and all other traffic is blocked by default.
+Best practice is to set your default rule to **Deny**, and for all other rules to use the **Allow** action. In this way, you have fine-grained control over the traffic that is allowed to flow, and all other traffic is blocked by default.
 
 Nonetheless, you can choose to set your default rule to **Allow** if you wish. In this case, all other rules in the list should use the **Deny** action, to filter out the specific traffic you want to block. All other traffic will be permitted by the default rule.