fix(vpc): fix nacl doc

Author: RoRoJ

pages/vpc/reference-content/understanding-nacls.mdx

@@ -7,7 +7,7 @@ content:
   paragraph: Learn how to Network Access Control Lists (NACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases.
 tags: vpc nacl network-access-control-list default-rule stateless inbound outbound port
 dates:
-  validation: 2025-03-26
+  validation: 2025-06-09
   posted: 2025-03-26
 categories:
   - network
@@ -29,13 +29,13 @@ When you start adding rules to your NACL, traffic flow is restricted between cer
 
 <Lightbox src="scaleway-nacl-diag-simple.webp" alt="A schema shows how the NACL sits at the intersection of two Private Networks in a Scaleway VPC" />
 
-NACL rules are stateless, meaning that the state of connections is not tracked, and return traffic is not automatically allowed, just because the outbound request was allowed. Explicit rules are required for each direction of traffic.
+NACL rules are stateless, meaning that the state of connections is not tracked, and return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic.
 
 NACLs only control traffic as it enters or exits the Private Network(s) of a VPC. They do not:
 - Filter traffic between resources attached to the same Private Network
 - Filter traffic from/to the public internet (for this, use [security groups](/instances/how-to/use-security-groups/) for Instances, or equivalent features for [other resource types](/ipam/reference-content/)).
 
-The diagram below shows how a NACL allows an Instance on Private Network A to send a packet to an Instance on Private Network.
+The diagram below shows how a NACL allows an Instance on Private Network A to send a packet to an Instance on Private Network B.
 
 However, an Instance on Private Network B is blocked from sending a packet to an Instance on Private Network A, because no specific rules allow it to do so, and the default rule is set to `Deny`.
 
@@ -51,15 +51,15 @@ When defining a NACL rule, you must enter the following settings:
 
 - **Source** and **destination**: The rule will apply to traffic originating from this source and being sent to this destination. For both, enter an IP range in [CIDR format](/vpc/concepts/#cidr-block), and a port or port range. Alternatively, you can opt for the rule to apply to all IPs and/or all ports.
 
-- **Action**: The NACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule, to proceed to its destination.
+- **Action**: The NACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule.
 
 ## Rule priority and application
 
 The Network Access Control List should be read from top to bottom. Rules closer to the top of the list are applied first. If traffic matches a rule for an **Allow** or **Deny** action, the action is applied immediately. That traffic is not then subject to any further filtering or any further actions by any rules that follow. 
 
 ## Statelessness
 
-**NACL rules are stateless**. This means the state of connections is not tracked, and inbound and outbound traffic is filtered separately. Return traffic is not automatically allowed, just because the outbound request was allowed. Explicit rules are required for each direction of traffic.
+**NACL rules are stateless**. This means the state of connections is not tracked, and inbound and outbound traffic is filtered separately. Return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic.
 
 Therefore, if you create a rule to allow traffic in one direction, you may also need a separate rule to allow the response in the opposite direction.