You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/vpc/how-to/manage-nacl.mdx
+12-3Lines changed: 12 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,20 +35,22 @@ You cannot use NACLs to restrict traffic flow over resources' public network int
35
35
36
36
- If you have already added rules to the list, then traffic flow is controlled according to the rules' restrictions:
37
37
38
-
<Lightboxsrc="scaleway-nacl-list.webp"alt="A screenshot of the NACL tab in the Scaleway console shows three rules: two with a DENY action, and then the final default rule for ALLOW." />
38
+
<Lightboxsrc="scaleway-nacl-screen.webp"alt="A screenshot of the NACL tab in the Scaleway console shows a list of rules." />
39
39
40
40
## How to read and interpret a NACL
41
41
42
-
The following guidance applies when reading a VPC's NACL.
42
+
The following guidance applies when reading a VPC's NACL. For more detailed information and examples, see our [in-depth guide to understanding NACLs](/vpc/reference-content/understanding-nacls/).
43
43
44
44
### IPv4 and IPv6
45
45
46
+
TODO REDO FOR LIST ABOVE ONCE CONSOLE AVAILABLE
46
47
<Lightboxsrc="scaleway-nacl-list-ip.webp"alt="A screenshot of the NACL tab in the Scaleway console highlights the IPv4-IPv6 toggle" />
47
48
48
49
IPv4 and IPv6 traffic is filtered separately. Each VPC has two distinct NACLs: one for IPv4 and one for IPv6. Use the toggle to switch between these lists. You must manage and create rules for each list separately.
49
50
50
51
### Rule priority and application
51
52
53
+
TODO REDO FOR LIST ABOVE ONCE CONSOLE AVAILABLE
52
54
<Lightboxsrc="scaleway-nacl-list-prio.webp"alt="A screenshot of the NACL tab in the Scaleway console indicates that the topmost rule in the list has the highest priority" />
53
55
54
56
**Read the list from from top to bottom**. Rules closer to the top of the list are applied first. If traffic matches an NACL rule for an **Allow** or **Deny** action, the action is applied immediately. That traffic is not then subject to any further filtering or any further actions by any rules that follow.
@@ -59,16 +61,23 @@ IPv4 and IPv6 traffic is filtered separately. Each VPC has two distinct NACLs: o
59
61
60
62
This means that if you create a rule to allow traffic in one direction, you may also need a separate rule to allow the response in the opposite direction. There is a functionality to auto-generate matching inverse rules for this purpose when creating a new rule.
61
63
64
+
TODO IMAGE WITH INVERSE RULE FOR POSTGRESQL (USE EXAMPLE ABOVE AND CREATE INVERSE)
65
+
62
66
### NACL default rule
63
67
64
68
<Lightboxsrc="scaleway-nacl-list-default.webp"alt="A screenshot of the NACL tab in the Scaleway console highlights the default rule at the bottom of the list" />
69
+
TODO REDO FOR LIST ABOVE ONCE CONSOLE AVAILABLE
65
70
66
71
**A default rule is auto-generated at the end of the list** This rule is generated at the moment you first start to edit your NACL. It carries out its action on all traffic that did not match any other rule in the list.
67
72
68
-
If you wish, you can modify the default rule to change its action from `DENY` to `ALLOW` (as in the screenshot above). In this case, it allows all traffic that did not match any other rule in the list, to pass.
73
+
If you wish, you can modify the default rule to change its action from `DENY` to `ALLOW`, to allow all traffic that did not match any other rule in the list, to pass. However, this is not considered best practice. It is recommended to leave the default rule of `DENY` and use specific `ALLOW` rules higher up the list.cd
69
74
70
75
## How to add rules to a NACL
71
76
77
+
<Messagetype="tip">
78
+
The steps below explain the mechanics of creating an NACL rule in the console. For help with constructing a meaningful and effective NACL, see our [in-depth guide to understanding NACLs](/vpc/reference-content/understanding-nacls/) for best practices and examples.
79
+
</Message>
80
+
72
81
1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/) side menu. The list of your VPCs displays.
73
82
74
83
2. Click the VPC whose NACL you want to view, then click the **Network ACL** tab.
Copy file name to clipboardExpand all lines: pages/vpc/index.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,9 +6,9 @@ meta:
6
6
7
7
<Alert
8
8
sentiment="info"
9
-
title="VPC Basic Use Case"
9
+
title="Secure your VPC with Network ACL rules"
10
10
>
11
-
Read our [Basic VPC use case](/vpc/reference-content/use-case-basic/) documentation for full details of how to create a simple infrastructure that leverages the advantages of Private Networks, including accompanying Terraform templates.
11
+
You can now filter and control traffic flow across the Private Networks of your VPC with our new [Network ACL](/vpc/reference-content/understanding-nacls/) feature.
0 commit comments