Login
      Contents x
      Network ACL
        • Print
        • PDF
        Contents

        Network ACL

          • Print
          • PDF
          Article Summary

          Available in VPC

          Network ACL and ACG

          NAVER Cloud Platform provides two features to enhance the VPC security, network ACL and ACG. You can build a robust network security system by using network ACL to control access to subnets, as well as use ACG to control communication security for servers within subnets.

          The following is the summary of characteristics and differences of network ACL and ACG.

          vpc-nacl-vpc_diagram_ko

          Network ACLACG
          Works when access to subnet is madeWorks when access to server is made
          Both allow and block rules for inbound/outbound traffic are configured.Only allow rules for inbound/outbound traffic are configured.
          Stateless method - inbound and outbound rules need to be configured separately since it doesn't save traffic status.Stateful method - traffic allowed by inbound rules is automatically allowed for outbound direction since it saves traffic status.
          Rules are prioritized when deciding whether to allow the traffic.All rules are evaluated before deciding whether to allow the traffic.
          Applied to all servers in the target subnet (no need to rely on the user specifying the ACG.)Applied only when specifying a security group at server startup, or when connecting the security group to instances

          Network ACL page

          The basics of using network ACL are as follows.

          vpc-nacl-vpc-screen_ko

          AreaDescription
          ① Menu nameName of the menu currently being viewed, number of network ACLs created
          ② Basic featuresCreate network ACL, refresh the network ACL page
          ③ Post-creation featuresModify a network ACL rule created, delete network ACL
          ④ Search windowEnter a search word, and then click the i-vpc_find button to search for the item
          ⑤ Search filterSpecify the range of network ACL to search.
          ⑥ Network ACL listView the list of created network ACLs and their information.

          View network ACL list

          You can check the information of each network ACL from the list of network ACLs that have been created and are in operation. The following describes how to view the information.

          Note

          A default network ACL is created automatically and can be seen on the list when you create a VPC.

          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > ACL rule menus, in that order.
          3. When the list of created network ACLs appears, view the summarized information or click a network ACL to check the details.
            vpc-nacl-vpc-screen1_ko
            • Network ACL name: name of the network ACL
            • Network ACL ID: ID value of the network ACL
            • VPC name: name of the VPC where the network ACL belongs
            • Number of applied subnets: number of subnets to which the network ACL is applied
            • [Inbound rules] tab: the list of inbound rules set on the network ACL
            • [Outbound rules] tab: the list of outbound rules set on the network ACL
            • Number of inbound ACLs: number of inbound rules configured
            • Number of outbound ACLs: number of outbound rules configured
            • Creation date and time: date and time when the network ACL was created
            • Applied subnets: the list of subnets to which the network ACL is applied
            • Memo: This is the memo related to the network ACL, and it can be edited by clicking the [Edit] button.

          Create network ACL

          The following describes how to create a network ACL.

          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > ACL rule menus, in that order.
          3. Click the [Create network ACL] button.
            vpc-nacl-vpc-add_ko
          4. When the Create network ACL pop-up window appears, enter a name for the network ACL to create, and then select a VPC to apply.
            • A network ACL name should be 3 to 30 characters in English letters, numbers, and hyphens (-).
          5. Click the [Create] button.
          6. Check the network ACL created in the network ACL list in the ACL rule page.

          Set network ACL rules

          Inbound and outbound detailed rules can be set in the network ACL created. You can set detailed rules as follows.

          1. Select the network ACL to set rules from the ACL rule page, and then click the [Set rule] button.
          2. When the Set network ACL rules pop-up window appears, enter an inbound rule and click the [Add] button to add the rule.
            vpc-nacl-vpc-inboundset_ko
            • Priority: It indicates priority of the rule. Enter a number between 0 and 199.
            • Protocol: Select a protocol for the inbound traffic.
            • Access source: Enter an IP range for the inbound traffic, or a Deny-Allow group configured in advance.
            • Port: This is the port for the inbound traffic. Specify a port number or range.
            • Allow/Deny: Select whether to allow or deny the inbound traffic.
            • Memo: Enter a memo related to the inbound traffic.
            • i-vpc_delete: Delete the inbound rule added on the list.
          3. Click the [Outbound] tab to enter an outbound rule, and then click the [Add] button to add the rule.
            vpc-nacl-vpc-outboundset_ko
            • Priority: It indicates priority of the rule. Enter a number between 0 and 199.
            • Protocol: Select a protocol for the outbound traffic.
            • Destination: Enter an IP range for the outbound traffic, or a Deny-Allow group configured in advance.
            • Port: This is the port for the outbound traffic. Specify a port number or range.
            • Allow/Deny: Select whether to allow or deny the outbound traffic.
            • Memo: Enter a memo related to the outbound traffic.
            • i-vpc_delete: Delete the outbound rule added on the list.
          4. Click the [Apply] button.
          5. Click the network ACL from the network ACL list to check the rules configured.

          Delete network ACL

          The following describes how to delete a network ACL created.

          Note

          The network ACL is not going to be deleted in the following cases.

          • The default network ACL created automatically
          • The network ACL that is applied to one or more subnets
          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > ACL rule menus, in that order.
          3. Click a network ACL to delete, and then click the [Delete] button.
          4. When the Delete network ACL pop-up window appears, click the [Delete] button.

          Set Deny-Allow group

          Deny-Allow group is a group of multiple IPs. It can be used as an access source or destination when setting inbound/outbound rules in a network ACL.

          Deny-Allow group page

          The basics of using Deny-Allow group are as follows.

          vpc-nacl-vpc_groupscreen_ko

          AreaDescription
          ① Menu nameName of the menu currently being viewed, number of Deny-Allow groups created
          ② Basic featuresCreate Deny-Allow group, refresh the Deny-Allow group page
          ③ Post-creation featuresSet IPs for a Deny-Allow group created, delete Deny-Allow group
          ④ Search windowEnter a search word, and then click the i-vpc_find button to search for the item
          ⑤ Search filterSpecify the range of Deny-Allow group to search
          ⑥ Deny-Allow group listView the list of Deny-Allow groups created and their information

          View Deny-Allow group list

          Information of each group can be viewed from the list of Deny-Allow groups created. The following describes how to view the information.

          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > Deny-Allow group menus, in that order.
          3. When the Deny-Allow group list appears, view the summarized information or click a Deny-Allow group to check the details.
            vpc-nacl-vpc_groupscreen1_ko
            • Deny-Allow group name: name of the Deny-Allow group
            • Deny-Allow group ID: ID value of the Deny-Allow group
            • VPC name: name of the VPC where the Deny-Allow group belongs
            • Number of ACL rules applied: the number of network ACLs where the Deny-Allow group is applied
            • Network ACL applied: the list of network ACLs where the Deny-Allow group is applied
            • Registered IPs: the list of IP addresses that have been registered to the Deny-Allow group
            • Memo: This is the memo related to the Deny-Allow group, and it can be edited by clicking the [Edit] button.

          Create Deny-Allow group

          The following describes how to create a Deny-Allow group.

          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > Deny-Allow group menus, in that order.
          3. Click the [Create group] button.
            vpc-nacl-vpc-groupadd_ko
          4. When the Create Deny-Allow group pop-up window appears, enter a name of the Deny-Allow group to create, and then select a VPC to apply.
            • A Deny-Allow group name should be 3 to 30 characters in English letters, numbers, and hyphens (-).
          5. Click the [Create] button.
          6. Check the created group from the Deny-Allow group list in the Deny-Allow group page.
          Note

          Up to 4 Deny-Allow groups can be created per one VPC.

          Add IPs to Deny-Allow group

          You can add IPs to a Deny-Allow group created. The following describes how to add IPs.

          1. Select the Deny-Allow group to add IPs from the Deny-Allow group page, and then click the [Set IP] button.

          2. When the Set Deny-Allow group pop-up window appears, enter IPs to add to the group.
            vpc-nacl-vpc-groupset_ko

            AreaDescription
            ① Input windowEnter an IP address to add
            • The input can be made in /32, so enter it without the subnet mask (/32).
            • Up to 100 IPs can be entered.
            Bulk inputClick when you want to add many IPs at once.
            • Separate each IP by adding a space using [Tab] and [Space] keys or entering a comma (,).
            • Click the [Apply] button to add them at once.
            CreateAdd the IPs entered to the list.
            DeleteDelete the selected IPs from the list.
            ⑤ IP listThe list of IPs that have been entered and added

          3. Click the [OK] button.

          4. Check the added IPs by clicking the Deny-Allow group from the Deny-Allow group list.

          Delete Deny-Allow group

          The following describes how to delete a Deny-Allow group created.

          Note

          The Deny-Allow groups that are being used by a network ACL rule are not going to be deleted. If you want to delete such a group, then delete the group from the network ACL rule where it's being used before proceeding with the deletion.

          1. From the NAVER Cloud Platform console's VPC environment, click the Services > Networking > VPC menus, in that order.
          2. Click the Network ACL > Deny-Allow group menus, in that order.
          3. Click the Deny-Allow group to delete, and then click the [Delete] button.
          4. When the Delete Deny-Allow group pop-up window appears, click the [Yes] button.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout