NHN Cloud provides the network access control list (ACL) function. This function allows you to control access per protocol, IP address, and port. This service is currently only available in the Korea (Pyeongchon) region, and will be supported by other regions gradually.
You can use the ACL function to control packets coming into the network. This function is different from the security group, and the differences are as follows:
[Note] Security Group vs Network ACL
Classification Security Group Network ACL Remark Control target Instance Network, Instance Configuration target Protocol, IP, port setting Protocol, IP, port setting For ACL, you can choose between blacklist and whitelist Controlled traffic Inbound/outbound traffic
selectablesrc/dst address selectable Access control type Set only the allow policy Allow/Deny policy selectable
For inbound/outbound traffic, the network ACL setting takes precedence over the security group setting. Even if traffic is allowed in the network ACL setting, it can be blocked by the security group, so you should check both settings.
To use the network ACL function, you need to configure the following.
[Note]
Network and ACL behaviors
- Deleting a network also deletes its ACL binding, but ACL itself remains intact.
- If there is any network bound to an ACL, the ACL cannot be deleted.
- If an ACL rule is added or deleted, the change is also applied to all networks bound to the ACL.