Hi Jon, to be honest, I would not know answer to that - this is not part of VPC if I understand correctly ? If so, I can't really tell, but again, its worth checking both GUI and API eventually to see if such thing is supported. When configuring such thing (static NAT) to a VM inside VPC - same rules apply for ACL - NAT is just replacing IP inside the IP packet, but you still need to allow traffic and so on, via ACLs.
Best On Wed, 18 Jul 2018 at 18:30, Jon Marshall <[email protected]> wrote: > Hi Andrija > > > Following on from that if you are using an isolated guest network and > static IP for NAT to a VM private IP is there anyway in the IP address > firewall configuration to deny certain traffic as well as permit traffic. > > > Jon > > > ________________________________ > From: Andrija Panic <[email protected]> > Sent: 18 July 2018 16:17 > To: users > Subject: Re: VPC ACLs SRC and DST > > Hi Adam, > > unless something has changed in most recent version (doubt that) - no, you > can only define one CIDR in each ACL rule, which, if creating > egress/outbound rule is considered as destination IP/CIDR to which you > alow/deny access from your VPC network, or if using ingress (inbound) rule, > then this CIDR represents the SOURCE from which access is allowed/denied to > your VPC network (whole VPC network in both cases - i.e. it's not granular > on single IP/VM level - for this you need to use local firewall if really > needed) > > Hope that answers your question. > > > Andrija > > On Wed, 18 Jul 2018 at 17:07, Adam Witwicki <[email protected]> > wrote: > > > Hello > > > > Is there a way we can add the DST IP to the ACL lists in a VPC as well as > > the SRC IP (outbound) > > > > Thanks > > > > Adam > > > > > > > > Disclaimer Notice: > > This email has been sent by Oakford Technology Limited, while we have > > checked this e-mail and any attachments for viruses, we can not guarantee > > that they are virus-free. You must therefore take full responsibility for > > virus checking. > > This message and any attachments are confidential and should only be read > > by those to whom they are addressed. If you are not the intended > recipient, > > please contact us, delete the message from your computer and destroy any > > copies. Any distribution or copying without our prior permission is > > prohibited. > > Internet communications are not always secure and therefore Oakford > > Technology Limited does not accept legal responsibility for this message. > > The recipient is responsible for verifying its authenticity before acting > > on the contents. Any views or opinions presented are solely those of the > > author and do not necessarily represent those of Oakford Technology > Limited. > > Registered address: Oakford Technology Limited, 10 Prince Maurice Court, > > Devizes, Wiltshire. SN10 2RT. > > Registered in England and Wales No. 5971519 > > > > > > -- > > Andrija Panić > -- Andrija Panić
