Unrestricted network ACL outbound traffic
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

Unrestricted network ACL outbound traffic

Classification:

compliance

Overview

Description

Investigate AWS Network Access Control Lists (NACLs) for rules that utilize multiple ports and limit outbound traffic access to a specific port range.

Rationale

Eliminate the threat of unauthorized access by setting a specified port range.

Remediation

Console

Follow the Adding and deleting rules docs to limit ingress traffic access based on port range.

CLI

  1. Run replace-network-acl-entry to create a rule that sets a specific port range for egress traffic.

    replace-network-acl-entry.sh

        aws ec2 replace-network-acl-entry
            --network-acl-id id-01234567
            --egress
            --rule-number 02
            --protocol tcp
            --port-range From=000,To=000
            --rule-action allow