Inbound Traffic Can Only Access Specified Ports
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
vpc-sg-restricted-common-ports |
|
Identifier |
vpc-sg-restricted-common-ports |
|
Description |
If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is noncompliant. |
|
Tag |
vpc |
|
Trigger Type |
Configuration change |
|
Filter Type |
vpc.securityGroups |
|
Configure Rule Parameters |
blockedPorts: indicates the list of ports to be restricted. This is an array type parameter. The default value is 20, 21, 3306, and 3389.
|
Rule Logic
- If a security group does not allow all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is compliant.
- If a security group allows all IPv4 and IPv6 traffic (with the source address set to 0.0.0.0/0 or ::/0) to the specified ports, this security group is noncompliant.
A security group typically contains multiple rules, and these rules follow a certain order to take effect. For details, see How Traffic Matches Security Group Rules. This Config rule bypasses all Deny rules. If any Allow rule is detected, the security group which the rule belongs to will be considered noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
