Estos contenidos se han traducido de forma automática para su comodidad, pero Huawei Cloud no garantiza la exactitud de estos. Para consultar los contenidos originales, acceda a la versión en inglés.
Centro de ayuda/ Virtual Private Cloud/ Preguntas frecuentes/ Seguridad/ Does a Security Group Rule or a ACL de red Rule Immediately Take Effect for Existing Connections After It Is Modified?
Actualización más reciente 2023-06-02 GMT+08:00
Ver PDF

Does a Security Group Rule or a ACL de red Rule Immediately Take Effect for Existing Connections After It Is Modified?

  • After a security group rule is modified, the new rule immediately takes effect for its original traffic. Security groups are stateful. Responses to outbound traffic are allowed to go in to the instance regardless of inbound security group rules, and vice versa. Security groups use connection tracking to track traffic to and from instances. If a security group rule is added, deleted, or modified, or an instance in the security group is created or deleted, the connection tracking for all instances in the security group will be automatically cleared. In this case, the inbound or outbound traffic of the instance will be considered to be new connections, which need to match the inbound or outbound security group rules to ensure that the rules take effect immediately and ensure the security of incoming traffic.
  • A modified ACL de red rule will not immediately take effect for its existing connections. It takes about 120 seconds for the new rule to take effect, and traffic will be interrupted during this period. To ensure that the traffic is immediately interrupted after the rule is changed, it is recommended that you configure security group rules.
Tema principal: Seguridad