Shulou(Shulou.com)06/02 Report--

This article mainly introduces the default security group automatically created by the system and what are the default rules of the security group created by yourself. what is introduced in this article is very detailed and has a certain reference value. Interested friends must finish reading it!

Security group default rules

This article describes the default security groups that the system automatically creates and the default rules for security groups that you create yourself.

Description

The security group is stateful. If the packet is allowed in the outgoing direction (Outbound), then the corresponding connection is also allowed in the inbound direction (Inbound). For more concepts related to security groups, see Security groups.

Default security group automatically created by the system

When creating an ECS instance in a region, if the current account has not created a security group in this region, you can select the default security group automatically created by the system, as shown in the following figure.

The default rules in the default security group only set the entry direction rules for ICMP protocol, SSH port 22, RDP port 3389, HTTP port 80, and HTTPS port 443. Security group rules vary from network type to network type.

VPC:VPC type security group rules do not distinguish between private network and public network. The public network access of a VPC ECS instance is completed through the mapping of the private network Nic. Therefore, you cannot see the public network Nic inside the instance, and you can only set private network rules in the security group. Security group rules take effect on both private and public networks. The default rules for the VPC type default security group are shown in the following table.

The default rules for the classic network default security group are shown in the following table.

Description

The default security group rule has a priority of 110, indicating that the default rule is always lower in priority than the security group rule you manually added and can be overridden at any time. When adding security group rules manually, the priority range is [1100]. For information about the priority of security group rules, see the ECS Security Group Rule priority description.

Depending on your business needs, you can add security group rules to the default security group.

Self-created security group

After creating a security group, before adding any security group rules, the default rules for private network and public network are as follows:

Exit direction: all access is allowed.

Direction of entry: deny all access.

If your instance is in such a new security group, you can only use the management terminal to connect to the ECS instance, but you cannot log in to the instance through remote connection software, whether you use username and password authentication to connect to the Linux instance or software to connect to the Windows instance.

According to your business needs, you can add security group rules to the self-built security group.

The above are all the contents of the default security group automatically created by the system and what are the default rules of the security group created by yourself. Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.