search
HomeOperation and MaintenanceLinux Operation and MaintenanceThe default security group automatically created by the system and the default rules of the security group created by yourself

This article introduces the default security group automatically created by the system and the default rules of the security group created by yourself, and focuses on the specific steps.

Default rules for security groups

This article introduces the default security groups automatically created by the system and the default rules for the security groups you create yourself.

Description

Security groups are stateful. If the data packet is allowed in the outbound direction, then the corresponding connection is also allowed in the inbound direction. For more concepts related to security groups, see Security Groups.

The default security group automatically created by the system

When creating an ECS instance in a region, if the current account has not yet created a security group in this region , you can select the default security group automatically created by the system, as shown in the figure below.

The default security group automatically created by the system and the default rules of the security group created by yourself

The default rules in the default security group only set inbound rules for ICMP protocols, SSH port 22, RDP port 3389, HTTP port 80, and HTTPS port 443. Different network types have different security group rules.

VPC: VPC type security group rules do not distinguish between the intranet and the public network. Public network access to VPC type ECS instances is completed through private network card mapping. Therefore, you cannot see the public network card inside the instance, and you can only set intranet rules in the security group. Security group rules take effect on both the intranet and the public network. The default rules of the VPC type default security group are as shown in the following table.

The default security group automatically created by the system and the default rules of the security group created by yourself

The default rules of the classic network default security group are as shown in the following table. The default security group automatically created by the system and the default rules of the security group created by yourself

Description

The priority of the default security group rule is 110, which means that the priority of the default rule is always lower than the security group rule you add manually and can be overwritten at any time. When adding security group rules manually, the priority range is [1, 100]. For information about the priority of security group rules, see ECS security group rule priority description.

Based on business needs, you can add security group rules to the default security group.

Security group created by yourself

After creating the security group and before adding any security group rules, the default rules for the intranet and public network are as follows :

Outbound direction: All access allowed.

Inbound direction: Deny all access.

If your instance is in such a new security group, you can only use the management terminal to connect to the ECS instance, but you cannot log in to the instance through remote connection software, whether you use username and password authentication to connect to the Linux instance or use The software connects to Windows instances.

Based on business needs, you can add security group rules to your self-created security group.

The above is the detailed content of The default security group automatically created by the system and the default rules of the security group created by yourself. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
什么是linux设备节点什么是linux设备节点Apr 18, 2022 pm 08:10 PM

linux设备节点是应用程序和设备驱动程序沟通的一个桥梁;设备节点被创建在“/dev”,是连接内核与用户层的枢纽,相当于硬盘的inode一样的东西,记录了硬件设备的位置和信息。设备节点使用户可以与内核进行硬件的沟通,读写设备以及其他的操作。

Linux中open和fopen的区别有哪些Linux中open和fopen的区别有哪些Apr 29, 2022 pm 06:57 PM

区别:1、open是UNIX系统调用函数,而fopen是ANSIC标准中的C语言库函数;2、open的移植性没fopen好;3、fopen只能操纵普通正规文件,而open可以操作普通文件、网络套接字等;4、open无缓冲,fopen有缓冲。

linux中什么叫端口映射linux中什么叫端口映射May 09, 2022 pm 01:49 PM

端口映射又称端口转发,是指将外部主机的IP地址的端口映射到Intranet中的一台计算机,当用户访问外网IP的这个端口时,服务器自动将请求映射到对应局域网内部的机器上;可以通过使用动态或固定的公共网络IP路由ADSL宽带路由器来实现。

linux中eof是什么linux中eof是什么May 07, 2022 pm 04:26 PM

在linux中,eof是自定义终止符,是“END Of File”的缩写;因为是自定义的终止符,所以eof就不是固定的,可以随意的设置别名,linux中按“ctrl+d”就代表eof,eof一般会配合cat命令用于多行文本输出,指文件末尾。

什么是linux交叉编译什么是linux交叉编译Apr 29, 2022 pm 06:47 PM

在linux中,交叉编译是指在一个平台上生成另一个平台上的可执行代码,即编译源代码的平台和执行源代码编译后程序的平台是两个不同的平台。使用交叉编译的原因:1、目标系统没有能力在其上进行本地编译;2、有能力进行源代码编译的平台与目标平台不同。

linux怎么判断pcre是否安装linux怎么判断pcre是否安装May 09, 2022 pm 04:14 PM

在linux中,可以利用“rpm -qa pcre”命令判断pcre是否安装;rpm命令专门用于管理各项套件,使用该命令后,若结果中出现pcre的版本信息,则表示pcre已经安装,若没有出现版本信息,则表示没有安装pcre。

linux中rpc是什么意思linux中rpc是什么意思May 07, 2022 pm 04:48 PM

在linux中,rpc是远程过程调用的意思,是Reomote Procedure Call的缩写,特指一种隐藏了过程调用时实际通信细节的IPC方法;linux中通过RPC可以充分利用非共享内存的多处理器环境,提高系统资源的利用率。

linux怎么查询mac地址linux怎么查询mac地址Apr 24, 2022 pm 08:01 PM

linux查询mac地址的方法:1、打开系统,在桌面中点击鼠标右键,选择“打开终端”;2、在终端中,执行“ifconfig”命令,查看输出结果,在输出信息第四行中紧跟“ether”单词后的字符串就是mac地址。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment