The default security group automatically created by the system and the default rules of the security group created by yourself

This article introduces the default security group automatically created by the system and the default rules of the security group created by yourself, and focuses on the specific steps.

Default rules for security groups

This article introduces the default security groups automatically created by the system and the default rules for the security groups you create yourself.

Description

Security groups are stateful. If the data packet is allowed in the outbound direction, then the corresponding connection is also allowed in the inbound direction. For more concepts related to security groups, see Security Groups.

The default security group automatically created by the system

When creating an ECS instance in a region, if the current account has not yet created a security group in this region , you can select the default security group automatically created by the system, as shown in the figure below.

The default rules in the default security group only set inbound rules for ICMP protocols, SSH port 22, RDP port 3389, HTTP port 80, and HTTPS port 443. Different network types have different security group rules.

VPC: VPC type security group rules do not distinguish between the intranet and the public network. Public network access to VPC type ECS instances is completed through private network card mapping. Therefore, you cannot see the public network card inside the instance, and you can only set intranet rules in the security group. Security group rules take effect on both the intranet and the public network. The default rules of the VPC type default security group are as shown in the following table.

The default rules of the classic network default security group are as shown in the following table.

Description

The priority of the default security group rule is 110, which means that the priority of the default rule is always lower than the security group rule you add manually and can be overwritten at any time. When adding security group rules manually, the priority range is [1, 100]. For information about the priority of security group rules, see ECS security group rule priority description.

Based on business needs, you can add security group rules to the default security group.

Security group created by yourself

After creating the security group and before adding any security group rules, the default rules for the intranet and public network are as follows :

Outbound direction: All access allowed.

Inbound direction: Deny all access.

If your instance is in such a new security group, you can only use the management terminal to connect to the ECS instance, but you cannot log in to the instance through remote connection software, whether you use username and password authentication to connect to the Linux instance or use The software connects to Windows instances.

Based on business needs, you can add security group rules to your self-created security group.

The above is the detailed content of The default security group automatically created by the system and the default rules of the security group created by yourself. For more information, please follow other related articles on the PHP Chinese website!