On 6/8/24 08:05, George at Clug wrote:
Is it possible to be aware of all the ports required by systems/services
like "AWS / Cloudflare / etc", such that it is possible to ensure any
firewalls that are put in place do not inhibit the features of these
systems?
In AWS you have a Virtual Private Cloud (VPC)
Inside the VPC you have one of more virtual private LANs. Within those
you can allocat a non-routable CIDR - minimum class c (/24).
You can allocate a non-routabble IPv6 CIDR,
You may allocate a public IPv4 Address that is connected by AWS to your
LAN via NAT.
Within the VPC you manage security policies that control the flow of
data between the various
Assuming your private IP range is 192.168.100.0/24
192.168.100.1 is the router
192.168.100.2 is the DNS server
192.168.100.3 - reserved
Firewalling is provided by policies managed by you for connections
between your different virtual private LANs and various AWS services and
your public IPs
You can add additional firewalls on your virtual hosts independent of
the AWS policies. You can also add security software like SELinux for
hosts that provide public services such as a web server.
By default AWS policies are blocking, so you need to enable any traffic
in the AWS policies as well as on your hosts.
If you want to access an AWS service such as S3 you need to add policy
VPC rules to allow that.
