By default all inbound traffic is allowed to the ports in the range 1-65535 . We will give some examples that would clarify this question:
1. Let's say you want to close tcp ports 80 and 443 , in this case, you need to delete the old rule for tcp traffic that allows entire traffic and add the following:
“Ingress” Tcp “CIDR”: 0.0.0.0/0 Port range: 0-79 “Ingress” Tcp “CIDR”: 0.0.0.0/0 Port range: 81-442 “Ingress” Tcp “CIDR”: 0.0.0.0/0 Port range: 444-65535In this case, 80 and 443 tcp ports will be closed for inbound traffic.
2. Let's say you need to restrict access to mysql for multiple ip addresses , mysql uses port 3306 . As the first step, you need to remove the rule allowing access to all ports "Ingress tcp 0.0.0.0/0 0-65535" , then add the following:
Ingress Tcp 0.0.0.0/0 0-3305 Ingress Tcp 0.0.0.0/0 3307-65535 Ingress Tcp 1.2.3.4/24 3306-3306 Ingress Tcp 4.3.2.1/24 3306-3306In this case, the access to port 3306 is closed for all incoming requests, except for subnets 1.2.3.4-255 and 4.3.2.1-255. Pretty simple? Yes? If not, ask our support! We are always ready to help you with this stuff!