Reputation: 1148
Does the Domain-list rule groups in AWS Network Firewall applies for inbound traffic?
I am currently learning about AWS network firewall. I created firewall with a domain-list rule where I was blocking certain domains. My assumption was that every requests to the protected subnets ( subnets which are inspected by the firewall) is inspected by the firewall and hence if I made a call like curl -H "Origin: https://blocked-domain.com" https://my-alb-in-protected-subnet.com then it will be blocked. But this request was successful.
Also I noticed that the rule works on the outbound traffic. I tried to make a curl to blocked-domains from an ec2 instance running inside the protected subnet and it got blocked successfully.
So does it mean that, the domain-list rule only applies on outbound traffic on the protected subnets ?
Appreciate your help to clarify this 🙏🏼
AWS network firewall : https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html Domain list rule : https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html
Upvotes: 0
Views: 1277
Answers (1)
Reputation: 1148
The Stateless Domainlist rule group type is only applied to the outbound. This detail is not mentioned in the user guide, but its mentioned in the FAQ
Upvotes: 0
Related Questions
- AWS EC2 > IGW Outbound Traffic Filtering by Domain or URL
- Outbound rules in a security group
- Inbound rules for security groups
- security group aws specific ip http/https blocks everything
- aws ec2 - when would inbound and outbound rule apply
- Adding inbound rules to aws ec2 instance
- AWS Firewall rules
- IP whitelisting for local machine on ec2 instance using inbound rules in security group
- EC2 Security Group inbound rule not working as expected
- Do AWS security rules make changes to IPtables?