Skip to navigationSkip to main contentSkip to footerScaleway Docs HomepageAsk our AI
Ask our AI
Log inSign up

How to use Network ACLs

A Network Access Control List (ACL) is a list of stateless rules that allow you to control traffic between the different Private Networks of a VPC. By default, the list is empty, and traffic is therefore unrestricted.

Read more about the features and behavior of Network ACLs in our dedicated reference content.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

How to create a rule

InformationOutlineIcon
Note

Network ACL rules can target either IPv4 or IPv6 traffic, and are evaluated separately. To apply the same rule to both IPv4 and IPv6 traffic, you must create two separate rules.

  1. Click VPC in the Network section of the Scaleway console side menu. A listing of your VPCs displays.

  2. Use the region selector at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing.

  3. Click the Network ACL tab. A listing of the current rules displays.

  4. Click Edit rules to enter edit mode.

  5. Click + Add IPv4 rule or + Add IPv6 rule depending on the type of traffic you want to filter. A creation wizard displays.

  6. Fill in the following fields to define your rule:

    • Protocol: Select the protocol the rule applies to (All, TCP, UDP, or ICMP).
    • Source: Enter the IP address or range (in CIDR notation) and the Port or range of the traffic source. Tick All IPs and/or All ports to match any value.
    • Destination: Enter the IP address or range (in CIDR notation) and the Port or range of the traffic destination. Tick All IPs and/or All ports to match any value.
    • Action: Select Allow to permit matching traffic, or Deny to block it.
    • Description (optional): Enter a short description to help identify the rule.
    • Position in list: Select Add to top or Add to bottom to set the rule's priority. Rules are evaluated from top to bottom, and the first matching rule applies.
    • Create inverse rule (optional): Tick this box to automatically create a second rule with the source and destination swapped, to cover return traffic.

  7. Click Add to create the rule. The new rule displays in the listing.

  8. Click Save changes to apply your modifications.

How to manage rules

  1. Click VPC in the Network section of the Scaleway console side menu. A listing of your VPCs displays.

  2. Use the region selector at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing.

  3. Click the Network ACL tab. A listing of the current rules displays.

  4. Click Edit rules to enter edit mode.

  5. Use the up and down arrows to arrange the rules as necessary. Rules are evaluated from top to bottom, and the first matching rule applies.

  6. Click Save changes once finished.

Modifications to rules and rule ordering take effect immediately.

InformationOutlineIcon
Note

Remember to apply the same rule to the other IP version if required.

How to delete a rule

  1. Click VPC in the Network section of the Scaleway console side menu. A listing of your VPCs displays.

  2. Use the region selector at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing.

  3. Click the Network ACL tab. A listing of the current rules displays.

  4. Click Edit rules to enter edit mode.

  5. Click the icon next to the rule you want to delete.

  6. Click Save changes to confirm.

See Also
ArrowLeftIconHow to manage routing on a VPCHow to delete a Private NetworkArrowRightIcon
Still need help?

Create a support ticketArrowRightIcon
No Results