阅读背景:

AWS:0.0.0.0/0和:: / 0是什么意思?

来源:互联网 

In security group, every inbound port I add, two rules are added, one for 0.0.0.0/0, the other ::/0. What do they each mean?

在安全组中,我添加的每个入站端口都添加了两个规则,一个用于0.0.0.0/0,另一个用于:: / 0。它们各自意味着什么?

2 个解决方案

#1


9  

The default route in Internet Protocol Version 4 (IPv4) is designated as the zero-address 0.0.0.0/0 in CIDR notation, often called the quad-zero route. The subnet mask is given as /0, which effectively specifies all networks, and is the shortest match possible.

Internet协议版本4(IPv4)中的默认路由被指定为CIDR表示法中的零地址0.0.0.0/0,通常称为四零路由。子网掩码为/ 0,它有效地指定所有网络,并且是可能的最短匹配。

The other would be for IPv6

另一个是IPv6

Source Default Route

源默认路由

AWS Documentation

AWS文档

Security Groups for Your VPC

您的VPC的安全组

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign the instance to up to five security groups. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

安全组充当您的实例的虚拟防火墙,以控制入站和出站流量。在VPC中启动实例时,可以将实例分配给最多五个安全组。安全组在实例级别而不是子网级别执行操作。因此,可以将VPC中子网中的每个实例分配给一组不同的安全组。如果在启动时未指定特定组,则会自动将实例分配给VPC的默认安全组。

For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

对于每个安全组,您可以添加控制实例的入站流量的规则,以及控制出站流量的单独规则集。

Default Security Group for Your VPC

您的VPC的默认安全组

Your VPC automatically comes with a default security group. Each EC2 instance that you launch in your VPC is automatically associated with the default security group if you don't specify a different security group when you launch the instance.

您的VPC自动附带默认安全组。如果在启动实例时未指定其他安全组,则在VPC中启动的每个EC2实例都会自动与默认安全组关联。

The following table describes the default rules for a default security group.

下表介绍了默认安全组的默认规则。

Inbound

入站

Source      The security group ID (sg-xxxxxxxx)
Protocol    All
Port Range  All
Comments    Allow inbound traffic from instances assigned to the same security group.

Outbound

出站

Destination 0.0.0.0/0   
Protocol    All
Port Range  All
Comments    Allow all outbound IPv4 traffic.

Destination ::/0    
Protocol    All     
Port Range  All     
Comments    Allow all outbound IPv6 traffic. This rule is added by default if you create a VPC with an IPv6 CIDR block or if you associate an IPv6 CIDR block with your existing VPC.

Recommended Network ACL Rules for Your VPC

推荐的VPC网络ACL规则

#2


5  

0.0.0.0/0,::/0 - Means source can be any ip address, means from any system request is accepted, 0.0.0.0/0 represents ipv4 and ::/0 represents ipv6. To know CIDR (Classless Inter-Domain Routing) representation see this video - https://www.youtube.com/watch?v=1xsmbe5s6j0

0.0.0.0/0,::/0 - 表示源可以是任何IP地址,表示接受任何系统请求,0.0.0.0/0表示ipv4,:: / 0表示ipv6。要了解CIDR(无类别域间路由)表示,请参阅此视频 - https://www.youtube.com/watch?v=1xsmbe5s6j0


分享到: