Does a Security Group rule or Firewall Rule Immediately Take Effect for Its Original Traffic After Being Modified?

2



No. After a security group rule or firewall rule is modified, the new rule may not immediately take effect for its original traffic. Users need to interrupt the original traffic for about 120 seconds for the new rule to take effect for the traffic.



Other related questions:
Which Security Group Rule Has Priority When Multiple Security Group Rules Conflict?

Security group rules use the whitelist mechanism. If multiple security group rules conflict, the union of these rules takes effect.


How Can I Configure Security Group Rules?

Security group rules consist of inbound and outbound rules.

When adding an inbound rule, you can set the source address to a security group or CIDR block. If you want to set the source address to a security group, you can only select security groups from the same VPC as the destination security group.

When adding an outbound rule, you can set the destination address to a security group or CIDR block. If you want to set the destination address to a security group, you can only select security groups from the same VPC as the source security group.

ECSs in security groups in different VPCs cannot communicate with one another. To allow them to communicate, bind EIPs to them and configure security group rules.


What can I do with excess ACL rules used by a blacklist in local attack defense
Excess ACL rules used by a blacklist do not take effect.

What Are the Functions of the Default Security Group Rule?

An inbound security group rule enables external access to ECSs in a security group, and an outbound security group rule enables ECSs in a security group to access external networks.

If no access rule is configured for a security group after an ECS is added to the security group, communication between the ECS and the external network is blocked.

The default inbound rule enables an ECS to be accessed by other ECSs in the same security group, and the default outbound rule enables ECSs in the security group to access external networks.

Security groups cannot resolve the problems caused by network faults or incorrect network configuration. For example, when two ECSs cannot communicate with each other due to a network problem, a security group rule will also not allow them to communicate.


If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top