Limit (filter) traffic by MAC address
Hello
Please advisde is there any method to limit or filter ingress traffic to instance except to use iptables or AWS Network Firewall? I considered acl first as an option, but i do not see there mac address as an option in the list of supoorted protocols. :(
- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
As far as I know, there is no ability to filter MAC addresses in the AWS configuration.
Basically, I believe that communication to EC2 is controlled at the IP level using security groups.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/infrastructure-security.html
Almost all traffic to and from EC2 instances is at the IP (layer 3) level. The exception is for traffic between instances within your VPC that are on the same subnet.
Therefore, there's no option to filter traffic at the MAC (layer 2) level in AWS Network Firewall, Security Groups or NACLs - they are all used to filter traffic at layer 3 and above.
You can use operating system-based features to filter at layer 2 but traffic from outside the subnet where instance is hosted will all appear to come from the MAC address of the router on the subnet (which is emulated in any case in your VPC - but it has a static MAC address).
Why do you want to filter by MAC address? What are you trying to achieve?
関連するコンテンツ
AWS公式更新しました 1年前
Thanks, but to use ip restrictions is not an option for us, and vpn as well.