Confused about DreamCompute Security Group rule priority

dreamcompute

#1

RE: this default subset of security group rules, I’m confused about why the second IPV4 rule to allow All doesn’t override the first rule to only allow my IP. How do we properly read that? Or… are we expected to add new rules to allow ingress and then remove that global rule? Thanks.
image


#2

Are you saying that you want to open access to a single IP but despite the rule Ingress allow 0.0.0.0/0 SSH, SSH is denied from IPs other than 6****/32? Try to rephrase this please, explain what you expect to happen and what happens instead.


#3

Um, that was a brainfart, very sorry. I wasn’t reading the CIDR right, thinking 0.0.0.0/0 was equivalent to an Allow for an equivalent subnet notation of 255.255.255.255 … which is insane.

So those rules combined say : Allow No IPs, and then Allow only my one address (full 32 bits).

What I’m not understanding (and this was the gist of my OP) is if the order of the rules matter. I’d assume not, since the Block All rule here follows the Allow One IP rule.

Thanks


#4

The order of the security group rules doesn’t matter.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.