Networking Intermediate

What is Network ACL?

A set of rules that control inbound and outbound traffic at the subnet level, acting as a stateless firewall in cloud and enterprise networks.

Network Access Control Lists filter traffic at the subnet boundary based on IP addresses, ports, and protocols. Unlike security groups (which are stateful — return traffic is automatically allowed), network ACLs are stateless — both inbound and outbound rules must explicitly allow traffic. Rules are evaluated in order by rule number, with the first match determining the action (allow or deny). In AWS, network ACLs protect VPC subnets and complement security groups for defense-in-depth. Enterprise switches use ACLs to segment network traffic between VLANs. Best practice follows deny-by-default, allowing only necessary traffic paths.

Learn More About This Topic

Linux Networking Fundamentals

Related reading

Network Fundamentals

Related reading

Network Security Basics

Related reading

Related Terms

SNMP (Simple Network Management Protocol)

A protocol for monitoring and managing network devices like routers, switches, servers, and printers remotely.

A device or software that distributes network traffic across multiple servers to ensure reliability and performance.

A network routing technique where the same IP address is announced from multiple locations, directing users to the nearest server.

BGP (Border Gateway Protocol)

The routing protocol that makes the internet work by exchanging routing information between autonomous systems.

Two transport layer protocols: TCP provides reliable, ordered delivery while UDP provides fast, connectionless delivery without guarantees.

An intermediary server that forwards requests between clients and destination servers, providing caching, filtering, or anonymity.

View All Networking Terms →