{"id":37988,"date":"2025-08-04T16:10:22","date_gmt":"2025-08-04T19:10:22","guid":{"rendered":"https:\/\/www.locaweb.com.br\/ajuda\/?post_type=ht_kb&p=37988"},"modified":"2025-08-05T15:59:10","modified_gmt":"2025-08-05T18:59:10","slug":"o-que-sao-as-acls-de-rede-e-como-configura-las","status":"publish","type":"ht_kb","link":"https:\/\/www.locaweb.com.br\/ajuda\/wiki\/o-que-sao-as-acls-de-rede-e-como-configura-las\/","title":{"rendered":"O que s\u00e3o as ACLs de rede e como configur\u00e1-las?"},"content":{"rendered":" \t\t
\r\n \t\t\tInforma\u00e7\u00e3o!<\/span> \t\t\t \t\t\t\t

\r\n \t\t\t\t\tUma <\/span>lista de controle de acesso \u00e0 rede (network ACL)<\/b> \u00e9 uma camada de seguran\u00e7a opcional que atua como um <\/span>firewall para toda uma sub-rede inteira (<\/b>tier<\/i><\/b>)<\/b> dentro da sua VPC.\u00a0<\/span><\/p>\n

Para tra\u00e7ar um paralelo pr\u00e1tico, imagine a portaria de um condom\u00ednio, onde \u00e9 poss\u00edvel visualizar quem circula pelas proximidades, permitindo ou n\u00e3o o acesso \u00e0s casas. No mesmo sentido, as <\/span>regras de sa\u00edda<\/span><\/a> das ACLs seriam as portas das casas, abertas opcionalmente por cada morador.<\/span> \t\t\t\t<\/p>\r\n \t\t\t \t\t\t\r\n \t\t<\/div>\r\n \t\t\n

As principais caracter\u00edsticas de uma Network ACL s\u00e3o:<\/span><\/p>\n

    \n
  1. Atua no n\u00edvel da sub-rede (tier):<\/b> isso significa que as regras se aplicam a todas as VMs que fazem parte daquela camada, mesmo que as m\u00e1quinas virtuais tenham grupos de seguran\u00e7a e firewall pr\u00f3prios.<\/span> <\/li>\n
  2. \u00c9 <\/b>stateless<\/i><\/b> (sem estado):<\/b> n\u00e3o arquivar o estado das conex\u00f5es \u00e9 o atributo mais importante das redes ACL. A seguran\u00e7a e o controle sobre o tr\u00e1fego de informa\u00e7\u00f5es s\u00e3o maiores, pois, mesmo que o usu\u00e1rio tenha permitido tr\u00e1fego de entrada, tamb\u00e9m precisar\u00e1 criar uma <\/span>regra expl\u00edcita de sa\u00edda<\/b>, consentindo o tr\u00e1fego de resposta, e vice-versa.<\/span> <\/li>\n
  3. Utiliza regras numeradas:<\/b> as regras estabelecidas pelos usu\u00e1rios s\u00e3o numeradas e processadas em ordem, do menor para o maior n\u00famero. O sistema aplica automaticamente a primeira regra que corresponde ao tr\u00e1fego, ignorando as demais.<\/span> <\/li>\n
  4. Funciona na l\u00f3gica de permitir ou negar:<\/b> o usu\u00e1rio estabelece regras tanto para permitir quanto para negar explicitamente o tr\u00e1fego.<\/span> <\/li>\n
  5. Opera por nega\u00e7\u00e3o impl\u00edcita:<\/b> toda a ACL possui um regra padr\u00e3o, que n\u00e3o pode ser modificada, de negar todo o tr\u00e1fego que n\u00e3o atenda a nenhum dos quesitos anteriores.\u00a0<\/span><\/li>\n<\/ol>\n

     <\/p>\n \t\t

    \r\n \t\t\tImportante!<\/span> \t\t\t \t\t\t\t

    \r\n \t\t\t\t\t<\/p>\n

    Entenda e domine as diferen\u00e7as entre ACL e regras de sa\u00edda. Esta \u00e9 uma compreens\u00e3o fundamental.<\/span><\/p>\n

     <\/p>\n

    Caracter\u00edstica \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ACL de redes\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Regras de sa\u00edda<\/b><\/b><\/p>\n

     <\/p>\n

    N\u00edvel de atua\u00e7\u00e3o\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/b>sub-rede \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 inst\u00e2ncia <\/span>
    \n<\/b> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/b>(tier)\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (VM)<\/span><\/i><\/i><\/p>\n

     <\/p>\n

    Estado\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/b>stateless \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 statefull<\/span><\/i>
    \n<\/span><\/i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (resposta precisa ser permitida) \u00a0 \u00a0 \u00a0 (resposta permitida\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n

    \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0automaticamente)<\/span><\/p>\n

     <\/p>\n

    Aplica\u00e7\u00e3o \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/b>aplica-se a todas as VMs \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 associado a VMs <\/span>
    \n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 na sub-rede\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 espec\u00edficas<\/span><\/p>\n

    \t\t\t\t<\/p>\r\n \t\t\t \t\t\t\r\n \t\t<\/div>\r\n \t\t\n

    Quando usar uma Network ACL?<\/b><\/h2>\n

    Utilizada em conjunto com as regras de sa\u00edda, a lista de controle de acesso \u00e0 rede funciona como uma <\/span>camada de defesa adicional<\/b>. Sua utiliza\u00e7\u00e3o \u00e9 indicada para:<\/span><\/p>\n