AWS安全组出口上的协议-1是什么意思?

时间:2017-08-05 08:19:26

标签: amazon-web-services aws-security-group

我了解AWS安全组的egress属性控制出站流量,但有人知道-1的协议是什么意思吗?

resource "aws_security_group" "elb" {
  name = "example-elb”
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp”
    cidr_blocks = [" 0.0.0.0/ 0”]
  }
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = [" 0.0.0.0/ 0"] }
}

1 个答案:

答案 0 :(得分:4)

It's in the documentation:

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp, udp, and icmp, you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.