From bc0a436a2503b561bcd5a1f76f4d0682a8cd9cc4 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Tue, 19 May 2026 11:56:52 +0200 Subject: [PATCH 1/9] docs(vpc): add network acls how to --- pages/vpc/how-to/use-network-acl.mdx | 41 +++++++++++++++++++ pages/vpc/menu.ts | 4 ++ .../reference-content/understanding-nacls.mdx | 9 +--- 3 files changed, 47 insertions(+), 7 deletions(-) create mode 100644 pages/vpc/how-to/use-network-acl.mdx diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx new file mode 100644 index 0000000000..7a5c31af69 --- /dev/null +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -0,0 +1,41 @@ +--- +title: How to use Network ACLs +description: This page explains how to use network access control lists (NACLs) to manage and secure traffic using routing rules for Scaleway Virtual Private Cloud. +tags: network acl access control list filter block secure traffic +dates: + validation: 2026-05-19 + posted: 2026-05-19 +--- + +A Network **A**ccess **C**ontrol **L**ist (ACL) is a list of stateless rules that allow you to control traffic between the different Private Networks of a VPC. By default, the list is empty, and traffic is therefore unrestricted. + +Read more about the features and behavior of Network ACLs in our [dedicated reference content](/vpc/reference-content/understanding-nacls/). + + + +- A Scaleway account logged into the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization + +## How to create a rule + +1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. + +2. Use the **region selector** at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing. + +3. Click the **Network ACL** tab. A listing of the current rules displays. + +## How to manage a rule + +1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. + +2. Use the **region selector** at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing. + +3. Click the **Network ACL** tab. A listing of the current rules displays. + +## How to delete a rule + +1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. + +2. Use the **region selector** at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing. + +3. Click the **Network ACL** tab. A listing of the current rules displays. \ No newline at end of file diff --git a/pages/vpc/menu.ts b/pages/vpc/menu.ts index fe1ffd56fe..cf6c63c639 100644 --- a/pages/vpc/menu.ts +++ b/pages/vpc/menu.ts @@ -38,6 +38,10 @@ export const vpcMenu = { label: 'Manage routing on a VPC', slug: 'manage-routing', }, + { + label: 'Use Network ACLs', + slug: 'use-network-acls', + }, { label: 'Delete a Private Network', slug: 'delete-private-network', diff --git a/pages/vpc/reference-content/understanding-nacls.mdx b/pages/vpc/reference-content/understanding-nacls.mdx index 08aa2383e4..376d5e841c 100644 --- a/pages/vpc/reference-content/understanding-nacls.mdx +++ b/pages/vpc/reference-content/understanding-nacls.mdx @@ -1,6 +1,6 @@ --- title: Understanding Network ACLs -description: Learn how to Network Access Control Lists (NACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases. +description: Learn how to use Network Access Control Lists (NACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases. tags: vpc nacl network-access-control-list default-rule stateless inbound outbound port dates: validation: 2025-06-09 @@ -10,14 +10,9 @@ import image from './assets/scaleway-nacl-diag-simple.webp' import image2 from './assets/scaleway-nacl-diag-detail.webp' import image3 from './assets/scaleway-nacl-example.webp' - - -NACLs are currently in Public Beta, and configurable only via the [VPC API](https://www.scaleway.com/en/developers/api/vpc/) and developer tools. This feature will be coming soon to the Scaleway console. - - Every VPC has a Network **A**ccess **C**ontrol **L**ist (NACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, at first, the list contains no rules, and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow according to your requirements. -This document sets out general information and best practices about Scaleway VPC NACLs. +This document sets out general information and best practices about Scaleway VPC Network ACLs. To learn how to use Network ACLs, refer to the [dedicated how-to page](/vpc/how-to/use-network-acl/). ## Network ACL overview From a76b85669f29160c6458dab81612ceced5480a74 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Wed, 20 May 2026 14:22:15 +0200 Subject: [PATCH 2/9] docs(object-storage): update --- pages/vpc/how-to/use-network-acl.mdx | 31 +++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index 7a5c31af69..c0963f992c 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -18,13 +18,34 @@ Read more about the features and behavior of Network ACLs in our [dedicated refe ## How to create a rule + +Network ACL rules can target either IPv4 or IPv6 traffic, and are evaluated separately. To apply the same rule to both IPv4 and IPv6 traffic, you must create two separate rules. + + 1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. 2. Use the **region selector** at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing. 3. Click the **Network ACL** tab. A listing of the current rules displays. -## How to manage a rule +4. Click **Edit rules** to enter edition mode. + +5. Click **+ Add IPv4 rule** or **+ Add IPv6 rule** depending on the type of traffic you want to filter. A creation wizard displays. + +6. Fill in the following fields to define your rule: + - **Protocol**: Select the protocol the rule applies to (`All`, `TCP`, `UDP`, or `ICMP`). + - **Source**: Enter the **IP address or range** (in CIDR notation) and the **Port or range** of the traffic source. Tick **All IPs** and/or **All ports** to match any value. + - **Destination**: Enter the **IP address or range** (in CIDR notation) and the **Port or range** of the traffic destination. Tick **All IPs** and/or **All ports** to match any value. + - **Action**: Select **Allow** to permit matching traffic, or **Deny** to block it. + - **Description** (optional): Enter a short description to help identify the rule. + - **Position in list**: Select **Add to top** or **Add to bottom** to set the rule's priority. Rules are evaluated from top to bottom, and the first matching rule applies. + - **Create inverse rule** (optional): Tick this box to automatically create a second rule with the source and destination swapped, to cover return traffic. + +7. Click **Add** to create the rule. The new rule displays in the listing. + +8. Click **Save changes** to apply your modifications. + +## How to manage rules 1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. @@ -32,6 +53,14 @@ Read more about the features and behavior of Network ACLs in our [dedicated refe 3. Click the **Network ACL** tab. A listing of the current rules displays. +4. Click **Edit rules** to enter edition mode. + +5. Use the up and down arrows to arrange the rules as necessary. Rules are evaluated from top to bottom, and the first matching rule applies. + +6. Click **Save changes** once finished. + +Modifications to rules and rule ordering take effect immediately. + ## How to delete a rule 1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. From 3bdf41387a88e662e2d5b5c55813abdee74e2ddf Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Thu, 21 May 2026 14:07:41 +0200 Subject: [PATCH 3/9] docs(vpc): update --- pages/vpc/how-to/use-network-acl.mdx | 8 +++++++- pages/vpc/reference-content/understanding-nacls.mdx | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index c0963f992c..42183d36ed 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -67,4 +67,10 @@ Modifications to rules and rule ordering take effect immediately. 2. Use the **region selector** at the top of the page to filter for the region of the VPC you want to configure, then click its name in the listing. -3. Click the **Network ACL** tab. A listing of the current rules displays. \ No newline at end of file +3. Click the **Network ACL** tab. A listing of the current rules displays. + +4. Click **Edit rules** to enter edition mode. + +5. Click the icon next to the rule you want to delete. + +6. Click **Save changes** to confirm. \ No newline at end of file diff --git a/pages/vpc/reference-content/understanding-nacls.mdx b/pages/vpc/reference-content/understanding-nacls.mdx index 376d5e841c..0bdc73e495 100644 --- a/pages/vpc/reference-content/understanding-nacls.mdx +++ b/pages/vpc/reference-content/understanding-nacls.mdx @@ -46,6 +46,8 @@ When defining a NACL rule, you must enter the following settings: - **Action**: The NACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule. +- **Position in list**: you can choose to add your rule to the **top**, or to the **bottom** of the list. Rules are evaluated from top to bottom, and can be rearranged. + ## Rule priority and application The Network Access Control List should be read from top to bottom. Rules closer to the top of the list are applied first. If traffic matches a rule for an **Allow** or **Deny** action, the action is applied immediately. That traffic is not then subject to any further filtering or any further actions by any rules that follow. From 4fd54dd78274477589b25a2b60ab61b9dfaf87ec Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Thu, 21 May 2026 14:14:33 +0200 Subject: [PATCH 4/9] docs(vpc): update --- .../reference-content/understanding-nacls.mdx | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/pages/vpc/reference-content/understanding-nacls.mdx b/pages/vpc/reference-content/understanding-nacls.mdx index 0bdc73e495..c16e57e7ff 100644 --- a/pages/vpc/reference-content/understanding-nacls.mdx +++ b/pages/vpc/reference-content/understanding-nacls.mdx @@ -1,6 +1,6 @@ --- title: Understanding Network ACLs -description: Learn how to use Network Access Control Lists (NACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases. +description: Learn how to use Network Access Control Lists (network ACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases. tags: vpc nacl network-access-control-list default-rule stateless inbound outbound port dates: validation: 2025-06-09 @@ -10,7 +10,7 @@ import image from './assets/scaleway-nacl-diag-simple.webp' import image2 from './assets/scaleway-nacl-diag-detail.webp' import image3 from './assets/scaleway-nacl-example.webp' -Every VPC has a Network **A**ccess **C**ontrol **L**ist (NACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, at first, the list contains no rules, and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow according to your requirements. +Every VPC has a network **A**ccess **C**ontrol **L**ist (network ACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, the list contains no rules, and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow according to your requirements. This document sets out general information and best practices about Scaleway VPC Network ACLs. To learn how to use Network ACLs, refer to the [dedicated how-to page](/vpc/how-to/use-network-acl/). @@ -18,33 +18,33 @@ This document sets out general information and best practices about Scaleway VPC Every Scaleway VPC has a Network ACL. In its initial state, it contains no rules. Thanks to [managed routing](/vpc/reference-content/understanding-routing/), which automatically routes traffic between Private Networks, traffic is freely routed between the Private Networks of the VPC. -When you start adding rules to your NACL, traffic flow is restricted between certain sources and destinations within the VPC, according to the rules you set. A default rule is added to the NACL, which dictates the action to take on traffic that does not match any rules in the list: it can either be **allowed** or **denied**. +When you start adding rules to your network ACL, traffic flow is restricted between certain sources and destinations within the VPC, according to the rules you set. A default rule is added to the network ACL, which dictates the action to take on traffic that does not match any rules in the list: it can either be **allowed** or **denied**. - + -NACL rules are stateless, meaning that the state of connections is not tracked, and return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic. +Network ACL rules are stateless, meaning that the state of connections is not tracked, and return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic. -NACLs only control traffic as it enters or exits the Private Network(s) of a VPC. They do not: +Network ACLs only control traffic as it enters or exits the Private Network(s) of a VPC. They do not: - Filter traffic between resources attached to the same Private Network - Filter traffic from/to the public internet (for this, use [security groups](/instances/how-to/use-security-groups/) for Instances, or equivalent features for [other resource types](/ipam/reference-content/)). -The diagram below shows how a NACL allows an Instance on Private Network A to send a packet to an Instance on Private Network B. +The diagram below shows how a network ACL allows an Instance on Private Network A to send a packet to an Instance on Private Network B. However, an Instance on Private Network B is blocked from sending a packet to an Instance on Private Network A, because no specific rules allow it to do so, and the default rule is set to `Deny`. - + -## NACL rule configuration +## Network ACL rule configuration -When defining a NACL rule, you must enter the following settings: +When defining a network ACL rule, you must enter the following settings: -- **IP version**: Either IPv4 or IPv6. The rule will apply only to traffic matching this IP version, meaning that in effect, each VPC has two NACLs: one for IPv4 and one for IPv6. If you want to create an equivalent rule for the other IP version, you must do so separately. +- **IP version**: Either IPv4 or IPv6. The rule will apply only to traffic matching this IP version, meaning that in effect, each VPC has two network ACLs: one for IPv4 and one for IPv6. If you want to create an equivalent rule for the other IP version, you must do so separately. - **Protocol**: Either `TCP`, `UDP`, or `ICMP`. The rule will apply only to traffic matching this protocol. Alternatively, you can choose to apply it to traffic matching any protocol. - **Source** and **destination**: The rule will apply to traffic originating from this source and being sent to this destination. For both, enter an IP range in [CIDR format](/vpc/concepts/#cidr-block), and a port or port range. Alternatively, you can opt for the rule to apply to all IPs and/or all ports. -- **Action**: The NACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule. +- **Action**: The network ACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule. - **Position in list**: you can choose to add your rule to the **top**, or to the **bottom** of the list. Rules are evaluated from top to bottom, and can be rearranged. @@ -54,35 +54,35 @@ The Network Access Control List should be read from top to bottom. Rules closer ## Statelessness -**NACL rules are stateless**. This means the state of connections is not tracked, and inbound and outbound traffic is filtered separately. Return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic. +**Network ACL rules are stateless**. This means the state of connections is not tracked, and inbound and outbound traffic is filtered separately. Return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic. Therefore, if you create a rule to allow traffic in one direction, you may also need a separate rule to allow the response in the opposite direction. ## Default rule -Each NACL must have a default rule, which applies its action to all traffic that did not match any other rules in the list. +Each network ACL must have a default rule, which applies its action to all traffic that did not match any other rules in the list. Best practice is to set your default rule to **Deny**, and use the **Allow** action for all other rules. This way, you have fine-grained control over the traffic allowed to flow, and all other traffic is blocked by default. Nonetheless, you can choose to set your default rule to **Allow** if you wish. In this case, all other rules in the list should use the **Deny** action, to filter out the specific traffic you want to block. All other traffic will be permitted by the default rule. -## NACL example +## Network ACL example -The table below shows an example of a NACL for IPv4 traffic: +The table below shows an example of a network ACL for IPv4 traffic: - + - A number of TCP rules allow connections to the specific ports necessary for SSH, HTTP, and HTTPS traffic. These rules allow all IPv4 sources within the VPC to connect to these ports, for all IPv4 destinations. - An ICMP rule allows all ICMP traffic from/to all IPv4 addresses on all ports, effectively permitting all ping requests within the VPC to function. -- A TCP rule allows PostgreSQL access on port 5432 from one Private Network (172.16.2.0.5/22) to another Private Network (172.16.8.0/22). An **inverse rule** also allows PostgreSQL access from Private Network B to A. +- A TCP rule allows PostgreSQL access on port 5432 from one Private Network (172.16.20.5/22) to another Private Network (172.16.8.0/22). An **inverse rule** also allows PostgreSQL access from Private Network B to A. - A TCP rule allows connections from all IPv4 sources to all IPv4 destinations on the port range `32768-65535`, effectively allowing all return (incoming) traffic towards ephemeral ports. - The default rule blocks all traffic not explicitly allowed by one of the rules above. -## NACL limitations +## Network ACL limitations Network ACLs cannot be used to block or filter the traffic to or from the following: @@ -92,13 +92,13 @@ Network ACLs cannot be used to block or filter the traffic to or from the follow - Kubernetes Kapsule task metadata endpoints - License activation for Windows installation on Elastic Metal or Instances -NACLs have the same resource limitations as [VPC routing](/vpc/reference-content/understanding-routing/#limitations). +Network ACLs have the same resource limitations as [VPC routing](/vpc/reference-content/understanding-routing/#limitations). -NACLs are currently available only via the Scaleway API and developer tools. They are not yet available in the Scaleway console. +Network ACLs are currently available only via the Scaleway API and developer tools. They are not yet available in the Scaleway console. -## NACL quotas +## Network ACL quotas -NACL quotas are as follows: +Network ACL quotas are as follows: - A maximum of 255 rules for IPv4 (per VPC) - A maximum of 255 rules for IPv6 (per VPC) From 2176374c01d590b6159c8f5491b5d89f2f7832f1 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Thu, 21 May 2026 14:35:05 +0200 Subject: [PATCH 5/9] docs(vpc): update --- .../vpc/reference-content/understanding-nacls.mdx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pages/vpc/reference-content/understanding-nacls.mdx b/pages/vpc/reference-content/understanding-nacls.mdx index c16e57e7ff..5341e069eb 100644 --- a/pages/vpc/reference-content/understanding-nacls.mdx +++ b/pages/vpc/reference-content/understanding-nacls.mdx @@ -1,7 +1,7 @@ --- title: Understanding Network ACLs description: Learn how to use Network Access Control Lists (network ACL) to filter inbound and outbound traffic between the different Private Networks of your VPC. Understand concepts, best practices, and key use cases. -tags: vpc nacl network-access-control-list default-rule stateless inbound outbound port +tags: vpc nacl network access control list default rule stateless inbound outbound port dates: validation: 2025-06-09 posted: 2025-03-26 @@ -22,8 +22,6 @@ When you start adding rules to your network ACL, traffic flow is restricted betw -Network ACL rules are stateless, meaning that the state of connections is not tracked, and return traffic is not automatically allowed just because the outbound request was allowed. Explicit rules are required for each direction of traffic. - Network ACLs only control traffic as it enters or exits the Private Network(s) of a VPC. They do not: - Filter traffic between resources attached to the same Private Network - Filter traffic from/to the public internet (for this, use [security groups](/instances/how-to/use-security-groups/) for Instances, or equivalent features for [other resource types](/ipam/reference-content/)). @@ -38,13 +36,13 @@ However, an Instance on Private Network B is blocked from sending a packet to an When defining a network ACL rule, you must enter the following settings: -- **IP version**: Either IPv4 or IPv6. The rule will apply only to traffic matching this IP version, meaning that in effect, each VPC has two network ACLs: one for IPv4 and one for IPv6. If you want to create an equivalent rule for the other IP version, you must do so separately. +- **IP version**: Either IPv4 or IPv6. The rule applies only to traffic matching this IP version, meaning that in effect, each VPC has two network ACLs: one for IPv4 and one for IPv6. If you want to create an equivalent rule for the other IP version, you must do so separately. -- **Protocol**: Either `TCP`, `UDP`, or `ICMP`. The rule will apply only to traffic matching this protocol. Alternatively, you can choose to apply it to traffic matching any protocol. +- **Protocol**: Either `TCP`, `UDP`, or `ICMP`. The rule applies only to traffic matching this protocol. Alternatively, you can choose to apply it to traffic matching any protocol. -- **Source** and **destination**: The rule will apply to traffic originating from this source and being sent to this destination. For both, enter an IP range in [CIDR format](/vpc/concepts/#cidr-block), and a port or port range. Alternatively, you can opt for the rule to apply to all IPs and/or all ports. +- **Source** and **destination**: The rule applies to traffic originating from this source and being sent to this destination. For both, enter an IP range in [CIDR format](/vpc/concepts/#cidr-block), and a port or port range. Alternatively, you can opt for the rule to apply to all IPs and/or all ports. -- **Action**: The network ACL will either **Allow** (accept) or **Deny** (drop) traffic that matches the rule. +- **Action**: The network ACL either **allows** (accepts) or **denies** (drops) traffic that matches the rule. - **Position in list**: you can choose to add your rule to the **top**, or to the **bottom** of the list. Rules are evaluated from top to bottom, and can be rearranged. @@ -64,7 +62,7 @@ Each network ACL must have a default rule, which applies its action to all traff Best practice is to set your default rule to **Deny**, and use the **Allow** action for all other rules. This way, you have fine-grained control over the traffic allowed to flow, and all other traffic is blocked by default. -Nonetheless, you can choose to set your default rule to **Allow** if you wish. In this case, all other rules in the list should use the **Deny** action, to filter out the specific traffic you want to block. All other traffic will be permitted by the default rule. +Nonetheless, you can choose to set your default rule to **Allow** if you wish. In this case, all other rules in the list should use the **Deny** action, to filter out the specific traffic you want to block. All other traffic is permitted by the default rule. ## Network ACL example From ffe600bd2d537fe52f7cb605e1c86b3e13b785d2 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Thu, 21 May 2026 14:37:46 +0200 Subject: [PATCH 6/9] docs(vpc): update --- pages/vpc/how-to/use-network-acl.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index 42183d36ed..b37cfc84ab 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -61,6 +61,10 @@ Network ACL rules can target either IPv4 or IPv6 traffic, and are evaluated sepa Modifications to rules and rule ordering take effect immediately. + +Remember to apply the same rule to the other IP version if required. + + ## How to delete a rule 1. Click **VPC** in the **Network** section of the [Scaleway console](https://console.scaleway.com/organization) side menu. A listing of your VPCs displays. From f65ec1c056daf61b3484703199fafe70e276b176 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Thu, 21 May 2026 14:45:11 +0200 Subject: [PATCH 7/9] docs(vpc): update --- pages/vpc/how-to/use-network-acl.mdx | 2 ++ pages/vpc/menu.ts | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index b37cfc84ab..052f434880 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -7,6 +7,8 @@ dates: posted: 2026-05-19 --- +import Requirements from '@macros/iam/requirements.mdx' + A Network **A**ccess **C**ontrol **L**ist (ACL) is a list of stateless rules that allow you to control traffic between the different Private Networks of a VPC. By default, the list is empty, and traffic is therefore unrestricted. Read more about the features and behavior of Network ACLs in our [dedicated reference content](/vpc/reference-content/understanding-nacls/). diff --git a/pages/vpc/menu.ts b/pages/vpc/menu.ts index cf6c63c639..6a3c7d17c2 100644 --- a/pages/vpc/menu.ts +++ b/pages/vpc/menu.ts @@ -40,7 +40,7 @@ export const vpcMenu = { }, { label: 'Use Network ACLs', - slug: 'use-network-acls', + slug: 'use-network-acl', }, { label: 'Delete a Private Network', From f027e2f4f545d2dfa7ea55294ff8286762f63cf3 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Thu, 21 May 2026 15:29:32 +0200 Subject: [PATCH 8/9] Apply suggestion from @SamyOubouaziz --- pages/vpc/how-to/use-network-acl.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index 052f434880..73b2ef1618 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -1,6 +1,6 @@ --- title: How to use Network ACLs -description: This page explains how to use network access control lists (NACLs) to manage and secure traffic using routing rules for Scaleway Virtual Private Cloud. +description: This page explains how to use network access control lists (ACLs) to manage and secure traffic using routing rules for Scaleway Virtual Private Cloud. tags: network acl access control list filter block secure traffic dates: validation: 2026-05-19 From 25c49e203a6bbbb9ff84fffdcc66aa8c14a145ed Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Thu, 21 May 2026 15:30:08 +0200 Subject: [PATCH 9/9] Apply suggestions from code review Co-authored-by: vanda-scw --- pages/vpc/how-to/use-network-acl.mdx | 6 +++--- pages/vpc/reference-content/understanding-nacls.mdx | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pages/vpc/how-to/use-network-acl.mdx b/pages/vpc/how-to/use-network-acl.mdx index 73b2ef1618..ac6c14f5ca 100644 --- a/pages/vpc/how-to/use-network-acl.mdx +++ b/pages/vpc/how-to/use-network-acl.mdx @@ -30,7 +30,7 @@ Network ACL rules can target either IPv4 or IPv6 traffic, and are evaluated sepa 3. Click the **Network ACL** tab. A listing of the current rules displays. -4. Click **Edit rules** to enter edition mode. +4. Click **Edit rules** to enter edit mode. 5. Click **+ Add IPv4 rule** or **+ Add IPv6 rule** depending on the type of traffic you want to filter. A creation wizard displays. @@ -55,7 +55,7 @@ Network ACL rules can target either IPv4 or IPv6 traffic, and are evaluated sepa 3. Click the **Network ACL** tab. A listing of the current rules displays. -4. Click **Edit rules** to enter edition mode. +4. Click **Edit rules** to enter edit mode. 5. Use the up and down arrows to arrange the rules as necessary. Rules are evaluated from top to bottom, and the first matching rule applies. @@ -75,7 +75,7 @@ Remember to apply the same rule to the other IP version if required. 3. Click the **Network ACL** tab. A listing of the current rules displays. -4. Click **Edit rules** to enter edition mode. +4. Click **Edit rules** to enter edit mode. 5. Click the icon next to the rule you want to delete. diff --git a/pages/vpc/reference-content/understanding-nacls.mdx b/pages/vpc/reference-content/understanding-nacls.mdx index 5341e069eb..46715ff3b7 100644 --- a/pages/vpc/reference-content/understanding-nacls.mdx +++ b/pages/vpc/reference-content/understanding-nacls.mdx @@ -10,7 +10,7 @@ import image from './assets/scaleway-nacl-diag-simple.webp' import image2 from './assets/scaleway-nacl-diag-detail.webp' import image3 from './assets/scaleway-nacl-example.webp' -Every VPC has a network **A**ccess **C**ontrol **L**ist (network ACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, the list contains no rules, and therefore traffic is allowed to flow unrestrictedly. You can add rules to restrict traffic flow according to your requirements. +Every VPC has a network **A**ccess **C**ontrol **L**ist (network ACL). This list is composed of stateless rules to control the flow of traffic between the Private Networks of the VPC. By default, the list contains no rules, and therefore traffic is allowed to flow without restriction. You can add rules to restrict traffic flow according to your requirements. This document sets out general information and best practices about Scaleway VPC Network ACLs. To learn how to use Network ACLs, refer to the [dedicated how-to page](/vpc/how-to/use-network-acl/). @@ -44,7 +44,7 @@ When defining a network ACL rule, you must enter the following settings: - **Action**: The network ACL either **allows** (accepts) or **denies** (drops) traffic that matches the rule. -- **Position in list**: you can choose to add your rule to the **top**, or to the **bottom** of the list. Rules are evaluated from top to bottom, and can be rearranged. +- **Position in list**: You can choose to add your rule to the **top**, or to the **bottom** of the list. Rules are evaluated from top to bottom, and can be rearranged. ## Rule priority and application