131

In security group, every inbound port I add, two rules are added, one for 0.0.0.0/0, the other ::/0. What do they each mean?

5 Answers5

77

The default route in Internet Protocol Version 4 (IPv4) is designated as the zero-address 0.0.0.0/0 in CIDR notation, often called the quad-zero route. The subnet mask is given as /0, which effectively specifies all networks, and is the shortest match possible.

The other would be for IPv6

Source Default Route

AWS Documentation

Security Groups for Your VPC

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign the instance to up to five security groups. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

Default Security Group for Your VPC

Your VPC automatically comes with a default security group. Each EC2 instance that you launch in your VPC is automatically associated with the default security group if you don't specify a different security group when you launch the instance.

The following table describes the default rules for a default security group.

Inbound

Source      The security group ID (sg-xxxxxxxx)
Protocol    All
Port Range  All
Comments    Allow inbound traffic from instances assigned to the same security group.

Outbound

Destination 0.0.0.0/0   
Protocol    All
Port Range  All
Comments    Allow all outbound IPv4 traffic.

Destination ::/0    
Protocol    All     
Port Range  All     
Comments    Allow all outbound IPv6 traffic. This rule is added by default if you create a VPC with an IPv6 CIDR block or if you associate an IPv6 CIDR block with your existing VPC.

Recommended Network ACL Rules for Your VPC

Nkosi
  • 235,767
  • 35
  • 427
  • 472
62

0.0.0.0/0,::/0 - Means source can be any ip address, means from any system request is accepted, 0.0.0.0/0 represents ipv4 and ::/0 represents ipv6. To know CIDR (Classless Inter-Domain Routing) representation see this video - https://www.youtube.com/watch?v=1xsmbe5s6j0

Chandra
  • 1,249
  • 1
  • 12
  • 15
  • 1
    Getting to know CIDR notation is key. Wikipedia has a helpful overview of the blocks: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks – Jaap Jan 28 '21 at 10:53
49

0.0.0.0/0 refers to all IPv4 addresses and ::/0 refers All IPv6 addresses.

Smitha
  • 555
  • 4
  • 7
5

0.0.0.0 means that any IP either from a local system or from anywhere on the internet can access.

It is everything else other than what is already specified in routing table.

When we add /0 is for the IPv4 whereas ::/0 is for IPv6 is known as CIDR

Coming back to your AWS part, when you define 0.0.0.0/0 or ::/0 that means all the IPv4 and IPv6 ranges respectively can access your AWS service(s).

Ranges for IPv4 is from 0.0.0.0 to 255.255.255.255 where as IPv6 have 2^128 addresses.

Not A Bot
  • 2,474
  • 2
  • 16
  • 33
5

An IP address is built by 32 bits, the slash tells you how many bits are used to identify the network section, the rest of the bits are used for the host. For example, 255.0.0.0/8 tells you 8 bits are for the network and 24 are for the host, so you migth have 16777214 possible IPs comming from that 255 network.

In case of the notation 0.0.0.0/0, it means you dont use any identifier for the network, therefore you have the whole 32 bits for the IP, meanining ALL possible IPs, which means all requests are allowed.

Augusto Diaz
  • 107
  • 1
  • 4
  • This task has already been marked as answered and doesn't add anything that hasn't been saidid. Please avoid reiterating information as new answers, especially in questions already marked as answered. – guzmonne May 09 '21 at 18:46