Example 1: Denying Access from Specific Ports

In this example, you need to prevent WannaCry ransomware attacks and deny access from the port that can be exploited by WannaCry, for example TCP 445. You can add a user-defined network ACL rule to deny all incoming traffic from TCP port 445.

Table 1 lists the inbound rule required.

**Table 1** User-defined network ACL rule
Direction	Policy	Protocol	Source	Source Port Range	Destination	Destination Port Range	Description
Inbound	Deny	TCP	0.0.0.0/0	1-65535	0.0.0.0/0	445	Denies inbound traffic from any IP address through TCP port 445.

Example 2: Allowing Access from Specific Ports and Protocols

In this example, a BMS in a user-defined subnet is used as the web server, and you must allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic.

Table 2 lists the inbound and outbound user-defined network ACL rules required.

**Table 2** User-defined network ACL rules
Direction	Policy	Protocol	Source	Source Port Range	Destination	Destination Port Range	Description
Inbound	Permit	TCP	0.0.0.0/0	1-65535	0.0.0.0/0	80	Allows inbound HTTP traffic from any IP address to BMSs in the user-defined subnet through port 80.
Inbound	Permit	TCP	0.0.0.0/0	1-65535	0.0.0.0/0	443	Allows inbound HTTP traffic from any IP address to BMSs in the user-defined subnet through port 443.
Outbound	Permit	All	0.0.0.0/0	0	0.0.0.0/0	0	Allow all outbound traffic from the user-defined subnet.

Configuration Examples

Example 1: Denying Access from Specific Ports

Example 2: Allowing Access from Specific Ports and Protocols