AWS network ACL deny rule

To block full access from an list of IP’s within AWS:

$ count=0; for i in `cat ips.txt`
count=$((count + 1)) && aws ec2 create-network-acl-entry --network-acl-id acl-XXXXXXXX --ingress --rule-number $count --protocol all --port-range From=0,To=65535 --cidr-block $i/32 --rule-action deny

In where ips.txt is a file containing the IP addresses, for example:


The default limit for a single network ACL rules set by AWS is 20 for ingress and 20 for egress rules including the default rules. The network ACL should not be used as a Firewall, depending on the use case is better to use a CDN, WAF, vm-firewall, etc.