From Public Internet and Datacenter
This example above shows, how Security Groups provide aditional control of the access to diffrent servers. The Security Groups have only „allow“ rules an dno „deny“ rules. The default value is always no inbound traffic is allowed and all outbound traffic is allowed. The rules allow responses from allowed inbound traffic.