Querying Network ACL Rules
Function
This API is used to query all network ACL rules accessible to the tenant submitting the request. A maximum of 2000 records can be returned for each query operation. If the number of records exceeds 2000, the pagination marker will be returned. For details, see section Pagination.
URI
GET /v2.0/fwaas/firewall_rules
Example:
GET https://{Endpoint}/v2.0/fwaas/firewall_rules?name={firewall_rule_name}&tenant_id={tenant_id}&public={is_public}&protocol={protocol}&ip_version={ip_version}&action={action}&enabled={is_enabled}
Example of querying rules by page
GET https://{Endpoint}/v2.0/fwaas/firewall_rules?limit=2&marker=2a193015-4a88-4aa1-84ad-d4955adae707&page_reverse=False
Table 1 describes the parameters.
|
Name |
Mandatory |
Type |
Description |
|---|---|---|---|
|
id |
No |
String |
Specifies that the network ACL rule ID is used as the filtering condition. |
|
name |
No |
String |
Specifies that the network ACL rule name is used as the filtering condition. |
|
description |
No |
String |
Specifies that the network ACL rule description is used as the filtering condition. |
|
ip_version |
No |
Integer |
Specifies that the IP address version is used as the filtering condition. The value can be 4 (IPv4) or 6 (IPv6). |
|
action |
No |
String |
Specifies that the network ACL rule action is used as the filtering condition. The value can be allow or deny. |
|
enabled |
No |
Boolean |
Specifies that the network ACL rule is enabled is used as the filtering condition. The value can be true or false. |
|
tenant_id |
No |
String |
Specifies that the project ID is used as the filtering condition. |
|
marker |
No |
String |
Specifies the start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried. |
|
limit |
No |
Integer |
Specifies the number of records on each page. The value ranges from 0 to intmax. |
Request Message
None
Response Message
|
Parameter |
Type |
Description |
|---|---|---|
|
firewall_rules |
Array of Firewall Rule objects |
Specifies the firewall rule list. For details, see Table 4. A maximum of 2000 records can be returned for each query operation. If the number of records exceeds 2000, the pagination marker will be returned. For details, see section Pagination. |
|
firewall_rules_links |
Array of firewall_rules_link Object |
Specifies the pagination information. For details, see Table 3. |
|
Parameter |
Type |
Description |
|---|---|---|
|
href |
String |
Specifies the API link. |
|
rel |
String |
Specifies the relationship between the API link and the API version. |
|
Attribute |
Type |
Description |
|---|---|---|
|
id |
String |
Specifies the UUID of the network ACL rule. |
|
name |
String |
Specifies the network ACL rule name. |
|
description |
String |
Provides supplementary information about the network ACL rule. |
|
tenant_id |
String |
Specifies the project ID. |
|
public |
Boolean |
Specifies whether the firewall rule can be shared by different tenants. |
|
protocol |
String |
Specifies the IP protocol. |
|
source_port |
String |
Specifies the source port number or port number range. |
|
destination_port |
String |
Specifies the destination port number or port number range. |
|
ip_version |
Integer |
Specifies the IP protocol version. |
|
source_ip_address |
String |
Specifies the source IP address or CIDR block. |
|
destination_ip_address |
String |
Specifies the destination IP address or CIDR block. |
|
action |
String |
Specifies action performed on traffic passing through the network ACL. |
|
enabled |
Boolean |
Specifies whether the network ACL rule is enabled. |
|
project_id |
String |
Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. |
Example:
Example request
GET https://{Endpoint}/v2.0/fwaas/firewall_rules
Example response
{
"firewall_rules": [
{
"protocol": "tcp",
"name": "crhfwruleupdate",
"mode": "normal",
"tenant_id": "f480f5d250824e5fafedcf05acf1419c",
"rule_profile": "",
"enabled": true,
"source_port": null,
"source_ip_address": null,
"destination_ip_address": null,
"firewall_policy_id": "b4f81251-c47a-4fe1-8579-6f9271d015d1",
"action": "deny",
"position": 1,
"ip_version": 4,
"shared": false,
"destination_port": null,
"id": "2a193015-4a88-4aa1-84ad-d4955adae707",
"description": "",
"project_id": "f480f5d250824e5fafedcf05acf1419c"
},
{
"protocol": "tcp",
"name": "update_firewall-role-tommy",
"mode": "mix",
"tenant_id": "a1c6f90c94334bd2953d9a61b8031a68",
"rule_profile": "",
"enabled": false,
"source_port": "20:50",
"source_ip_address": null,
"destination_ip_address": null,
"firewall_policy_id": null,
"action": "deny",
"position": null,
"ip_version": 4,
"shared": true,
"destination_port": "40:60",
"id": "db7a204c-9eb1-40a2-9bd6-ed5cfd3cff32",
"description": "update check parameter",
"project_id": "a1c6f90c94334bd2953d9a61b8031a68"
}
]
}
Status Code
See Status Codes.
Error Code
See Error Codes.
Last Article: Network ACL
Next Article: Querying a Network ACL Rule
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.