Updated on 2024-10-31 GMT+08:00

Creating a Network ACL

Function

This API is used to create a network ACL.

URI

POST /v3/{project_id}/vpc/firewalls

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

firewall

Yes

CreateFirewallOption object

Request body for creating a network ACL.

dry_run

No

Boolean

  • Whether to only send the check request.

  • The value can be one of the following:

    • true: A check request will be sent and the network ACL will not be created. Check items include mandatory parameters, request format, and constraints. If the check fails, the system returns an error. If the check succeeds, response code 202 will be returned.

    • false (default value): A request will be sent and a network ACL will be created.

Table 3 CreateFirewallOption

Parameter

Mandatory

Type

Description

name

Yes

String

  • Network ACL name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

No

String

  • Description about the network ACL.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

enterprise_project_id

No

String

  • ID of the enterprise project that is associated with the network ACL.

  • The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.

tags

No

Array of ResourceTag objects

  • Network ACL resource tags.

admin_state_up

No

Boolean

  • Whether a network ACL is enabled. The default value is true.

  • The value can be true (enabled) or false (disabled).

Table 4 ResourceTag

Parameter

Mandatory

Type

Description

key

Yes

String

  • Tag key

  • Tag keys must be unique for each resource.

Minimum: 1

Maximum: 128

value

Yes

String

  • Tag value.

Maximum: 255

Response Parameters

Status code: 201

Table 5 Response body parameters

Parameter

Type

Description

firewall

FirewallDetail object

Response body for creating a network ACL.

request_id

String

Request ID.

Table 6 FirewallDetail

Parameter

Type

Description

id

String

  • The unique ID of a network ACL.

  • The value is a string in UUID format.

name

String

  • Network ACL name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

  • Description about the network ACL.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

project_id

String

  • ID of the project that is associated with the network ACL.

created_at

String

  • Time when a network ACL is created.

  • The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.

updated_at

String

  • Time when the network ACL was last updated.

  • The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.

admin_state_up

Boolean

  • Whether a network ACL is enabled.

  • The value can be true (enabled) or false (disabled).

status

String

  • Network ACL status.

enterprise_project_id

String

  • ID of the enterprise project that is associated with the network ACL.

  • The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.

tags

Array of ResourceTag objects

  • Network ACL tags.

associations

Array of FirewallAssociation objects

  • Subnets that are associated with a network ACL.

ingress_rules

Array of FirewallRuleDetail objects

  • Inbound network ACL rules.

egress_rules

Array of FirewallRuleDetail objects

  • Outbound network ACL rules.

Table 7 ResourceTag

Parameter

Type

Description

key

String

  • Tag key

  • Tag keys must be unique for each resource.

Minimum: 1

Maximum: 128

value

String

  • Tag value.

Maximum: 255

Table 8 FirewallAssociation

Parameter

Type

Description

virsubnet_id

String

  • IDs of subnets that are associated with a network ACL.

Table 9 FirewallRuleDetail

Parameter

Type

Description

id

String

  • Network ACL rule ID, which uniquely identifies a network ACL rule.

  • The value is a string in UUID format.

name

String

  • Network ACL rule name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

  • Description about the network ACL rule.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

action

String

  • Whether a network ACL rule allows or denies traffic.

  • allow indicates traffic is allowed and deny that traffic is denied.

project_id

String

  • ID of the project that is associated with a network ACL rule.

protocol

String

  • Network ACL rule protocol.

  • The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255).

ip_version

Integer

  • IP version of a network ACL rule.

  • The value can be 4 (IPv4) or 6 (IPv6).

source_ip_address

String

  • Source IP address or CIDR block of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_ip_address

String

  • Destination IP address or CIDR block of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

source_port

String

  • Source ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

destination_port

String

  • Destination ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

source_address_group_id

String

  • Source IP address group ID of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_address_group_id

String

  • Destination IP address group ID of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

enabled

Boolean

  • Whether to enable a network ACL rule.

  • true means to enable the network ACL rule and false means to disable the network ACL rule.

  • The default value is true.

Example Requests

Create a network ACL named network_acl_test1.

POST https://{Endpoint}/v3/{project_id}/vpc/firewalls

{
  "firewall" : {
    "name" : "network_acl_test1",
    "description" : "network_acl_test1",
    "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9"
  }
}

Example Responses

Status code: 201

Normal response to the POST operation. For more status codes, see Status Codes.

  • {
      "firewall" : {
        "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
        "name" : "network_acl_test1",
        "description" : "network_acl_test1",
        "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
        "created_at" : "2022-04-07T07:30:46.000+00:00",
        "updated_at" : "2022-04-07T07:30:46.000+00:00",
        "admin_state_up" : true,
        "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9",
        "status" : "ACTIVE",
        "tags" : [ ],
        "ingress_rules" : [ ],
        "egress_rules" : [ ],
        "associations" : [ ]
      }
    }

Status Codes

Status Code

Description

201

Normal response to the POST operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.