VPC.FirewallRule
Element Description
The VPC.FirewallRule element can be used to create ACL rules for subnet access control.
Element Properties
|
Property |
Required |
Descripiton |
|---|---|---|
|
enable |
No |
Whether to enable the ACL rule Type: boolean Value Description: Supports true and false. Default: True Suggestion: Set the value based on specifications and requirements. |
|
protocol |
No |
Rule protocol Type: string Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used. Suggestion: Set the value based on specifications and requirements. |
|
description |
No |
ACL rule description Type: string |
|
sourceIpAddr |
No |
Source IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
|
destIpAddr |
No |
Destination IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
|
ipVersion |
No |
IP protocol version Type: integer Value Description: Supports 4. Default: 4 Suggestion: You are advised to leave this parameter blank or set it to 4. |
|
sourcePort |
No |
Source port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
|
action |
No |
Action to be performed on the traffic matching the ACL rule Type: string Value Description: Supports ALLOW, DENY, and REJECT. Default: DENY Suggestion: Set the value based on specifications and requirements. |
|
destPort |
No |
Destination port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
|
name |
No |
ACL rule name Type: string Value Description: Supports customization. Suggestion: Customize the value. |
Relationships Between Elements
None.
Return Value
|
Property |
Type |
Description |
|---|---|---|
|
refID |
string |
ACL rule ID |
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
name:
default: my-firewall-rule
protocol:
default: TCP
src-port:
default: 80
dest-port:
default: 80
src-ip:
type: string
dest-ip:
type: string
action:
default: ALLOW
node_templates:
my-rule:
type: HuaweiCloud.VPC.FirewallRule
properties:
name: {get_input: name}
protocol: {get_input: protocol}
sourcePort: {get_input: src-port}
destPort: {get_input: dest-port}
ipVersion: 4
sourceIpAddr: {get_input: src-ip}
destIpAddr: {get_input: dest-ip}
action: {get_input: action}
enable: true
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
