- What's New
- Service Overview
- Getting Started
- User Guide
-
Template Reference
- Resource Formation Service
-
Application Orchestration Service
- Template Introduction
-
List of Elements
- Resource Indexes
- AntiDDos.Service
- AOS.Batch
- AOS.Stack
- APIG.API
- APIG.ApiGroup
- APIG.Throttle
- APM.AutoScaler
- APM.Pinpoint
- CCE.Addon.AutoScaler
- CCE.Cluster
- CCE.ConfigMap
- CCE.DaemonSet
- CCE.Deployment
- CCE.HelmRelease
- CCE.Ingress
- CCE.Job
- CCE.NodePool
- CCE.Pod
- CCE.Secret
- CCE.Service
- CCE.StatefulSet
- CCE.Storage.EVS
- CCE.Storage.OBS
- CCE.Storage.SFS
- CCI.ConfigMap
- CCI.Deployment
- CCI.Ingress
- CCI.Job
- CCI.Namespace
- CCI.Secret
- CCI.Service
- CCI.StatefulSet
- CCI.Storage.EVS
- CCI.Storage.SFS
- CDN.Cache
- CDN.Domain
- CDN.Host
- CDN.Https
- CDN.PreheatJob
- CDN.Referer
- CDN.RefreshJob
- CDN.Source
- DBSS.Instance
- DCS.Redis
- DDS.CommunityReplicaSetOrSingle
- DIS.Stream
- ECS.CloudServer
- ECS.ServerGroup
- ECS.KeyPair
- EVS.NonSharedVolume
- EVS.SharedVolume
- FGS.ApigEventMap
- FGS.CtsEventMap
- FGS.DisEventMap
- FGS.DmsEventMap
- FGS.Function
- FGS.LtsEventMap
- FGS.ObsEventMap
- FGS.TimerEventMap
- FGS.SmnEventMap
- HSS.Instance
- IAM.Agency
- IAM.UserGroup
- MRS.Cluster
- NAT.Instance
- NAT.SNatRule
- OBS.Bucket
- RDS.MySQL
- RDS.MySQL.DataBase
- RDS.MySQL.User
- RDS.PostgreSQL
- SCM.Cert
- ServiceStage.Agent
- ServiceStage.AppGroup
- ServiceStage.ContainerComponent
- ServiceStage.Job
- ServiceStage.StatefulApplication
- ServiceStage.StatelessApplication
- SFS.FileSystem
- SMN.Subscription
- SMN.Topic
- ULB.Healthmonitor
- ULB.Listener
- ULB.LoadBalancer
- ULB.Member
- ULB.Pool
- VPCEndpoint.Endpoint
- VPCEndpoint.EndpointService
- VPC.EIP
- VPC.FirewallGroup
- VPC.FirewallPolicy.Egress
- VPC.FirewallPolicy.Ingress
- VPC.FirewallRule
- VPC.SecurityGroup
- VPC.SecurityGroupRule
- VPC.Subnet
- VPC.VIP
- VPC.VPC
- VSS.WebScan
- WAF.service
-
Data Structure
- AOS.BatchItem
- APIG.BackendApi
- APIG.FuncInfo
- APIG.MockInfo
- APM.AutoscalerAction
- APM.AutoscalerActionParameters
- APM.AutoscalerCondition
- APM.AutoscalerRule
- Basic.KeyValuePair
- Basic.Label
- Basic.LabelSelector
- Basic.NameAndSecretValue
- Basic.NameKeyPair
- Basic.NameValuePair
- CCE.Addon.AutoScaler.Node
- CCE.DataVolume
- CCE.HelmChart
- CCE.Labels
- CCE.NodePool
- CCE.PublicIP
- CCI.Network
- CDN.Source
- CDN.CacheRule
- DCS.InstanceBackupPolicy
- DCS.PeriodicalBackupPlan
- DDS.BackupStrategy
- DDS.CommunityReplicaSetOrSingleMode.Flavor
- DDS.DDSCommunity.DataStore
- DDS.DDSCommunityReplicaOrSingle.Flavor
- ECS.DataVolume
- ECS.EIP
- ECS.ExtendParam
- ECS.MountedVolumes
- ECS.NICS
- ECS.Personality
- ECS.PublicIP
- ECS.RootVolume
- ECS.SecurityGroup
- ECS.ServerTags
- ECS.VolumeExtendParam
- EVS.Metadata
- FGS.Environment
- FGS.OBSFilter
- FGS.VpcConfig
- IAM.Agency.Role
- K8S.PodSecurityContext
- K8S.SecurityContext.SeLinuxOptions
- MRS.BootstrapScripts
- MRS.Components
- MRS.TaskNodeGroups
- MRS.Tags
- MySQL.DBUser
- MySQL.DBLinkedUser
- MySQL.DataBase
- MySQL.DataStore
- MySQL.UserDatabase
- PostgreSQL.DataStore
- RDS.BackupStrategy
- RDS.HA
- RDS.HA.Mysql
- RDS.HA.PostgreSQL
- RDS.Volume
- ULB.StickySession
- VPCEndpoint.Ports
- VPC.BandWidth
- VPC.PublicIP
- VSS.Resource
- WAF.Bandwidth
- WAF.Domain
- WAF.Service
- Appendix
-
API Reference
- Before You Start
-
Resource Formation APIs
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
- Application Orchestration APIs
- Appendix
- FAQs
VPC.FirewallRule
Element Description
The VPC.FirewallRule element can be used to create ACL rules for subnet access control.
Element Properties
Property |
Required |
Descripiton |
---|---|---|
enable |
No |
Whether to enable the ACL rule Type: boolean Value Description: Supports true and false. Default: True Suggestion: Set the value based on specifications and requirements. |
protocol |
No |
Rule protocol Type: string Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used. Suggestion: Set the value based on specifications and requirements. |
description |
No |
ACL rule description Type: string |
sourceIpAddr |
No |
Source IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
destIpAddr |
No |
Destination IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
ipVersion |
No |
IP protocol version Type: integer Value Description: Supports 4. Default: 4 Suggestion: You are advised to leave this parameter blank or set it to 4. |
sourcePort |
No |
Source port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
action |
No |
Action to be performed on the traffic matching the ACL rule Type: string Value Description: Supports ALLOW, DENY, and REJECT. Default: DENY Suggestion: Set the value based on specifications and requirements. |
destPort |
No |
Destination port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
name |
No |
ACL rule name Type: string Value Description: Supports customization. Suggestion: Customize the value. |
Relationships Between Elements
None.
Return Value
Property |
Type |
Description |
---|---|---|
refID |
string |
ACL rule ID |
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0 inputs: name: default: my-firewall-rule protocol: default: TCP src-port: default: 80 dest-port: default: 80 src-ip: type: string dest-ip: type: string action: default: ALLOW node_templates: my-rule: type: HuaweiCloud.VPC.FirewallRule properties: name: {get_input: name} protocol: {get_input: protocol} sourcePort: {get_input: src-port} destPort: {get_input: dest-port} ipVersion: 4 sourceIpAddr: {get_input: src-ip} destIpAddr: {get_input: dest-ip} action: {get_input: action} enable: true
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.