VPC.FirewallRule

Element Description

The VPC.FirewallRule element can be used to create ACL rules for subnet access control.

Element Properties

**Table 1** Property Description
Property	Required	Descripiton
enable	No	Whether to enable the ACL rule Type: boolean Value Description: Supports true and false. Default: True Suggestion: Set the value based on specifications and requirements.
protocol	No	Rule protocol Type: string Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used. Suggestion: Set the value based on specifications and requirements.
description	No	ACL rule description Type: string
sourceIpAddr	No	Source IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements.
destIpAddr	No	Destination IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements.
ipVersion	No	IP protocol version Type: integer Value Description: Supports 4. Default: 4 Suggestion: You are advised to leave this parameter blank or set it to 4.
sourcePort	No	Source port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements.
action	No	Action to be performed on the traffic matching the ACL rule Type: string Value Description: Supports ALLOW, DENY, and REJECT. Default: DENY Suggestion: Set the value based on specifications and requirements.
destPort	No	Destination port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements.
name	No	ACL rule name Type: string Value Description: Supports customization. Suggestion: Customize the value.

Relationships Between Elements

None.

Return Value

Property	Type	Description
refID	string	ACL rule ID

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  name:
    default: my-firewall-rule
  protocol:
    default: TCP
  src-port:
    default: 80
  dest-port:
    default: 80
  src-ip:
    type: string
  dest-ip:
    type: string
  action:
    default: ALLOW
node_templates:
  my-rule:
    type: HuaweiCloud.VPC.FirewallRule
    properties:
      name: {get_input: name}
      protocol: {get_input: protocol}
      sourcePort: {get_input: src-port}
      destPort: {get_input: dest-port}
      ipVersion: 4
      sourceIpAddr: {get_input: src-ip}
      destIpAddr: {get_input: dest-ip}
      action: {get_input: action}
      enable: true

Parent topic:List of Elements

Previous topic: VPC.FirewallPolicy.Ingress

Next topic: VPC.SecurityGroup

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.