VPC.FirewallRule

Updated on 2023-08-11 GMT+08:00

View PDF

Element Description

The VPC.FirewallRule element can be used to create ACL rules for subnet access control.

Element Properties

**Table 1** Property Description
Property	Required	Descripiton
enable	No	Whether to enable the ACL rule Type: boolean Value Description: Supports true and false. Default: True Suggestion: Set the value based on specifications and requirements.
protocol	No	Rule protocol Type: string Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used. Suggestion: Set the value based on specifications and requirements.
description	No	ACL rule description Type: string
sourceIpAddr	No	Source IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements.
destIpAddr	No	Destination IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements.
ipVersion	No	IP protocol version Type: integer Value Description: Supports 4. Default: 4 Suggestion: You are advised to leave this parameter blank or set it to 4.
sourcePort	No	Source port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements.
action	No	Action to be performed on the traffic matching the ACL rule Type: string Value Description: Supports ALLOW, DENY, and REJECT. Default: DENY Suggestion: Set the value based on specifications and requirements.
destPort	No	Destination port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements.
name	No	ACL rule name Type: string Value Description: Supports customization. Suggestion: Customize the value.

Relationships Between Elements

None.

Return Value

Property	Type	Description
refID	string	ACL rule ID

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  name:
    default: my-firewall-rule
  protocol:
    default: TCP
  src-port:
    default: 80
  dest-port:
    default: 80
  src-ip:
    type: string
  dest-ip:
    type: string
  action:
    default: ALLOW
node_templates:
  my-rule:
    type: HuaweiCloud.VPC.FirewallRule
    properties:
      name: {get_input: name}
      protocol: {get_input: protocol}
      sourcePort: {get_input: src-port}
      destPort: {get_input: dest-port}
      ipVersion: 4
      sourceIpAddr: {get_input: src-ip}
      destIpAddr: {get_input: dest-ip}
      action: {get_input: action}
      enable: true

Parent topic: List of Elements

Previous topic: VPC.FirewallPolicy.Ingress

Next topic: VPC.SecurityGroup