Modifying a Network ACL Rule

Scenarios

If a network ACL rule no longer meets your requirements, you can modify the port, protocol, and source/destination it.

Modifying rules may affect how and where traffic is directed. Be careful with this operation as it may interrupt services.

Notes and Constraints

Default network ACL rules cannot be modified or deleted.

Procedure

Go to the network ACL list page.
In the network ACL list, locate the target network ACL and click its name.
The network ACL summary page is displayed.

Click the Inbound Rules or Outbound Rules tab, locate the target rule, click Modify in the Operation column, and modify parameters based on Table 1.

**Table 1** Parameter descriptions
Parameter	Description	Example Value
Type	Network ACL type. There are two options: IPv4 IPv6	IPv4
Action	The action for the network ACL rule. There are two options: Allow: allows matched traffic in and out of a subnet. Deny: denies matched traffic in and out of a subnet.	Allow
Protocol	The protocol supported by the network ACL to match traffic. The value can be TCP, UDP, or ICMP.	TCP
Source	The source from which the traffic is allowed or denied. The source can be: IP address Single IP address: IP address/mask Example IPv4 address: 192.168.10.10/32 Example IPv6 address: 2002:50::44/128 IP address range in CIDR notation: IP address/mask Example IPv4 address range: 192.168.52.0/24 Example IPv6 address range: 2407:c080:802:469::/64 Any IP addresses 0.0.0.0/0 represents any IPv4 addresses. ::/0 represents any IPv6 address. IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in an easier way. Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group.	192.168.0.0/24
Source Port Range	The source ports or port ranges used to match traffic. The value ranges from 1 to 65535.	22-30
Destination	The destination to which the traffic is allowed or denied. The destination can be: IP address Single IP address: IP address/mask Example IPv4 address: 192.168.10.10/32 Example IPv6 address: 2002:50::44/128 IP address range in CIDR notation: IP address/mask Example IPv4 address range: 192.168.52.0/24 Example IPv6 address range: 2407:c080:802:469::/64 Any IP addresses 0.0.0.0/0 represents any IPv4 addresses. ::/0 represents any IPv6 address. IP address group: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in an easier way. Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group.	0.0.0.0/0
Destination Port Range	The destination ports or port ranges used to match traffic. The value ranges from 1 to 65535.	22-30
Description	Supplementary information about the network ACL rule. This parameter is optional. The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).	N/A