Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Updating a Network ACL Rule

Updated on 2025-02-06 GMT+08:00

Function

This API is used to update a network ACL rule.

URI

PUT /v3/{project_id}/vpc/firewalls/{firewall_id}/update-rules

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

firewall_id

Yes

String

Unique ID of a network ACL.

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

firewall

Yes

FirewallUpdateRuleOption object

Inbound or outbound network ACL rules to be updated.

Table 3 FirewallUpdateRuleOption

Parameter

Mandatory

Type

Description

ingress_rules

No

Array of FirewallUpdateRuleItemOption objects

  • Inbound network ACL rules to be updated.

  • ingress_rules and egress_rules cannot be specified at the same time. Only one rule can be updated at a time.

egress_rules

No

Array of FirewallUpdateRuleItemOption objects

  • Outbound network ACL rules to be updated.

  • ingress_rules and egress_rules cannot be specified at the same time. Only one rule can be updated at a time.

Table 4 FirewallUpdateRuleItemOption

Parameter

Mandatory

Type

Description

id

Yes

String

  • Network ACL rule ID, which uniquely identifies a network ACL rule.

  • The value is a string in UUID format.

name

No

String

  • Network ACL rule name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

No

String

  • Description about the network ACL rule.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

action

No

String

  • Whether a network ACL rule allows or denies traffic.

  • allow indicates traffic is allowed and deny that traffic is denied.

protocol

No

String

  • Network ACL rule protocol.

  • The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255). any indicates all protocols.

ip_version

No

Integer

  • IP version of a network ACL rule.

  • The value can be 4 (IPv4) or 6 (IPv6).

source_ip_address

No

String

  • Source IP address or CIDR block of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_ip_address

No

String

  • Destination IP address or CIDR block of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

source_port

No

String

  • Source ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

destination_port

No

String

  • Destination ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

source_address_group_id

No

String

  • Source IP address group ID of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_address_group_id

No

String

  • Destination IP address group ID of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

enabled

No

Boolean

  • Whether to enable a network ACL rule.

  • true means to enable the network ACL rule and false means to disable the network ACL rule.

  • The default value is true.

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

firewall

FirewallDetail object

Details after a network ACL rule is updated.

request_id

String

Request ID.

Table 6 FirewallDetail

Parameter

Type

Description

id

String

  • The unique ID of a network ACL.

  • The value is a string in UUID format.

name

String

  • Network ACL name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

  • Description about the network ACL.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

project_id

String

  • ID of the project that is associated with the network ACL.

created_at

String

  • Time when a network ACL is created.

  • The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.

updated_at

String

  • Time when the network ACL was last updated.

  • The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.

admin_state_up

Boolean

  • Whether a network ACL is enabled.

  • The value can be true (enabled) or false (disabled).

status

String

  • Network ACL status.

enterprise_project_id

String

  • ID of the enterprise project that is associated with the network ACL.

  • The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.

tags

Array of ResourceTag objects

  • Network ACL tags.

associations

Array of FirewallAssociation objects

  • Subnets that are associated with a network ACL.

ingress_rules

Array of FirewallRuleDetail objects

  • Inbound network ACL rules.

egress_rules

Array of FirewallRuleDetail objects

  • Outbound network ACL rules.

Table 7 ResourceTag

Parameter

Type

Description

key

String

  • Tag key

  • Tag keys must be unique for each resource.

Minimum: 1

Maximum: 128

value

String

  • Tag value.

Maximum: 255

Table 8 FirewallAssociation

Parameter

Type

Description

virsubnet_id

String

  • IDs of subnets that are associated with a network ACL.

Table 9 FirewallRuleDetail

Parameter

Type

Description

id

String

  • Network ACL rule ID, which uniquely identifies a network ACL rule.

  • The value is a string in UUID format.

name

String

  • Network ACL rule name.

  • The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

  • Description about the network ACL rule.

  • The value can contain no more than 255 characters.

  • The value cannot contain angle brackets (< or >).

action

String

  • Whether a network ACL rule allows or denies traffic.

  • allow indicates traffic is allowed and deny that traffic is denied.

project_id

String

  • ID of the project that is associated with a network ACL rule.

protocol

String

  • Network ACL rule protocol.

  • The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255).

ip_version

Integer

  • IP version of a network ACL rule.

  • The value can be 4 (IPv4) or 6 (IPv6).

source_ip_address

String

  • Source IP address or CIDR block of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_ip_address

String

  • Destination IP address or CIDR block of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

source_port

String

  • Source ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

destination_port

String

  • Destination ports of a network ACL rule.

  • You can specify a single port or a port range. Separate every two entries with a comma.

  • The maximum number of port entries is 20 by default.

source_address_group_id

String

  • Source IP address group ID of a network ACL rule.

  • source_ip_address and source_address_group_id cannot be specified at the same time.

destination_address_group_id

String

  • Destination IP address group ID of a network ACL rule.

  • destination_ip_address and destination_address_group_id cannot be specified at the same time.

enabled

Boolean

  • Whether to enable a network ACL rule.

  • true means to enable the network ACL rule and false means to disable the network ACL rule.

  • The default value is true.

Example Requests

Update the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 in the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/update-rules

{
  "firewall" : {
    "ingress_rules" : [ {
      "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
      "name" : "network_acl_rule test2",
      "description" : "network_acl_rule test2",
      "action" : "allow",
      "protocol" : "tcp",
      "ip_version" : "4",
      "source_ip_address" : "192.168.3.0/24",
      "destination_ip_address" : "192.168.6.0/24",
      "source_port" : "30-40,60-90",
      "destination_port" : "40-60,70-90",
      "source_address_group_id" : null,
      "destination_address_group_id" : null
    } ]
  }
}

Example Responses

Status code: 200

Normal response to the PUT operation. For more status codes, see Status Codes.

  • {
      "firewall" : {
        "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
        "name" : "network_acl_test1",
        "description" : "network_acl_test1",
        "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
        "created_at" : "2022-04-07T07:30:46.000+00:00",
        "updated_at" : "2022-04-07T07:30:46.000+00:00",
        "admin_state_up" : true,
        "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9",
        "status" : "ACTIVE",
        "tags" : [ ],
        "ingress_rules" : [ {
          "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
          "name" : "network_acl_rule test2",
          "description" : "network_acl_rule test2",
          "action" : "allow",
          "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
          "protocol" : "tcp",
          "ip_version" : 4,
          "source_ip_address" : "192.168.3.0/24",
          "destination_ip_address" : "192.168.6.0/24",
          "source_port" : "30-40,60-90",
          "destination_port" : "40-60,70-90"
        } ],
        "egress_rules" : [ {
          "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629",
          "name" : "network_acl_rule test",
          "description" : "network_acl_rule test",
          "action" : "allow",
          "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
          "protocol" : "tcp",
          "ip_version" : 4,
          "source_ip_address" : "192.168.3.0/24",
          "destination_ip_address" : "192.168.6.0/24",
          "source_port" : "30-40,60-90",
          "destination_port" : "40-60,70-90"
        } ],
        "associations" : [ {
          "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143"
        } ]
      }
    }

Status Codes

Status Code

Description

200

Normal response to the PUT operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback