Creating an ACL Rule
Function
This API is used to create an ACL rule.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/acl-rule
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Definition: Project ID, which is used to specify the project that an asset belongs to. You can query the assets of a project by project ID. You can obtain the project ID from the API or console. For details, see Obtaining a Project ID. Constraints: N/A Range: 32-bit UUID Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
enterprise_project_id |
No |
String |
Definition: Enterprise project ID. If you plan enterprise projects based on your organization's plan, each enterprise project will have such an ID. After this parameter is configured, you can filter assets by enterprise project. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. Constraints: N/A Range: N/A Default Value: 0 |
|
fw_instance_id |
No |
String |
Definition: Firewall ID. It is a unique ID generated after a firewall instance is created. You can obtain the firewall ID by referring to Obtaining a Firewall ID. Constraints: N/A Range: 32-bit UUID Default Value: N/A |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Definition: User token, which carries user identity information. After the token is configured, you can use it for API authentication. You can obtain the token by referring to Obtaining a User Token. Constraints: N/A Range: N/A Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
object_id |
Yes |
String |
Definition: Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a CFW is created. You can obtain the ID by calling the API for querying firewall instances. Find the value in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). Constraints: If type is set to 0, object_id indicates the protected object ID of the Internet border. If type is set to 1, object_id indicates the protected object ID of the VPC border. The value of type can be obtained from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). Range: 32-bit UUID Default Value: N/A |
|
type |
Yes |
Integer |
Definition: Rule type, which is used to distinguish different protected objects. Constraints: N/A Range: 0: Internet border rule. The source and destination addresses must be EIPs or domain names. 1: Inter-VPC rule. The source and destination addresses must be private IP addresses. 2: NAT rule. The source address must be a private IP address, and the destination address must be an EIP or a domain name. Default Value: N/A |
|
rules |
Yes |
Array of rules objects |
Definition: Rule list in a rule addition request. Constraints: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
Yes |
String |
Definition: Rule name, which is defined by a user and is used to identify a rule. Constraints: The string lentgh can be 0 to 255 characters. Range: N/A Default Value: N/A |
|
sequence |
Yes |
OrderRuleAclDto object |
Definition: Change the rule sequence. Constraints: N/A Range: N/A Default Value: N/A |
|
address_type |
Yes |
Integer |
Definition: Internet protocol type of an IP address, which is specified by the customer. Constraints: N/A Range: 0: IPv4; 1: IPv6 Default Value: N/A |
|
action_type |
Yes |
Integer |
Definition: Rule action type, which is used to distinguish the action of a rule on traffic. Constraints: Only 0 and 1 are allowed. Range: 0: permit; 1: deny Default Value: N/A |
|
status |
Yes |
Integer |
Definition: Rule status, which is used to determine whether a rule is enabled. Constraints: Only 0 and 1 are allowed. Range: 0: disable; 1: enable Default Value: N/A |
|
applications |
No |
Array of strings |
Definition: List of protocols that a rule applies to. Constraints: N/A Range: Rule application type. Its value can be HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP. Default Value: N/A |
|
long_connect_time |
No |
Long |
Definition: Duration (in seconds) of a persistent connection, that is, the maximum duration of a traffic session. Constraints: Only numbers are allowed. Range: 1-86,400,000. Default Value: N/A |
|
long_connect_time_hour |
No |
Long |
Definition: Persistent connection duration (in hours). Constraints: Only numbers are allowed. Range: 0-24,000. Default Value: N/A |
|
long_connect_time_minute |
No |
Long |
Definition: Persistent connection duration (in minutes). Constraints: Only numbers are allowed. Range: 0–60 Default Value: N/A |
|
long_connect_time_second |
No |
Long |
Definition: Persistent connection duration (in seconds). Constraints: Only numbers are allowed. Range: 0–60 Default Value: N/A |
|
long_connect_enable |
Yes |
Integer |
Definition: Specifies whether persistent connections are supported. Constraints: N/A Range: 0: not supported; 1: supported Default Value: N/A |
|
description |
No |
String |
Definition: Rule description, which is used to describe the usage of a rule. Constraints: N/A Range: Can contain 0 to 255 characters. Default Value: N/A |
|
direction |
No |
Integer |
Definition: Rule direction. It can be from the cloud to on-premises, or from on-premises to the cloud. Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Range: 0: inbound (on-premises to cloud); 1: outbound (cloud to on-premises). Default Value: N/A |
|
source |
Yes |
RuleAddressDtoForRequest object |
Definition: Source address DTO of a rule. Constraints: N/A |
|
destination |
Yes |
RuleAddressDtoForRequest object |
Definition: Destination address DTO of a rule. Constraints: N/A |
|
service |
Yes |
RuleServiceDto object |
Definition: Service object of a rule. Constraints: N/A |
|
tag |
No |
TagsVO object |
Definition: Tag object of a rule. Constraints: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
dest_rule_id |
No |
String |
Definition: ID of the target rule. After it is configured, the added rules will be placed after this rule. This parameter cannot be left blank when the added rule is not pinned on top, and can be left blank when the added rule is pinned on top. The rule ID can be obtained by calling the API for querying protection rules. Find the value in data.records.rule_id (The period [.] is used to separate different levels of objects). Constraints: If the added rule is not pinned on top, the rule ID specified here must be valid. Range: N/A Default Value: N/A |
|
top |
No |
Integer |
Definition: Whether a rule is pinned on top. Constraints: N/A Range: 0: not pinned; 1: pinned Default Value: N/A |
|
bottom |
No |
Integer |
Definition: Whether a rule is pinned at the bottom. Constraints: N/A Range: 0: not pinned; 1: pinned Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Definition: Input type of the source or destination address Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Range: 0 (manual input), 1 (associated IP address group), 2 (domain name), 3 (geographical location), 4 (domain name group) 5 (multiple objects), 6 (domain name group - network), 7 (domain name group - application). Default Value: N/A |
|
address_type |
No |
Integer |
Definition: IP address protocol type, which is used to distinguish different Internet protocols. Constraints: If type is set to 0 (manual input), this parameter cannot be left blank. Range: Address type: 0 (IPv4); 1: (IPv6) Default Value: N/A |
|
address |
No |
String |
Definition: IP address information, which is used to specify the IP address of the rule. Constraints: If type is set to 0 (manual input), this parameter cannot be left blank. Range: N/A Default Value: N/A |
|
address_set_id |
No |
String |
Definition: ID of the associated IP address group. You can query the IP address group ID by calling the API for querying address groups. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: If type is set to 1 (associated IP address group), this parameter cannot be left blank. Range: N/A Default Value: N/A |
|
address_set_name |
No |
String |
Definition: Name of the associated IP address group. You can query the IP address group name by calling the API for querying address groups. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: If type is set to 1 (associated IP address group), this parameter cannot be left blank. Range: N/A Default Value: N/A |
|
domain_address_name |
No |
String |
Definition: Domain name or domain name group name, which is used to specify the domain name or domain name group name referenced by the rule. Constraints: The value cannot be left blank when type is set to 2 (domain name) or 7 (domain name group - application). The value can contain up to 255 characters. Range: N/A Default Value: N/A |
|
region_list_json |
No |
String |
Definition: JSON value of the rule region list, which is used to specify the region name list referenced by the rule. Constraints: N/A Range: N/A Default Value: N/A |
|
region_list |
No |
Array of IpRegionDto objects |
Definition: Rule region list. Constraints: N/A |
|
domain_set_id |
No |
String |
Definition: Domain group ID, which is used to specify the domain name group referenced by a rule. Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Range: N/A Default Value: N/A |
|
domain_set_name |
No |
String |
Definition: Domain group name, which is used to specify the domain name group referenced by a rule. Its value can be obtained by calling the API for querying the domain name group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application). Range: N/A Default Value: N/A |
|
ip_address |
No |
Array of strings |
Definition: IP address list, which is used to specify the IP address list referenced by a rule. Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Range: N/A Default Value: N/A |
|
address_set_type |
No |
Integer |
Definition: Address group type, which is used to specify the address group type referenced by a rule. Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Range: 0 (user-defined address group), 1 (WAF proxy IP address group), or 3 (NAT64 address group). Default Value: N/A |
|
predefined_group |
No |
Array of strings |
Definition: ID list of predefined address groups. It is used to specify the predefined address group ID list referenced by a rule. Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 1 (predefined address group). Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Range: It value can be 0 (user-defined address group), 1 (WAF proxy IP address group), 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group). Default Value: N/A |
|
address_group |
No |
Array of strings |
Definition: Address group ID list, which is used to specify the list of address group IDs referenced by a rule. Its value can be obtained by calling the API for querying the address group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). In the search criteria, query_address_set_type must be set to 0 (user-defined address group). Constraints: This parameter cannot be left blank when type is set to 5 (multiple objects). Range: N/A Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
region_id |
No |
String |
Definition: Region ID, which is used to specify the region where a rule is used. You can obtain the region ID by referring to Obtaining the Names and IDs of an Account, IAM User, Project, User Group, Region, and Agency. Constraints: N/A Range: N/A Default Value: N/A |
|
description_cn |
No |
String |
Definition: Region description in Chinese, which is used only for China regions and can be obtained from the region information table. Constraints: N/A Range: N/A Default Value: N/A |
|
description_en |
No |
String |
Definition: Region description in English, which is used only for non-China regions and can be obtained from the region information table. Constraints: N/A Range: N/A Default Value: N/A |
|
region_type |
No |
Integer |
Definition: Area type Constraints: N/A Range: 0: country; 1: province; 2: continent Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
Integer |
Definition: Service input type, which is used to specify the service input type of a rule. Constraints: N/A Range: 0: manual input; 1: automatic input Default Value: N/A |
|
protocol |
No |
Integer |
Definition: Service protocol type, which is used to specify the service protocol type referenced by a rule. Constraints: If type is set to 0 (manual), this parameter cannot be left blank. Range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default Value: N/A |
|
protocols |
No |
Array of integers |
Definition: Protocol list, which is used to specify the protocol list referenced by a rule. Constraints: If type is set to 0 (manual), this parameter cannot be left blank. Range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default Value: N/A |
|
source_port |
No |
String |
Definition: Source port, that is, the port of the session initiator. Constraints: N/A Range: N/A Default Value: N/A |
|
dest_port |
No |
String |
Definition: Destination port, that is, the port of the session receiver. Constraints: N/A Range: N/A Default Value: N/A |
|
service_set_id |
No |
String |
Definition: Service group ID, which specifies the service group referenced by a rule. The service group ID can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Range: N/A Default Value: N/A |
|
service_set_name |
No |
String |
Definition: Name of a service (protocol, source port, or destination port) group. It specifies the service group referenced by a rule. It can be obtained by calling the API for querying the service group list. Find the value in data.records.name (The period [.] is used to separate different levels of objects). Constraints: If address is set to 1 (associated IP address group), this parameter cannot be left blank. Range: N/A Default Value: N/A |
|
custom_service |
No |
Array of ServiceItem objects |
Definition: Custom service, which is used to specify the service referenced by a rule. Constraints: N/A Range: N/A Default Value: N/A |
|
predefined_group |
No |
Array of strings |
Definition: ID list of predefined service groups, which is used to specify predefined service groups referenced by a rule. Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: In the search criteria, query_service_set_type must be set to 1 (predefined service group). Range: N/A Default Value: N/A |
|
service_group |
No |
Array of strings |
Definition: Service group ID list, which is used to specify the service groups referenced by a rule. Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: In the search criteria, query_service_set_type must be set to 0 (user-defined service group). Range: N/A Default Value: N/A |
|
service_group_names |
No |
Array of ServiceGroupVO objects |
Definition: Name of a service (protocol, source port, or destination port) group. List. Constraints: N/A |
|
service_set_type |
No |
Integer |
Definition: Service group type, which is used to specify the service group type referenced by a rule. Constraints: N/A Range: 0 (user-defined service group), 1 (common web service), 2 (common remote login and ping), or 3 (common database). Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
protocol |
No |
Integer |
Definition: Protocol type, which is used to specify the network protocol of a rule. Constraints: If RuleServiceDto.type is set to 0, this parameter cannot be left blank. Range: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default Value: N/A |
|
source_port |
No |
String |
Definition: Source port, that is, the port of the session initiator. Constraints: N/A Range: N/A Default Value: N/A |
|
dest_port |
No |
String |
Definition: Destination port, that is, the port of the session receiver. Constraints: N/A Range: N/A Default Value: N/A |
|
description |
No |
String |
Definition: Service (protocol, source port, or destination port) member. Constraints: The value must be a string consisting of 0 to 255 characters. Range: N/A Default Value: N/A |
|
name |
No |
String |
Definition: Service (protocol, source port, or destination port) member. Constraints: The value must be a string consisting of 0 to 255 characters. Range: N/A Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
name |
No |
String |
Definition: Name of a service (protocol, source port, or destination port) group. Constraints: N/A Range: N/A Default Value: N/A |
|
protocols |
No |
Array of integers |
Definition: Protocol List Constraints: N/A Range: Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (Any). Default Value: N/A |
|
service_set_type |
No |
Integer |
Definition: Type of a service (protocol, source port, or destination port) group. Constraints: N/A Range: 0: custom service group; 1: predefined service group Default Value: N/A |
|
set_id |
No |
String |
Definition: Service group ID, which can be obtained by calling the API for querying the service group list. Find the value in data.records.set_id (The period [.] is used to separate different levels of objects). Constraints: N/A Range: N/A Default Value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
tag_id |
No |
String |
Definition: Rule ID Constraints: N/A Range: N/A Default Value: N/A |
|
tag_key |
No |
String |
Definition: Rule tag key. Constraints: N/A Range: N/A Default Value: N/A |
|
tag_value |
No |
String |
Definition: Rule tag value. Constraints: N/A Range: N/A Default Value: N/A |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
data |
RuleIdList object |
Definition: Data of the return value for creating a rule. Constraints: N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
id |
String |
Definition: Rule ID Range: N/A |
|
name |
String |
Definition: Rule Range: N/A |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error description. |
Example Requests
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule
{
"object_id" : "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
"rules" : [ {
"name" : "Test rule.",
"status" : 1,
"action_type" : 0,
"description" : "",
"source" : {
"type" : 0,
"address" : "1.1.1.1"
},
"destination" : {
"type" : 0,
"address" : "2.2.2.2"
},
"service" : {
"type" : 0,
"protocol" : 6,
"source_port" : "0",
"dest_port" : "0"
},
"address_type" : 0,
"tag" : {
"tag_key" : "",
"tag_value" : ""
},
"long_connect_enable" : 0,
"direction" : 0,
"sequence" : {
"top" : 1
}
} ],
"type" : 0
}Example Responses
Status code: 200
Response to the request for creating an ACL rule.
{
"data" : {
"rules" : [ {
"id" : "0475c516-0e41-4caf-990b-0c504eebd73f",
"name" : "testName"
} ]
}
}Status code: 400
Bad Request
{
"error_code" : "CFW.00900016",
"error_msg" : "Import is in progress. Please wait until it is complete."
}SDK Sample Code
The SDK sample code is as follows.
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
package com.huaweicloud.sdk.test;
import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;
import java.util.List;
import java.util.ArrayList;
public class AddAclRuleSolution {
public static void main(String[] args) {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
String ak = System.getenv("CLOUD_SDK_AK");
String sk = System.getenv("CLOUD_SDK_SK");
String projectId = "{project_id}";
ICredential auth = new BasicCredentials()
.withProjectId(projectId)
.withAk(ak)
.withSk(sk);
CfwClient client = CfwClient.newBuilder()
.withCredential(auth)
.withRegion(CfwRegion.valueOf("<YOUR REGION>"))
.build();
AddAclRuleRequest request = new AddAclRuleRequest();
AddRuleAclDto body = new AddRuleAclDto();
TagsVO tagRules = new TagsVO();
tagRules.withTagKey("")
.withTagValue("");
RuleServiceDto serviceRules = new RuleServiceDto();
serviceRules.withType(0)
.withProtocol(6)
.withSourcePort("0")
.withDestPort("0");
RuleAddressDtoForRequest destinationRules = new RuleAddressDtoForRequest();
destinationRules.withType(0)
.withAddress("2.2.2.2");
RuleAddressDtoForRequest sourceRules = new RuleAddressDtoForRequest();
sourceRules.withType(0)
.withAddress("1.1.1.1");
OrderRuleAclDto sequenceRules = new OrderRuleAclDto();
sequenceRules.withTop(1);
List<AddRuleAclDtoRules> listbodyRules = new ArrayList<>();
listbodyRules.add(
new AddRuleAclDtoRules()
.withName("Test rule.")
.withSequence(sequenceRules)
.withAddressType(AddRuleAclDtoRules.AddressTypeEnum.NUMBER_0)
.withActionType(0)
.withStatus(AddRuleAclDtoRules.StatusEnum.NUMBER_1)
.withLongConnectEnable(AddRuleAclDtoRules.LongConnectEnableEnum.NUMBER_0)
.withDescription("")
.withDirection(AddRuleAclDtoRules.DirectionEnum.NUMBER_0)
.withSource(sourceRules)
.withDestination(destinationRules)
.withService(serviceRules)
.withTag(tagRules)
);
body.withRules(listbodyRules);
body.withType(AddRuleAclDto.TypeEnum.NUMBER_0);
body.withObjectId("ae42418e-f077-41a0-9d3b-5b2f5ad9102b");
request.withBody(body);
try {
AddAclRuleResponse response = client.addAclRule(request);
System.out.println(response.toString());
} catch (ConnectionException e) {
e.printStackTrace();
} catch (RequestTimeoutException e) {
e.printStackTrace();
} catch (ServiceResponseException e) {
e.printStackTrace();
System.out.println(e.getHttpStatusCode());
System.out.println(e.getRequestId());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
}
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# coding: utf-8
import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *
if __name__ == "__main__":
# The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
# In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak = os.environ["CLOUD_SDK_AK"]
sk = os.environ["CLOUD_SDK_SK"]
projectId = "{project_id}"
credentials = BasicCredentials(ak, sk, projectId)
client = CfwClient.new_builder() \
.with_credentials(credentials) \
.with_region(CfwRegion.value_of("<YOUR REGION>")) \
.build()
try:
request = AddAclRuleRequest()
tagRules = TagsVO(
tag_key="",
tag_value=""
)
serviceRules = RuleServiceDto(
type=0,
protocol=6,
source_port="0",
dest_port="0"
)
destinationRules = RuleAddressDtoForRequest(
type=0,
address="2.2.2.2"
)
sourceRules = RuleAddressDtoForRequest(
type=0,
address="1.1.1.1"
)
sequenceRules = OrderRuleAclDto(
top=1
)
listRulesbody = [
AddRuleAclDtoRules(
name="Test rule.",
sequence=sequenceRules,
address_type=0,
action_type=0,
status=1,
long_connect_enable=0,
description="",
direction=0,
source=sourceRules,
destination=destinationRules,
service=serviceRules,
tag=tagRules
)
]
request.body = AddRuleAclDto(
rules=listRulesbody,
type=0,
object_id="ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
)
response = client.add_acl_rule(request)
print(response)
except exceptions.ClientRequestException as e:
print(e.status_code)
print(e.request_id)
print(e.error_code)
print(e.error_msg)
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
package main
import (
"fmt"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)
func main() {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak := os.Getenv("CLOUD_SDK_AK")
sk := os.Getenv("CLOUD_SDK_SK")
projectId := "{project_id}"
auth := basic.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithProjectId(projectId).
Build()
client := cfw.NewCfwClient(
cfw.CfwClientBuilder().
WithRegion(region.ValueOf("<YOUR REGION>")).
WithCredential(auth).
Build())
request := &model.AddAclRuleRequest{}
tagKeyTag:= ""
tagValueTag:= ""
tagRules := &model.TagsVo{
TagKey: &tagKeyTag,
TagValue: &tagValueTag,
}
protocolService:= int32(6)
sourcePortService:= "0"
destPortService:= "0"
serviceRules := &model.RuleServiceDto{
Type: int32(0),
Protocol: &protocolService,
SourcePort: &sourcePortService,
DestPort: &destPortService,
}
addressDestination:= "2.2.2.2"
destinationRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressDestination,
}
addressSource:= "1.1.1.1"
sourceRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressSource,
}
topSequence:= int32(1)
sequenceRules := &model.OrderRuleAclDto{
Top: &topSequence,
}
descriptionRules:= ""
directionRules:= model.GetAddRuleAclDtoRulesDirectionEnum().E_0
var listRulesbody = []model.AddRuleAclDtoRules{
{
Name: "Test rule.",
Sequence: sequenceRules,
AddressType: model.GetAddRuleAclDtoRulesAddressTypeEnum().E_0,
ActionType: int32(0),
Status: model.GetAddRuleAclDtoRulesStatusEnum().E_1,
LongConnectEnable: model.GetAddRuleAclDtoRulesLongConnectEnableEnum().E_0,
Description: &descriptionRules,
Direction: &directionRules,
Source: sourceRules,
Destination: destinationRules,
Service: serviceRules,
Tag: tagRules,
},
}
request.Body = &model.AddRuleAclDto{
Rules: listRulesbody,
Type: model.GetAddRuleAclDtoTypeEnum().E_0,
ObjectId: "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
}
response, err := client.AddAclRule(request)
if err == nil {
fmt.Printf("%+v\n", response)
} else {
fmt.Println(err)
}
}
|
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
package com.huaweicloud.sdk.test;
import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;
import java.util.List;
import java.util.ArrayList;
public class AddAclRuleSolution {
public static void main(String[] args) {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
String ak = System.getenv("CLOUD_SDK_AK");
String sk = System.getenv("CLOUD_SDK_SK");
String projectId = "{project_id}";
ICredential auth = new BasicCredentials()
.withProjectId(projectId)
.withAk(ak)
.withSk(sk);
CfwClient client = CfwClient.newBuilder()
.withCredential(auth)
.withRegion(CfwRegion.valueOf("<YOUR REGION>"))
.build();
AddAclRuleRequest request = new AddAclRuleRequest();
AddRuleAclDto body = new AddRuleAclDto();
TagsVO tagRules = new TagsVO();
tagRules.withTagKey("")
.withTagValue("");
RuleServiceDto serviceRules = new RuleServiceDto();
serviceRules.withType(0)
.withProtocol(6)
.withSourcePort("0")
.withDestPort("0");
RuleAddressDtoForRequest destinationRules = new RuleAddressDtoForRequest();
destinationRules.withType(0)
.withAddress("2.2.2.2");
RuleAddressDtoForRequest sourceRules = new RuleAddressDtoForRequest();
sourceRules.withType(0)
.withAddress("1.1.1.1");
OrderRuleAclDto sequenceRules = new OrderRuleAclDto();
sequenceRules.withTop(1);
List<AddRuleAclDtoRules> listbodyRules = new ArrayList<>();
listbodyRules.add(
new AddRuleAclDtoRules()
.withName("Test rule.")
.withSequence(sequenceRules)
.withAddressType(AddRuleAclDtoRules.AddressTypeEnum.NUMBER_0)
.withActionType(0)
.withStatus(AddRuleAclDtoRules.StatusEnum.NUMBER_1)
.withLongConnectEnable(AddRuleAclDtoRules.LongConnectEnableEnum.NUMBER_0)
.withDescription("")
.withDirection(AddRuleAclDtoRules.DirectionEnum.NUMBER_0)
.withSource(sourceRules)
.withDestination(destinationRules)
.withService(serviceRules)
.withTag(tagRules)
);
body.withRules(listbodyRules);
body.withType(AddRuleAclDto.TypeEnum.NUMBER_0);
body.withObjectId("ae42418e-f077-41a0-9d3b-5b2f5ad9102b");
request.withBody(body);
try {
AddAclRuleResponse response = client.addAclRule(request);
System.out.println(response.toString());
} catch (ConnectionException e) {
e.printStackTrace();
} catch (RequestTimeoutException e) {
e.printStackTrace();
} catch (ServiceResponseException e) {
e.printStackTrace();
System.out.println(e.getHttpStatusCode());
System.out.println(e.getRequestId());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
}
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# coding: utf-8
import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *
if __name__ == "__main__":
# The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
# In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak = os.environ["CLOUD_SDK_AK"]
sk = os.environ["CLOUD_SDK_SK"]
projectId = "{project_id}"
credentials = BasicCredentials(ak, sk, projectId)
client = CfwClient.new_builder() \
.with_credentials(credentials) \
.with_region(CfwRegion.value_of("<YOUR REGION>")) \
.build()
try:
request = AddAclRuleRequest()
tagRules = TagsVO(
tag_key="",
tag_value=""
)
serviceRules = RuleServiceDto(
type=0,
protocol=6,
source_port="0",
dest_port="0"
)
destinationRules = RuleAddressDtoForRequest(
type=0,
address="2.2.2.2"
)
sourceRules = RuleAddressDtoForRequest(
type=0,
address="1.1.1.1"
)
sequenceRules = OrderRuleAclDto(
top=1
)
listRulesbody = [
AddRuleAclDtoRules(
name="Test rule.",
sequence=sequenceRules,
address_type=0,
action_type=0,
status=1,
long_connect_enable=0,
description="",
direction=0,
source=sourceRules,
destination=destinationRules,
service=serviceRules,
tag=tagRules
)
]
request.body = AddRuleAclDto(
rules=listRulesbody,
type=0,
object_id="ae42418e-f077-41a0-9d3b-5b2f5ad9102b"
)
response = client.add_acl_rule(request)
print(response)
except exceptions.ClientRequestException as e:
print(e.status_code)
print(e.request_id)
print(e.error_code)
print(e.error_msg)
|
The following example shows how to add an IPv4 inbound rule. The rule name is Test rule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
package main
import (
"fmt"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)
func main() {
// The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
// In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
ak := os.Getenv("CLOUD_SDK_AK")
sk := os.Getenv("CLOUD_SDK_SK")
projectId := "{project_id}"
auth := basic.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithProjectId(projectId).
Build()
client := cfw.NewCfwClient(
cfw.CfwClientBuilder().
WithRegion(region.ValueOf("<YOUR REGION>")).
WithCredential(auth).
Build())
request := &model.AddAclRuleRequest{}
tagKeyTag:= ""
tagValueTag:= ""
tagRules := &model.TagsVo{
TagKey: &tagKeyTag,
TagValue: &tagValueTag,
}
protocolService:= int32(6)
sourcePortService:= "0"
destPortService:= "0"
serviceRules := &model.RuleServiceDto{
Type: int32(0),
Protocol: &protocolService,
SourcePort: &sourcePortService,
DestPort: &destPortService,
}
addressDestination:= "2.2.2.2"
destinationRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressDestination,
}
addressSource:= "1.1.1.1"
sourceRules := &model.RuleAddressDtoForRequest{
Type: int32(0),
Address: &addressSource,
}
topSequence:= int32(1)
sequenceRules := &model.OrderRuleAclDto{
Top: &topSequence,
}
descriptionRules:= ""
directionRules:= model.GetAddRuleAclDtoRulesDirectionEnum().E_0
var listRulesbody = []model.AddRuleAclDtoRules{
{
Name: "Test rule.",
Sequence: sequenceRules,
AddressType: model.GetAddRuleAclDtoRulesAddressTypeEnum().E_0,
ActionType: int32(0),
Status: model.GetAddRuleAclDtoRulesStatusEnum().E_1,
LongConnectEnable: model.GetAddRuleAclDtoRulesLongConnectEnableEnum().E_0,
Description: &descriptionRules,
Direction: &directionRules,
Source: sourceRules,
Destination: destinationRules,
Service: serviceRules,
Tag: tagRules,
},
}
request.Body = &model.AddRuleAclDto{
Rules: listRulesbody,
Type: model.GetAddRuleAclDtoTypeEnum().E_0,
ObjectId: "ae42418e-f077-41a0-9d3b-5b2f5ad9102b",
}
response, err := client.AddAclRule(request)
if err == nil {
fmt.Printf("%+v\n", response)
} else {
fmt.Println(err)
}
}
|
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Response to the request for creating an ACL rule. |
|
400 |
Bad Request |
|
401 |
Unauthorized: Request error. |
|
403 |
Forbidden: Access forbidden. |
|
404 |
Not Found: Web page not found. |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
