Updating an ACL Rule
Function
This API is used to update an ACL rule.
Calling Method
For details, see Calling APIs.
URI
PUT /v1/{project_id}/acl-rule/{acl_rule_id}
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID |
acl_rule_id |
Yes |
String |
Rule ID |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
No |
String |
Enterprise project id, the id generated by the enterprise project after the user supports the enterprise project. |
fw_instance_id |
No |
String |
Firewall instance ID, which is automatically generated after a CFW instance is created. You can obtain the ID by calling the API used for querying a firewall instance. For details, see the API Explorer and Help Center FAQ.By default, if fw_instance_Id is not specified, information about the first firewall under the account is returned. If fw_instance_Id is specified, information about the firewall with this fw_instance_Id is returned.If object_Id is specified, information about the firewall with this object_Id is returned by default. If both fw_instance_Id and object_Id are specified, the specified object_Id must belong to the specified firewall. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
address_type |
No |
Integer |
Address type. The value can be 0 (IPv4) or 1 (IPv6). Enumeration values:
|
name |
No |
String |
Rule name |
sequence |
No |
OrderRuleAclDto object |
UpdateRuleAclDto |
direction |
No |
Integer |
Direction: 0 means outside to inside, 1 means inside to outside, direction value is required when rule type is internet or nat. Enumeration values:
|
action_type |
No |
Integer |
Action. 0: allow; 1: deny Enumeration values:
|
status |
No |
Integer |
Rule delivery status. 0: disabled; 1: enabled. |
applications |
No |
Array of strings |
applications |
applicationsJsonString |
No |
String |
applications json string |
description |
No |
String |
Description |
long_connect_time_hour |
No |
Long |
Persistent connection duration (hour) |
long_connect_time_minute |
No |
Long |
Persistent connection duration (hour) |
long_connect_time_second |
No |
Long |
Persistent connection duration (minute) |
long_connect_time |
No |
Long |
Persistent connection duration |
long_connect_enable |
No |
Integer |
Whether to support persistent connections. 0: not supported; 1: supported. Enumeration values:
|
profile |
No |
RuleProfileDto object |
domain url info |
source |
No |
RuleAddressDto object |
rule address dto |
destination |
No |
RuleAddressDto object |
rule address dto |
service |
No |
RuleServiceDto object |
rule service dto |
type |
No |
Integer |
Rule type. The value can be 0 (Internet rule), 1 (VPC rule), or 2 (NAT rule). Enumeration values:
|
tag |
No |
TagsVO object |
tag |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
dest_rule_id |
No |
String |
ID of the rule that the added rule will follow. This parameter cannot be left blank if the rule is not pinned on top, and is empty when the added rule is pinned on top. |
top |
No |
Integer |
Whether to pin on top. The options are as follows: 0: no; 1: yes. |
bottom |
No |
Integer |
Whether to pin on bottom. The options are as follows: 0: no; 1: yes. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
Integer |
Source type. 0: manual input; 1: associated IP address group; 2: domain name; 3: region; 4: domain set 5: multi object, 6: domain set dns, 7: domain url profile |
address_type |
No |
Integer |
Source type. 0: IPv4; 1: IPv6 |
address |
No |
String |
Source IP address. The value cannot be empty for the manual type, and cannot be empty for the automatic or domain type. |
address_set_id |
No |
String |
ID of the associated IP address group. The value cannot be empty for the automatic type or for the manual or domain type. |
address_set_name |
No |
String |
IP address group name |
domain_address_name |
No |
String |
Name of the domain name address. This parameter cannot be left empty for the domain name type, and is empty for the manual or automatic type. |
region_list_json |
No |
String |
JSON value of the rule region list. |
region_list |
No |
Array of IpRegionDto objects |
Region list of a rule |
domain_set_id |
No |
String |
domain set id |
domain_set_name |
No |
String |
domain set name |
ip_address |
No |
Array of strings |
IP address list |
address_group |
No |
Array of strings |
address group |
address_group_names |
No |
Array of AddressGroupVO objects |
Address set list |
address_set_type |
No |
Integer |
Address set type, 0 indicates a custom define address set, 1 indicates a WAF return-to-source IP address set, 2 indicates a DDoS return-to-source IP address set, and 3 indicates a NAT64 translation address set. |
predefined_group |
No |
Array of strings |
predefined group |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
region_id |
No |
String |
region id |
description_cn |
No |
String |
cn description |
description_en |
No |
String |
en description |
region_type |
No |
Integer |
Region type, 0 means country, 1 means province, 2 means continent |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
Integer |
Service input type. The value 0 indicates manual input, and the value 1 indicates automatic input. |
protocol |
No |
Integer |
Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. |
protocols |
No |
Array of integers |
Protocols |
source_port |
No |
String |
Source port |
dest_port |
No |
String |
Destination port |
service_set_id |
No |
String |
Service group ID. This parameter is left blank for the manual type and cannot be left blank for the automatic type. |
service_set_name |
No |
String |
Service group name |
custom_service |
No |
Array of ServiceItem objects |
custom service |
predefined_group |
No |
Array of strings |
predefined group |
service_group |
No |
Array of strings |
Service group list |
service_group_names |
No |
Array of AddressGroupVO objects |
Service group name list |
service_set_type |
No |
Integer |
Service set type, 0 indicates a custom service set, 1 indicates a predefined service set, 2 indicates commonly used remote login and PING, 3 indicates commonly used databases |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
protocol |
No |
Integer |
Protocol type. The value 6 indicates TCP, 17 indicates UDP, 1 indicates ICMP, 58 indicates ICMPv6, and -1 indicates any protocol. Regarding the addition type, a null value indicates it is automatically added. |
source_port |
No |
String |
source port |
dest_port |
No |
String |
destination port |
description |
No |
String |
description |
name |
No |
String |
name |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
set_id |
No |
String |
set id |
name |
No |
String |
name |
protocols |
No |
Array of integers |
Protocols |
service_set_type |
No |
Integer |
Service set type, 0 indicates a custom service set, 1 indicates a predefined service set, 2 indicates commonly used remote login and PING, 3 indicates commonly used databases |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
data |
RuleId object |
Rule ID |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 8 Maximum: 36 |
error_msg |
String |
Description Minimum: 2 Maximum: 512 |
Example Requests
The following example shows how to update an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
https://{Endpoint}/v1/9d80d070b6d44942af73c9c3d38e0429/acl-rule/ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031 { "name" : "TestRule", "status" : 1, "action_type" : 0, "description" : "", "source" : { "type" : 0, "address" : "1.1.1.1" }, "destination" : { "type" : 0, "address" : "2.2.2.2" }, "service" : { "type" : 0, "protocol" : 6, "source_port" : "0", "dest_port" : "0" }, "type" : 0, "address_type" : 0, "tag" : { "tag_key" : "", "tag_value" : "" }, "long_connect_enable" : 0, "direction" : 0 }
Example Responses
Status code: 200
OK
{ "data" : { "id" : "ceaa0407-b9c8-4dfd-9eca-b6ead2dfd031" } }
Status code: 400
Bad Request
{ "error_code" : "CFW.00200005", "error_msg" : "operation content does not exist" }
SDK Sample Code
The SDK sample code is as follows.
Java
The following example shows how to update an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cfw.v1.region.CfwRegion; import com.huaweicloud.sdk.cfw.v1.*; import com.huaweicloud.sdk.cfw.v1.model.*; public class UpdateAclRuleSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); CfwClient client = CfwClient.newBuilder() .withCredential(auth) .withRegion(CfwRegion.valueOf("<YOUR REGION>")) .build(); UpdateAclRuleRequest request = new UpdateAclRuleRequest(); request.withEnterpriseProjectId("<enterprise_project_id>"); request.withFwInstanceId("<fw_instance_id>"); UpdateRuleAclDto body = new UpdateRuleAclDto(); TagsVO tagbody = new TagsVO(); tagbody.withTagKey("") .withTagValue(""); RuleServiceDto servicebody = new RuleServiceDto(); servicebody.withType(0) .withProtocol(6) .withSourcePort("0") .withDestPort("0"); RuleAddressDto destinationbody = new RuleAddressDto(); destinationbody.withType(0) .withAddress("2.2.2.2"); RuleAddressDto sourcebody = new RuleAddressDto(); sourcebody.withType(0) .withAddress("1.1.1.1"); body.withTag(tagbody); body.withType(UpdateRuleAclDto.TypeEnum.NUMBER_0); body.withService(servicebody); body.withDestination(destinationbody); body.withSource(sourcebody); body.withLongConnectEnable(UpdateRuleAclDto.LongConnectEnableEnum.NUMBER_0); body.withDescription(""); body.withStatus(1); body.withActionType(UpdateRuleAclDto.ActionTypeEnum.NUMBER_0); body.withDirection(UpdateRuleAclDto.DirectionEnum.NUMBER_0); body.withName("TestRule"); body.withAddressType(UpdateRuleAclDto.AddressTypeEnum.NUMBER_0); request.withBody(body); try { UpdateAclRuleResponse response = client.updateAclRule(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Python
The following example shows how to update an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcfw.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = CfwClient.new_builder() \ .with_credentials(credentials) \ .with_region(CfwRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateAclRuleRequest() request.enterprise_project_id = "<enterprise_project_id>" request.fw_instance_id = "<fw_instance_id>" tagbody = TagsVO( tag_key="", tag_value="" ) servicebody = RuleServiceDto( type=0, protocol=6, source_port="0", dest_port="0" ) destinationbody = RuleAddressDto( type=0, address="2.2.2.2" ) sourcebody = RuleAddressDto( type=0, address="1.1.1.1" ) request.body = UpdateRuleAclDto( tag=tagbody, type=0, service=servicebody, destination=destinationbody, source=sourcebody, long_connect_enable=0, description="", status=1, action_type=0, direction=0, name="TestRule", address_type=0 ) response = client.update_acl_rule(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Go
The following example shows how to update an IPv4 inbound rule. The rule name is TestRule, the source is the IP address 1.1.1.1, the destination is the IP address 2.2.2.2, the service type is service, the protocol type is TCP, the source port is 0, and the destination port is 0. Persistent connections are not supported. The action is to allow. The status is enabled.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := cfw.NewCfwClient( cfw.CfwClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateAclRuleRequest{} enterpriseProjectIdRequest:= "<enterprise_project_id>" request.EnterpriseProjectId = &enterpriseProjectIdRequest fwInstanceIdRequest:= "<fw_instance_id>" request.FwInstanceId = &fwInstanceIdRequest tagKeyTag:= "" tagValueTag:= "" tagbody := &model.TagsVo{ TagKey: &tagKeyTag, TagValue: &tagValueTag, } protocolService:= int32(6) sourcePortService:= "0" destPortService:= "0" servicebody := &model.RuleServiceDto{ Type: int32(0), Protocol: &protocolService, SourcePort: &sourcePortService, DestPort: &destPortService, } addressDestination:= "2.2.2.2" destinationbody := &model.RuleAddressDto{ Type: int32(0), Address: &addressDestination, } addressSource:= "1.1.1.1" sourcebody := &model.RuleAddressDto{ Type: int32(0), Address: &addressSource, } typeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoTypeEnum().E_0 longConnectEnableUpdateRuleAclDto:= model.GetUpdateRuleAclDtoLongConnectEnableEnum().E_0 descriptionUpdateRuleAclDto:= "" statusUpdateRuleAclDto:= int32(1) actionTypeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoActionTypeEnum().E_0 directionUpdateRuleAclDto:= model.GetUpdateRuleAclDtoDirectionEnum().E_0 nameUpdateRuleAclDto:= "TestRule" addressTypeUpdateRuleAclDto:= model.GetUpdateRuleAclDtoAddressTypeEnum().E_0 request.Body = &model.UpdateRuleAclDto{ Tag: tagbody, Type: &typeUpdateRuleAclDto, Service: servicebody, Destination: destinationbody, Source: sourcebody, LongConnectEnable: &longConnectEnableUpdateRuleAclDto, Description: &descriptionUpdateRuleAclDto, Status: &statusUpdateRuleAclDto, ActionType: &actionTypeUpdateRuleAclDto, Direction: &directionUpdateRuleAclDto, Name: &nameUpdateRuleAclDto, AddressType: &addressTypeUpdateRuleAclDto, } response, err := client.UpdateAclRule(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
More
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
OK |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot