Inserting a Network ACL Rule
Function
This API is used to insert a network ACL rule.
This API is now available in CN North-Beijing4, CN East-Shanghai1, CN South-Guangzhou, CN South-Shenzhen, CN Southwest-Guiyang1, and AP-Singapore.
URI
PUT /v3/{project_id}/vpc/firewalls/{firewall_id}/insert-rules
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
firewall_id |
Yes |
String |
Unique identifier of a network ACL. |
project_id |
Yes |
String |
Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
firewall |
Yes |
FirewallInsertRuleOption object |
Insert inbound and outbound network ACL rules. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
ingress_rules |
No |
Array of FirewallInsertRuleItemOption objects |
Add inbound network ACL rules. |
egress_rules |
No |
Array of FirewallInsertRuleItemOption objects |
Add outbound network ACL rules. |
insert_after_rule |
No |
String |
Insert a network ACL rule below an inbound or outbound rule. If insert_after_rule is specified, ingress_rules and egress_rules cannot be configured at the same time, and the rule must exist in the inbound or outbound direction. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
No |
String |
Network ACL rule name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
No |
String |
Provides supplementary information about a network ACL rule. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >). |
action |
Yes |
String |
Whether a network ACL rule allows or denies traffic. The value can be allow or deny. |
protocol |
Yes |
String |
Network ACL rule protocol. The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255). The value any indicates all protocols. |
ip_version |
Yes |
Integer |
IP version of a network ACL rule. The value can be 4 (IPv4) or 6 (IPv6). |
source_ip_address |
No |
String |
Source IP address or CIDR block of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_ip_address |
No |
String |
Destination IP address or CIDR block of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
source_port |
No |
String |
Source ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
destination_port |
No |
String |
Destination ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
source_address_group_id |
No |
String |
Source IP address group ID of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_address_group_id |
No |
String |
Destination IP address group ID of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
enabled |
No |
Boolean |
Whether to enable a network ACL rule. The value can be true (enabled) or false (disabled). Default value: true |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
firewall |
FirewallDetail object |
Details after a network ACL rule is inserted. |
request_id |
String |
Request ID. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Network ACL ID, which uniquely identifies a network ACL. The value is a string in UUID format. |
name |
String |
Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
String |
Provides supplementary information about an IP address group. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >). |
project_id |
String |
ID of the project that a network ACL belongs to. |
created_at |
String |
Time when a network ACL is created UTC time in the format of yyyy-MM-ddTHH:mmssZ. The value is automatically generated by the system. |
updated_at |
String |
Time when a network ACL was last updated UTC time in the format of yyyy-MM-ddTHH:mmssZ. The value is automatically generated by the system. |
admin_state_up |
Boolean |
Whether a network ACL is enabled. The value can be true or false. true indicates that the network ACL is enabled, and false indicates that the network ACL is disabled. |
status |
String |
Network ACL status. |
enterprise_project_id |
String |
ID of the enterprise project that a network ACL belongs to. The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). Value 0 indicates the default enterprise project. |
tags |
Array of ResourceTag objects |
Network ACL tags. |
associations |
Array of FirewallAssociation objects |
Subnets that are associated with a network ACL. |
ingress_rules |
Array of FirewallRuleDetail objects |
Inbound network ACL rules. |
egress_rules |
Array of FirewallRuleDetail objects |
Outbound network ACL rules. |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Tag key. Tag keys must be unique for each resource. Minimum length: 1 Maximum length: 128 |
value |
String |
Tag value. Maximum length: 255 |
Parameter |
Type |
Description |
---|---|---|
virsubnet_id |
String |
IDs of subnets that are associated with a network ACL. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Network ACL rule ID, which uniquely identifies a network ACL rule. The value is a string in UUID format. |
name |
String |
Network ACL rule name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
String |
Provides supplementary information about a network ACL rule. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >). |
action |
String |
Whether a network ACL rule allows or denies traffic. The value can be allow or deny. |
project_id |
String |
ID of the project that a network ACL belongs to. |
protocol |
String |
Network ACL rule protocol. The value can be TCP, UDP, ICMP, ICMPV6, or a value from 0 to 255. |
ip_version |
Integer |
IP version of a network ACL rule. The value can be 4 (IPv4) or 6 (IPv6). |
source_ip_address |
String |
Source IP address or CIDR block of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_ip_address |
String |
Destination IP address or CIDR block of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
source_port |
String |
Source ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
destination_port |
String |
Destination ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
source_address_group_id |
String |
Source IP address group ID of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_address_group_id |
String |
Destination IP address group ID of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
enabled |
Boolean |
Whether to enable a network ACL rule. The value can be true (enabled) or false (disabled). Default value: true |
Example Request
- Insert two inbound rules below the rule a2a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL e9a7731d-5bd9-4250-a524-b9a076fd5629.
PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "ingress_rules" : [ { "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "insert_after_rule" : "a2a7731d-5bd9-4250-a524-b9a076fd5630" } }
- Insert two outbound rules below the rule a3a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL e9a7731d-5bd9-4250-a524-b9a076fd5629.
PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "egress_rules" : [ { "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "insert_after_rule" : "a3a7731d-5bd9-4250-a524-b9a076fd5630" } }
Example Response
Status code: 200
OK
{ "firewall" : { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46Z", "updated_at" : "2022-04-07T07:30:46Z", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "ingress_rules" : [{ "id" : "a2a7731d-5bd9-4250-a524-b9a076fd5630", "name" : "network_acl_rule", "description" : "network_acl_rule", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.13.0/24", "destination_ip_address" : "192.168.16.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "4afc959f-5380-dd94-8082-5701f6bc3f1c", "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "b49dcd4c-508e-4b99-9093-2680616f2a7e", "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "egress_rules" : [{ "id" : "a3a7731d-5bd9-4250-a524-b9a076fd5630", "name" : "network_acl_rule", "description" : "network_acl_rule", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.13.0/24", "destination_ip_address" : "192.168.16.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }, { "id" : "bbbc1cd1-b8e1-45d3-b3bc-7bc360f8860d", "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "associations" : [ { "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143" } ] } }
Status Codes
See Status Codes.
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot