Inserting a Network ACL Rule
Function
This API is used to insert a network ACL rule.
Calling Method
For details, see Calling APIs.
URI
PUT /v3/{project_id}/vpc/firewalls/{firewall_id}/insert-rules
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
firewall_id |
Yes |
String |
Unique ID of a network ACL. |
project_id |
Yes |
String |
Project ID. For details about how to obtain a project ID, see Obtaining a Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
firewall |
Yes |
FirewallInsertRuleOption object |
Details about the inbound and outbound network ACL rules to be inserted. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
ingress_rules |
No |
Array of FirewallInsertRuleItemOption objects |
|
egress_rules |
No |
Array of FirewallInsertRuleItemOption objects |
|
insert_after_rule |
No |
String |
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
No |
String |
|
description |
No |
String |
|
action |
Yes |
String |
|
protocol |
Yes |
String |
|
ip_version |
Yes |
Integer |
|
source_ip_address |
No |
String |
|
destination_ip_address |
No |
String |
|
source_port |
No |
String |
|
destination_port |
No |
String |
|
source_address_group_id |
No |
String |
|
destination_address_group_id |
No |
String |
|
enabled |
No |
Boolean |
|
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
firewall |
FirewallDetail object |
Details after the network ACL rules are inserted. |
request_id |
String |
Request ID. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
project_id |
String |
|
created_at |
String |
|
updated_at |
String |
|
admin_state_up |
Boolean |
|
status |
String |
|
enterprise_project_id |
String |
|
tags |
Array of ResourceTag objects |
|
associations |
Array of FirewallAssociation objects |
|
ingress_rules |
Array of FirewallRuleDetail objects |
|
egress_rules |
Array of FirewallRuleDetail objects |
|
Parameter |
Type |
Description |
---|---|---|
key |
String |
Minimum: 1 Maximum: 128 |
value |
String |
Maximum: 255 |
Parameter |
Type |
Description |
---|---|---|
virsubnet_id |
String |
|
Parameter |
Type |
Description |
---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
action |
String |
|
project_id |
String |
|
protocol |
String |
|
ip_version |
Integer |
|
source_ip_address |
String |
|
destination_ip_address |
String |
|
source_port |
String |
|
destination_port |
String |
|
source_address_group_id |
String |
|
destination_address_group_id |
String |
|
enabled |
Boolean |
|
Example Requests
-
Insert an inbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "ingress_rules" : [ { "name" : "network_acl_rule test", "description" : "network_acl_rule test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "insert_after_rule" : "e9a7731d-5bd9-4250-a524-b9a076fd5630" } }
-
Insert an outbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "egress_rules" : [ { "name" : "network_acl_rule test", "description" : "network_acl_rule test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "insert_after_rule" : "e9a7731d-5bd9-4250-a524-b9a076fd5630" } }
Example Responses
Status code: 200
Normal response to the PUT operation. For more status codes, see Status Codes.
{ "firewall" : { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46.000+00:00", "updated_at" : "2022-04-07T07:30:46.000+00:00", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "ingress_rules" : [ { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule test", "description" : "network_acl_rule test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : 4, "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90" } ], "egress_rules" : [ { "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule test", "description" : "network_acl_rule test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : 4, "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90" } ], "associations" : [ { "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143" } ] } }
SDK Sample Code
The SDK sample code is as follows.
-
Insert an inbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpc.v3.region.VpcRegion; import com.huaweicloud.sdk.vpc.v3.*; import com.huaweicloud.sdk.vpc.v3.model.*; import java.util.List; import java.util.ArrayList; public class AddFirewallRulesSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcClient client = VpcClient.newBuilder() .withCredential(auth) .withRegion(VpcRegion.valueOf("<YOUR REGION>")) .build(); AddFirewallRulesRequest request = new AddFirewallRulesRequest(); request.withFirewallId("{firewall_id}"); AddFirewallRulesRequestBody body = new AddFirewallRulesRequestBody(); List<FirewallInsertRuleItemOption> listFirewallIngressRules = new ArrayList<>(); listFirewallIngressRules.add( new FirewallInsertRuleItemOption() .withName("network_acl_rule test") .withDescription("network_acl_rule test") .withAction("allow") .withProtocol("tcp") .withIpVersion(4) .withSourceIpAddress("192.168.3.0/24") .withDestinationIpAddress("192.168.6.0/24") .withSourcePort("30-40,60-90") .withDestinationPort("40-60,70-90") ); FirewallInsertRuleOption firewallbody = new FirewallInsertRuleOption(); firewallbody.withIngressRules(listFirewallIngressRules) .withInsertAfterRule("e9a7731d-5bd9-4250-a524-b9a076fd5630"); body.withFirewall(firewallbody); request.withBody(body); try { AddFirewallRulesResponse response = client.addFirewallRules(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Insert an outbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpc.v3.region.VpcRegion; import com.huaweicloud.sdk.vpc.v3.*; import com.huaweicloud.sdk.vpc.v3.model.*; import java.util.List; import java.util.ArrayList; public class AddFirewallRulesSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcClient client = VpcClient.newBuilder() .withCredential(auth) .withRegion(VpcRegion.valueOf("<YOUR REGION>")) .build(); AddFirewallRulesRequest request = new AddFirewallRulesRequest(); request.withFirewallId("{firewall_id}"); AddFirewallRulesRequestBody body = new AddFirewallRulesRequestBody(); List<FirewallInsertRuleItemOption> listFirewallEgressRules = new ArrayList<>(); listFirewallEgressRules.add( new FirewallInsertRuleItemOption() .withName("network_acl_rule test") .withDescription("network_acl_rule test") .withAction("allow") .withProtocol("tcp") .withIpVersion(4) .withSourceIpAddress("192.168.3.0/24") .withDestinationIpAddress("192.168.6.0/24") .withSourcePort("30-40,60-90") .withDestinationPort("40-60,70-90") ); FirewallInsertRuleOption firewallbody = new FirewallInsertRuleOption(); firewallbody.withEgressRules(listFirewallEgressRules) .withInsertAfterRule("e9a7731d-5bd9-4250-a524-b9a076fd5630"); body.withFirewall(firewallbody); request.withBody(body); try { AddFirewallRulesResponse response = client.addFirewallRules(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Insert an inbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpc.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcRegion.value_of("<YOUR REGION>")) \ .build() try: request = AddFirewallRulesRequest() request.firewall_id = "{firewall_id}" listIngressRulesFirewall = [ FirewallInsertRuleItemOption( name="network_acl_rule test", description="network_acl_rule test", action="allow", protocol="tcp", ip_version=4, source_ip_address="192.168.3.0/24", destination_ip_address="192.168.6.0/24", source_port="30-40,60-90", destination_port="40-60,70-90" ) ] firewallbody = FirewallInsertRuleOption( ingress_rules=listIngressRulesFirewall, insert_after_rule="e9a7731d-5bd9-4250-a524-b9a076fd5630" ) request.body = AddFirewallRulesRequestBody( firewall=firewallbody ) response = client.add_firewall_rules(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Insert an outbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpc.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcRegion.value_of("<YOUR REGION>")) \ .build() try: request = AddFirewallRulesRequest() request.firewall_id = "{firewall_id}" listEgressRulesFirewall = [ FirewallInsertRuleItemOption( name="network_acl_rule test", description="network_acl_rule test", action="allow", protocol="tcp", ip_version=4, source_ip_address="192.168.3.0/24", destination_ip_address="192.168.6.0/24", source_port="30-40,60-90", destination_port="40-60,70-90" ) ] firewallbody = FirewallInsertRuleOption( egress_rules=listEgressRulesFirewall, insert_after_rule="e9a7731d-5bd9-4250-a524-b9a076fd5630" ) request.body = AddFirewallRulesRequestBody( firewall=firewallbody ) response = client.add_firewall_rules(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Insert an inbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpc.NewVpcClient( vpc.VpcClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.AddFirewallRulesRequest{} request.FirewallId = "{firewall_id}" nameIngressRules:= "network_acl_rule test" descriptionIngressRules:= "network_acl_rule test" sourceIpAddressIngressRules:= "192.168.3.0/24" destinationIpAddressIngressRules:= "192.168.6.0/24" sourcePortIngressRules:= "30-40,60-90" destinationPortIngressRules:= "40-60,70-90" var listIngressRulesFirewall = []model.FirewallInsertRuleItemOption{ { Name: &nameIngressRules, Description: &descriptionIngressRules, Action: "allow", Protocol: "tcp", IpVersion: int32(4), SourceIpAddress: &sourceIpAddressIngressRules, DestinationIpAddress: &destinationIpAddressIngressRules, SourcePort: &sourcePortIngressRules, DestinationPort: &destinationPortIngressRules, }, } insertAfterRuleFirewall:= "e9a7731d-5bd9-4250-a524-b9a076fd5630" firewallbody := &model.FirewallInsertRuleOption{ IngressRules: &listIngressRulesFirewall, InsertAfterRule: &insertAfterRuleFirewall, } request.Body = &model.AddFirewallRulesRequestBody{ Firewall: firewallbody, } response, err := client.AddFirewallRules(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
-
Insert an outbound rule below the rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5630 to the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpc.NewVpcClient( vpc.VpcClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.AddFirewallRulesRequest{} request.FirewallId = "{firewall_id}" nameEgressRules:= "network_acl_rule test" descriptionEgressRules:= "network_acl_rule test" sourceIpAddressEgressRules:= "192.168.3.0/24" destinationIpAddressEgressRules:= "192.168.6.0/24" sourcePortEgressRules:= "30-40,60-90" destinationPortEgressRules:= "40-60,70-90" var listEgressRulesFirewall = []model.FirewallInsertRuleItemOption{ { Name: &nameEgressRules, Description: &descriptionEgressRules, Action: "allow", Protocol: "tcp", IpVersion: int32(4), SourceIpAddress: &sourceIpAddressEgressRules, DestinationIpAddress: &destinationIpAddressEgressRules, SourcePort: &sourcePortEgressRules, DestinationPort: &destinationPortEgressRules, }, } insertAfterRuleFirewall:= "e9a7731d-5bd9-4250-a524-b9a076fd5630" firewallbody := &model.FirewallInsertRuleOption{ EgressRules: &listEgressRulesFirewall, InsertAfterRule: &insertAfterRuleFirewall, } request.Body = &model.AddFirewallRulesRequestBody{ Firewall: firewallbody, } response, err := client.AddFirewallRules(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
Normal response to the PUT operation. For more status codes, see Status Codes. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot