Creating a Network ACL
Function
This API is used to create a network ACL.
This API is now available in CN North-Beijing4, CN East-Shanghai1, CN South-Guangzhou, CN South-Shenzhen, CN Southwest-Guiyang1, and AP-Singapore.
URI
POST /v3/{project_id}/vpc/firewalls
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
firewall |
Yes |
CreateFirewallOption object |
Request body for creating a network ACL. |
dry_run |
No |
Boolean |
Whether to only send the check request. The value can be:
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
No |
String |
Provides supplementary information about the IP address group. The value can contain no more than 255 characters and cannot contain angle brackets (< or >). |
enterprise_project_id |
No |
String |
ID of the enterprise project that a network ACL belongs to. The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). Value 0 indicates the default enterprise project. |
tags |
No |
Array of ResourceTag objects |
Network ACL tags. |
admin_state_up |
No |
Boolean |
Whether a network ACL is enabled. The default value is true. The value can be true or false. true indicates that the network ACL is enabled, and false indicates that the network ACL is disabled. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
firewall |
FirewallDetail object |
Response body for creating a network ACL. |
request_id |
String |
Request ID. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Network ACL ID, which uniquely identifies a network ACL. The value is a string in UUID format. |
name |
String |
Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
String |
Provides supplementary information about the IP address group. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >). |
project_id |
String |
ID of the project that a network ACL belongs to. |
created_at |
String |
Time when a network ACL is created UTC time in the format of yyyy-MM-ddTHH:mmss. The value is automatically generated by the system. |
updated_at |
String |
Time when a network ACL was last updated UTC time in the format of yyyy-MM-ddTHH:mmss. The value is automatically generated by the system. |
admin_state_up |
Boolean |
Whether a network ACL is enabled. The value can be true or false. true indicates that the network ACL is enabled, and false indicates that the network ACL is disabled. |
status |
String |
Network ACL status. |
enterprise_project_id |
String |
ID of the enterprise project that a network ACL belongs to. The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). Value 0 indicates the default enterprise project. |
tags |
Array of ResourceTag objects |
Network ACL tags. |
associations |
Array of FirewallAssociation objects |
Subnets that are associated with a network ACL. |
ingress_rules |
Array of FirewallRuleDetail objects |
Inbound network ACL rules. |
egress_rules |
Array of FirewallRuleDetail objects |
Outbound network ACL rules. |
Parameter |
Type |
Description |
---|---|---|
key |
String |
Tag key. Tag keys must be unique for each resource. Minimum length: 1 Maximum length: 128 |
value |
String |
Tag value. Maximum length: 255 |
Parameter |
Type |
Description |
---|---|---|
virsubnet_id |
String |
IDs of subnets that are associated with a network ACL. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Network ACL rule ID, which uniquely identifies a network ACL rule. The value is a string in UUID format. |
name |
String |
Network ACL rule name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). |
description |
String |
Provides supplementary information about a network ACL rule. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >). |
action |
String |
Whether a network ACL rule allows or denies traffic. The value can be allow or deny. |
project_id |
String |
ID of the project that a network ACL belongs to. |
protocol |
String |
Network ACL rule protocol. The value can be TCP, UDP, ICMP, ICMPV6, or a value from 0 to 255. |
ip_version |
Integer |
IP version of a network ACL rule. The value can be 4 (IPv4) or 6 (IPv6). |
source_ip_address |
String |
Source IP address or CIDR block of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_ip_address |
String |
Destination IP address or CIDR block of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
source_port |
String |
Source ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
destination_port |
String |
Destination ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The default number of supported port entries is 20. |
source_address_group_id |
String |
Source IP address group ID of a network ACL rule. source_ip_address and source_address_group_id cannot be configured at the same time. |
destination_address_group_id |
String |
Destination IP address group ID of a network ACL rule. destination_ip_address and destination_address_group_id cannot be configured at the same time. |
enabled |
Boolean |
Whether to enable a network ACL rule. The value can be true (enabled) or false (disabled). Default value: true |
Example Request
Create a network ACL named network_acl_test1.
POST https://{Endpoint}/v3/{project_id}/vpc/firewalls { "firewall": { "name": "network_acl_test1", "description": "network_acl_test1", "enterprise_project_id": "158ad39a-dab7-45a3-9b5a-2836b3cf93f9" } }
Example Response
Status code: 201
Normal response for the POST operation of the API for creating a network ACL
{ "firewall" : { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46", "updated_at" : "2022-04-07T07:30:46", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "ingress_rules" : [ ], "egress_rules" : [ ], "associations" : [ ] } }
Status Codes
See Status Codes.
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot