Creating a Traffic Mirror Filter Rule
Function
This API is used to create a traffic mirror filter rule.
Calling Method
For details, see Calling APIs.
URI
POST /v3/{project_id}/vpc/traffic-mirror-filter-rules
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For details about how to obtain a project ID, see Obtaining a Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
traffic_mirror_filter_rule |
Yes |
Traffic mirror filter rule. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
description |
No |
String |
Description of a traffic mirror filter rule. The value can contain no more than 255 characters and cannot contain angle brackets (< or >). |
traffic_mirror_filter_id |
Yes |
String |
Traffic mirror filter ID. |
direction |
Yes |
String |
Traffic direction. The value can be ingress or egress. |
protocol |
Yes |
String |
Protocol of the mirrored traffic. The value can be TCP, UDP, ICMP, ICMPV6, or ALL. |
ethertype |
Yes |
String |
IP address version of the mirrored traffic. The value can be IPv4 or IPv6. |
source_cidr_block |
No |
String |
Source CIDR block of the mirrored traffic. |
destination_cidr_block |
No |
String |
Destination CIDR block of the mirrored traffic. |
source_port_range |
No |
String |
Source port range. Value range: 1-65535 Format: 80-200 |
destination_port_range |
No |
String |
Destination port range. Value range: 1-65535 Format: 80-200 |
action |
Yes |
String |
Whether to accept or reject traffic. The value can be accept or reject. |
priority |
Yes |
Integer |
Mirror filter rule priority. Value range: 1-65535. A smaller value indicates a higher priority. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
traffic_mirror_filter_rule |
TrafficMirrorFilterRule object |
Definition: Response body for querying details about a traffic mirror filter rule. Range: N/A |
request_id |
String |
Definition: Request ID. Range: N/A |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Definition: ID of a traffic mirror filter rule. Range: N/A |
project_id |
String |
Definition: ID of the project that a traffic mirror filter rule belongs to. Range: N/A |
description |
String |
Definition: Description of a traffic mirror filter rule. Range: The value can contain 0 to 255 characters and cannot contain angle brackets (< or >). |
traffic_mirror_filter_id |
String |
Definition: ID of the traffic mirror filter that a traffic mirror filter rule belongs to. Range: N/A |
direction |
String |
Definition: Traffic direction of a traffic mirror filter rule. Range:
|
source_cidr_block |
String |
Definition: Source of a traffic mirror filter rule. Range:
|
destination_cidr_block |
String |
Definition: Destination of a traffic mirror filter rule. Range:
|
source_port_range |
String |
Definition: Source port range of a traffic mirror filter rule. Range:
|
destination_port_range |
String |
Definition: Destination port range of a traffic mirror filter rule. Range:
|
ethertype |
String |
Definition: IP address version. Range: IPv4 or IPv6 |
protocol |
String |
Definition: Network protocol type. Range:
|
action |
String |
Definition: Action of a traffic mirror filter rule. Range:
|
priority |
Integer |
Definition: Priority of a traffic mirror filter rule. Range: The value is from 1 to 65535. A smaller value indicates a higher priority. |
created_at |
String |
Definition: Time when a traffic mirror filter rule was created. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ. |
updated_at |
String |
Definition: Time when a traffic mirror filter rule was updated. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ. |
Example Requests
Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.
POST http://{endpoint}/v3/{project_id}/vpc/traffic-mirror-filter-rules { "traffic_mirror_filter_rule" : { "traffic_mirror_filter_id" : "417d7317-6c17-4428-a0f3-997d3e2293a0", "ethertype" : "ipv4", "direction" : "ingress", "protocol" : "ICMP", "source_cidr_block" : "192.168.0.0/24", "action" : "accept", "priority" : 29 } }
Example Responses
Status code: 201
Created
{ "request_id" : "8dec5453-1690-4378-a976-40ba5e6d62ff", "traffic_mirror_filter_rule" : { "created_at" : "2023-03-22T07:07:55.000+00:00", "updated_at" : "2023-03-22T07:07:55.000+00:00", "id" : "1be5f64b-49a1-427d-a49e-9619cfb0492c", "project_id" : "7365fcd452924e398ec4cc1fe39c0d12", "description" : "", "traffic_mirror_filter_id" : "417d7317-6c17-4428-a0f3-997d3e2293a0", "direction" : "ingress", "protocol" : "ICMP", "ethertype" : "IPv4", "source_cidr_block" : "192.168.0.0/24", "action" : "accept", "priority" : 29 } }
SDK Sample Code
The SDK sample code is as follows.
Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpc.v3.region.VpcRegion; import com.huaweicloud.sdk.vpc.v3.*; import com.huaweicloud.sdk.vpc.v3.model.*; public class CreateTrafficMirrorFilterRuleSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcClient client = VpcClient.newBuilder() .withCredential(auth) .withRegion(VpcRegion.valueOf("<YOUR REGION>")) .build(); CreateTrafficMirrorFilterRuleRequest request = new CreateTrafficMirrorFilterRuleRequest(); CreateTrafficMirrorFilterRuleRequestBody body = new CreateTrafficMirrorFilterRuleRequestBody(); CreateTrafficMirrorFilterRuleOption trafficMirrorFilterRulebody = new CreateTrafficMirrorFilterRuleOption(); trafficMirrorFilterRulebody.withTrafficMirrorFilterId("417d7317-6c17-4428-a0f3-997d3e2293a0") .withDirection("ingress") .withProtocol("ICMP") .withEthertype("ipv4") .withSourceCidrBlock("192.168.0.0/24") .withAction("accept") .withPriority(29); body.withTrafficMirrorFilterRule(trafficMirrorFilterRulebody); request.withBody(body); try { CreateTrafficMirrorFilterRuleResponse response = client.createTrafficMirrorFilterRule(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpc.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateTrafficMirrorFilterRuleRequest() trafficMirrorFilterRulebody = CreateTrafficMirrorFilterRuleOption( traffic_mirror_filter_id="417d7317-6c17-4428-a0f3-997d3e2293a0", direction="ingress", protocol="ICMP", ethertype="ipv4", source_cidr_block="192.168.0.0/24", action="accept", priority=29 ) request.body = CreateTrafficMirrorFilterRuleRequestBody( traffic_mirror_filter_rule=trafficMirrorFilterRulebody ) response = client.create_traffic_mirror_filter_rule(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpc.NewVpcClient( vpc.VpcClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateTrafficMirrorFilterRuleRequest{} sourceCidrBlockTrafficMirrorFilterRule:= "192.168.0.0/24" trafficMirrorFilterRulebody := &model.CreateTrafficMirrorFilterRuleOption{ TrafficMirrorFilterId: "417d7317-6c17-4428-a0f3-997d3e2293a0", Direction: "ingress", Protocol: "ICMP", Ethertype: "ipv4", SourceCidrBlock: &sourceCidrBlockTrafficMirrorFilterRule, Action: "accept", Priority: int32(29), } request.Body = &model.CreateTrafficMirrorFilterRuleRequestBody{ TrafficMirrorFilterRule: trafficMirrorFilterRulebody, } response, err := client.CreateTrafficMirrorFilterRule(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
201 |
Created |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot