Creating a Traffic Mirror Filter Rule

Function

This API is used to create a traffic mirror filter rule.

Calling Method

For details, see Calling APIs.

URI

POST /v3/{project_id}/vpc/traffic-mirror-filter-rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
traffic_mirror_filter_rule	Yes	CreateTrafficMirrorFilterRuleOption object	Traffic mirror filter rule.

**Table 3** CreateTrafficMirrorFilterRuleOption
Parameter	Mandatory	Type	Description
description	No	String	Description of a traffic mirror filter rule. The value can contain no more than 255 characters and cannot contain angle brackets (< or >).
traffic_mirror_filter_id	Yes	String	Traffic mirror filter ID.
direction	Yes	String	Traffic direction. The value can be ingress or egress.
protocol	Yes	String	Protocol of the mirrored traffic. The value can be TCP, UDP, ICMP, ICMPV6, or ALL.
ethertype	Yes	String	IP address version of the mirrored traffic. The value can be IPv4 or IPv6.
source_cidr_block	No	String	Source CIDR block of the mirrored traffic.
destination_cidr_block	No	String	Destination CIDR block of the mirrored traffic.
source_port_range	No	String	Source port range. Value range: 1-65535 Format: 80-200
destination_port_range	No	String	Destination port range. Value range: 1-65535 Format: 80-200
action	Yes	String	Whether to accept or reject traffic. The value can be accept or reject.
priority	Yes	Integer	Mirror filter rule priority. Value range: 1-65535. A smaller value indicates a higher priority.

Response Parameters

Status code: 201

**Table 4** Response body parameters
Parameter	Type	Description
traffic_mirror_filter_rule	TrafficMirrorFilterRule object	Definition: Response body for querying details about a traffic mirror filter rule. Range: N/A
request_id	String	Definition: Request ID. Range: N/A

**Table 5** TrafficMirrorFilterRule
Parameter	Type	Description
id	String	Definition: ID of a traffic mirror filter rule. Range: N/A
project_id	String	Definition: ID of the project that a traffic mirror filter rule belongs to. Range: N/A
description	String	Definition: Description of a traffic mirror filter rule. Range: The value can contain 0 to 255 characters and cannot contain angle brackets (< or >).
traffic_mirror_filter_id	String	Definition: ID of the traffic mirror filter that a traffic mirror filter rule belongs to. Range: N/A
direction	String	Definition: Traffic direction of a traffic mirror filter rule. Range: ingress: inbound traffic egress: outbound traffic
source_cidr_block	String	Definition: Source of a traffic mirror filter rule. Range: Single IP address: IP address/subnet mask. For example, 192.168.10.10/32 for a single IPv4 address or 2002:50::44/128 for a single IPv6 address. CIDR block: IP address/subnet mask. For example, 192.168.52.0/24 for an IPv4 CIDR block or 2407:c080:802:469::/64 for an IPv6 CIDR block. All IP addresses: 0.0.0.0/0 indicates all IPv4 addresses, and ::/0 indicates all IPv6 addresses.
destination_cidr_block	String	Definition: Destination of a traffic mirror filter rule. Range: Single IP address: IP address/subnet mask. For example, 192.168.10.10/32 for a single IPv4 address or 2002:50::44/128 for a single IPv6 address. CIDR block: IP address/subnet mask. For example, 192.168.52.0/24 for an IPv4 CIDR block or 2407:c080:802:469::/64 for an IPv6 CIDR block. All IP addresses: 0.0.0.0/0 indicates all IPv4 addresses, and ::/0 indicates all IPv6 addresses.
source_port_range	String	Definition: Source port range of a traffic mirror filter rule. Range: Port range: 1 to 65535 Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
destination_port_range	String	Definition: Destination port range of a traffic mirror filter rule. Range: Port range: 1 to 65535 Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
ethertype	String	Definition: IP address version. Range: IPv4 or IPv6
protocol	String	Definition: Network protocol type. Range: TCP: If you select TCP, you can customize the source and destination port ranges. UDP: If you select UDP, you can customize the source and destination port ranges. ICMP: If you set IP address version to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default. ICMPV6: If you set IP address version to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default. ALL: If you select ALL, all network protocols are supported and all ports are specified for source and destination port ranges by default.
action	String	Definition: Action of a traffic mirror filter rule. Range: accept reject
priority	Integer	Definition: Priority of a traffic mirror filter rule. Range: The value is from 1 to 65535. A smaller value indicates a higher priority.
created_at	String	Definition: Time when a traffic mirror filter rule was created. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.
updated_at	String	Definition: Time when a traffic mirror filter rule was updated. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.

Example Requests

Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.

POST http://{endpoint}/v3/{project_id}/vpc/traffic-mirror-filter-rules

{
  "traffic_mirror_filter_rule" : {
    "traffic_mirror_filter_id" : "417d7317-6c17-4428-a0f3-997d3e2293a0",
    "ethertype" : "ipv4",
    "direction" : "ingress",
    "protocol" : "ICMP",
    "source_cidr_block" : "192.168.0.0/24",
    "action" : "accept",
    "priority" : 29
  }
}

Example Responses

Status code: 201

Created

{
  "request_id" : "8dec5453-1690-4378-a976-40ba5e6d62ff",
  "traffic_mirror_filter_rule" : {
    "created_at" : "2023-03-22T07:07:55.000+00:00",
    "updated_at" : "2023-03-22T07:07:55.000+00:00",
    "id" : "1be5f64b-49a1-427d-a49e-9619cfb0492c",
    "project_id" : "7365fcd452924e398ec4cc1fe39c0d12",
    "description" : "",
    "traffic_mirror_filter_id" : "417d7317-6c17-4428-a0f3-997d3e2293a0",
    "direction" : "ingress",
    "protocol" : "ICMP",
    "ethertype" : "IPv4",
    "source_cidr_block" : "192.168.0.0/24",
    "action" : "accept",
    "priority" : 29
  }
}

SDK Sample Code

The SDK sample code is as follows.

Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;


public class CreateTrafficMirrorFilterRuleSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateTrafficMirrorFilterRuleRequest request = new CreateTrafficMirrorFilterRuleRequest();
        CreateTrafficMirrorFilterRuleRequestBody body = new CreateTrafficMirrorFilterRuleRequestBody();
        CreateTrafficMirrorFilterRuleOption trafficMirrorFilterRulebody = new CreateTrafficMirrorFilterRuleOption();
        trafficMirrorFilterRulebody.withTrafficMirrorFilterId("417d7317-6c17-4428-a0f3-997d3e2293a0")
            .withDirection("ingress")
            .withProtocol("ICMP")
            .withEthertype("ipv4")
            .withSourceCidrBlock("192.168.0.0/24")
            .withAction("accept")
            .withPriority(29);
        body.withTrafficMirrorFilterRule(trafficMirrorFilterRulebody);
        request.withBody(body);
        try {
            CreateTrafficMirrorFilterRuleResponse response = client.createTrafficMirrorFilterRule(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateTrafficMirrorFilterRuleRequest()
        trafficMirrorFilterRulebody = CreateTrafficMirrorFilterRuleOption(
            traffic_mirror_filter_id="417d7317-6c17-4428-a0f3-997d3e2293a0",
            direction="ingress",
            protocol="ICMP",
            ethertype="ipv4",
            source_cidr_block="192.168.0.0/24",
            action="accept",
            priority=29
        )
        request.body = CreateTrafficMirrorFilterRuleRequestBody(
            traffic_mirror_filter_rule=trafficMirrorFilterRulebody
        )
        response = client.create_traffic_mirror_filter_rule(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

Add a traffic mirror filter rule in the inbound direction to the traffic mirror filter with ID of 417d7317-6c17-4428-a0f3-997d3e2293a0 and with source CIDR of 192.168.0.0/24.

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateTrafficMirrorFilterRuleRequest{}
	sourceCidrBlockTrafficMirrorFilterRule:= "192.168.0.0/24"
	trafficMirrorFilterRulebody := &model.CreateTrafficMirrorFilterRuleOption{
		TrafficMirrorFilterId: "417d7317-6c17-4428-a0f3-997d3e2293a0",
		Direction: "ingress",
		Protocol: "ICMP",
		Ethertype: "ipv4",
		SourceCidrBlock: &sourceCidrBlockTrafficMirrorFilterRule,
		Action: "accept",
		Priority: int32(29),
	}
	request.Body = &model.CreateTrafficMirrorFilterRuleRequestBody{
		TrafficMirrorFilterRule: trafficMirrorFilterRulebody,
	}
	response, err := client.CreateTrafficMirrorFilterRule(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     