On this page

Function
Calling Method
URI
Request Parameters
Response Parameters
Example Requests
Example Responses
SDK Sample Code
Status Codes
Error Codes

Show all

Help Center/ Virtual Private Cloud/ API Reference/ VPC APIs (V3)/ Network ACL/ Deleting a Network ACL Rule

Deleting a Network ACL Rule

Updated on 2025-08-19 GMT+08:00

Online Debugging

CLI Examples

View PDF

Function

This API is used to delete a network ACL rule.

Calling Method

For details, see Calling APIs.

URI

PUT /v3/{project_id}/vpc/firewalls/{firewall_id}/remove-rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
firewall_id	Yes	String	Unique ID of a network ACL.
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
firewall	Yes	FirewallRemoveRuleOption object	Inbound or outbound network ACL rules to be deleted.

**Table 3** FirewallRemoveRuleOption
Parameter	Mandatory	Type	Description
ingress_rules	No	Array of FirewallRemoveRuleItemOption objects	Inbound network ACL rules to be deleted. ingress_rules and egress_rules cannot be specified at the same time.
egress_rules	No	Array of FirewallRemoveRuleItemOption objects	Outbound network ACL rules to be deleted. ingress_rules and egress_rules cannot be specified at the same time.

**Table 4** FirewallRemoveRuleItemOption
Parameter	Mandatory	Type	Description
id	Yes	String	ID of the network ACL rule to be deleted.

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
firewall	FirewallDetail object	Details after a network ACL rule is deleted.
request_id	String	Request ID.

**Table 6** FirewallDetail
Parameter	Type	Description
id	String	The unique ID of a network ACL. The value is a string in UUID format.
name	String	Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	String	Description about the network ACL. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >).
project_id	String	ID of the project that is associated with the network ACL.
created_at	String	Time when the network ACL was created. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.
updated_at	String	Time when the network ACL was last updated. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.
admin_state_up	Boolean	Whether a network ACL is enabled. The value can be true (enabled) or false (disabled).
status	String	Network ACL status.
enterprise_project_id	String	ID of the enterprise project that is associated with the network ACL. The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.
tags	Array of ResourceTag objects	Network ACL tags.
associations	Array of FirewallAssociation objects	Subnets that are associated with a network ACL.
ingress_rules	Array of FirewallRuleDetail objects	Inbound network ACL rules.
egress_rules	Array of FirewallRuleDetail objects	Outbound network ACL rules.

**Table 7** ResourceTag
Parameter	Type	Description
key	String	Tag key Tag keys must be unique for each resource. The value can contain 1 to 128 characters. Minimum: 1 Maximum: 128
value	String	Tag value. The value can contain no more than 255 characters Maximum: 255

**Table 8** FirewallAssociation
Parameter	Type	Description
virsubnet_id	String	IDs of subnets that are associated with a network ACL.

**Table 9** FirewallRuleDetail
Parameter	Type	Description
id	String	Network ACL rule ID, which uniquely identifies a network ACL rule. The value is a string in UUID format.
name	String	Network ACL rule name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	String	Description about the network ACL rule. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >).
action	String	Whether a network ACL rule allows or denies traffic. allow indicates traffic is allowed and deny indicates that traffic is denied.
project_id	String	ID of the project that is associated with a network ACL rule.
protocol	String	Network ACL rule protocol. The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255).
ip_version	Integer	IP version of a network ACL rule. The value can be 4 (IPv4) or 6 (IPv6).
source_ip_address	String	Source IP address or CIDR block of a network ACL rule. source_ip_address and source_address_group_id cannot be specified at the same time.
destination_ip_address	String	Destination IP address or CIDR block of a network ACL rule. destination_ip_address and destination_address_group_id cannot be specified at the same time.
source_port	String	Source ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The maximum number of port entries is 20 by default.
destination_port	String	Destination ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The maximum number of port entries is 20 by default.
source_address_group_id	String	Source IP address group ID of a network ACL rule. source_ip_address and source_address_group_id cannot be specified at the same time.
destination_address_group_id	String	Destination IP address group ID of a network ACL rule. destination_ip_address and destination_address_group_id cannot be specified at the same time.
enabled	Boolean	Whether to enable a network ACL rule. true means to enable the network ACL rule and false means to disable the network ACL rule. The default value is true.

Example Requests

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

PUT /v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/remove-rules

{
  "firewall" : {
    "ingress_rules" : [ {
      "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629"
    } ]
  }
}

Example Responses

Status code: 200

Normal response to the PUT operation. For more status codes, see Status Codes.

{
  "firewall" : {
    "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
    "name" : "network_acl_test1",
    "description" : "network_acl_test1",
    "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
    "created_at" : "2022-04-07T07:30:46.000+00:00",
    "updated_at" : "2022-04-07T07:30:46.000+00:00",
    "admin_state_up" : true,
    "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9",
    "status" : "ACTIVE",
    "tags" : [ ],
    "ingress_rules" : [ ],
    "egress_rules" : [ {
      "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629",
      "name" : "network_acl_rule test",
      "description" : "network_acl_rule test",
      "action" : "allow",
      "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
      "protocol" : "tcp",
      "ip_version" : 4,
      "source_ip_address" : "192.168.3.0/24",
      "destination_ip_address" : "192.168.6.0/24",
      "source_port" : "30-40,60-90",
      "destination_port" : "40-60,70-90"
    } ],
    "associations" : [ {
      "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143"
    } ]
  }
}

SDK Sample Code

The SDK sample code is as follows.

Java
Python
Go
More

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class RemoveFirewallRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        RemoveFirewallRulesRequest request = new RemoveFirewallRulesRequest();
        request.withFirewallId("{firewall_id}");
        RemoveFirewallRulesRequestBody body = new RemoveFirewallRulesRequestBody();
        List<FirewallRemoveRuleItemOption> listFirewallIngressRules = new ArrayList<>();
        listFirewallIngressRules.add(
            new FirewallRemoveRuleItemOption()
                .withId("e9a7731d-5bd9-4250-a524-b9a076fd5629")
        );
        FirewallRemoveRuleOption firewallbody = new FirewallRemoveRuleOption();
        firewallbody.withIngressRules(listFirewallIngressRules);
        body.withFirewall(firewallbody);
        request.withBody(body);
        try {
            RemoveFirewallRulesResponse response = client.removeFirewallRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      
     

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = RemoveFirewallRulesRequest()
        request.firewall_id = "{firewall_id}"
        listIngressRulesFirewall = [
            FirewallRemoveRuleItemOption(
                id="e9a7731d-5bd9-4250-a524-b9a076fd5629"
            )
        ]
        firewallbody = FirewallRemoveRuleOption(
            ingress_rules=listIngressRulesFirewall
        )
        request.body = RemoveFirewallRulesRequestBody(
            firewall=firewallbody
        )
        response = client.remove_firewall_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      
     

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.RemoveFirewallRulesRequest{}
	request.FirewallId = "{firewall_id}"
	var listIngressRulesFirewall = []model.FirewallRemoveRuleItemOption{
        {
            Id: "e9a7731d-5bd9-4250-a524-b9a076fd5629",
        },
    }
	firewallbody := &model.FirewallRemoveRuleOption{
		IngressRules: &listIngressRulesFirewall,
	}
	request.Body = &model.RemoveFirewallRulesRequestBody{
		Firewall: firewallbody,
	}
	response, err := client.RemoveFirewallRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      
     

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class RemoveFirewallRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        RemoveFirewallRulesRequest request = new RemoveFirewallRulesRequest();
        request.withFirewallId("{firewall_id}");
        RemoveFirewallRulesRequestBody body = new RemoveFirewallRulesRequestBody();
        List<FirewallRemoveRuleItemOption> listFirewallIngressRules = new ArrayList<>();
        listFirewallIngressRules.add(
            new FirewallRemoveRuleItemOption()
                .withId("e9a7731d-5bd9-4250-a524-b9a076fd5629")
        );
        FirewallRemoveRuleOption firewallbody = new FirewallRemoveRuleOption();
        firewallbody.withIngressRules(listFirewallIngressRules);
        body.withFirewall(firewallbody);
        request.withBody(body);
        try {
            RemoveFirewallRulesResponse response = client.removeFirewallRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      
     

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = RemoveFirewallRulesRequest()
        request.firewall_id = "{firewall_id}"
        listIngressRulesFirewall = [
            FirewallRemoveRuleItemOption(
                id="e9a7731d-5bd9-4250-a524-b9a076fd5629"
            )
        ]
        firewallbody = FirewallRemoveRuleOption(
            ingress_rules=listIngressRulesFirewall
        )
        request.body = RemoveFirewallRulesRequestBody(
            firewall=firewallbody
        )
        response = client.remove_firewall_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      
     

Delete the inbound rule whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629 from the network ACL whose ID is e9a7731d-5bd9-4250-a524-b9a076fd5629.

      
       
         
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.RemoveFirewallRulesRequest{}
	request.FirewallId = "{firewall_id}"
	var listIngressRulesFirewall = []model.FirewallRemoveRuleItemOption{
        {
            Id: "e9a7731d-5bd9-4250-a524-b9a076fd5629",
        },
    }
	firewallbody := &model.FirewallRemoveRuleOption{
		IngressRules: &listIngressRulesFirewall,
	}
	request.Body = &model.RemoveFirewallRulesRequestBody{
		Firewall: firewallbody,
	}
	response, err := client.RemoveFirewallRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      
     

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes


Status Code	Description
200	Normal response to the PUT operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.

Parent Topic: Network ACL

Previous topic: Inserting a Network ACL Rule

Next topic: Associating a Subnet with a Network ACL

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot