Creating a Network ACL
Scenarios
A security group protects the instances in it, such as ECSs, databases, and containers, while a network ACL protects associated subnets and all the instances in the subnets. Security groups are mandatory, while network ACLs are optional. If you want to add an additional layer of protection, you can create a network ACL and associate it with one or more subnets. Network ACLs and security groups can be used together for fine-grained and comprehensive access control.
Procedure
- Go to the network ACL list page.
- In the upper right corner of the network ACL list, click Create Network ACL.
- On the displayed page, configure the parameters as prompted.
Table 1 Parameter descriptions Parameter
Description
Example Value
Name
Mandatory
The network ACL name.
The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces.
fw-A
Enterprise Project
Mandatory
Enterprise project that the network ACL belongs to.
An enterprise project facilitates project-level management and grouping of cloud resources and users. The default project is default.
For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
default
Tag
Optional
When creating a network ACL, you can add tags to it to help you identify and search for given network ACLs.
Each cloud resource can have a maximum of 20 tags.
For details, see Table 2.
Tag key: test
Tag value: 01
Description
Supplementary information about the network ACL. This parameter is optional.
The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
N/A
Table 2 Network ACL naming requirements Parameter
Requirements
Example Value
Tag key
- For each resource, each tag key must be unique, and each tag key can have only one tag value.
- Cannot be left blank.
- Can contain a maximum of 128 characters.
- Can consist of letters, digits, underscores (_), and hyphens (-).
test
Tag value
- Can be left blank.
- Can contain a maximum of 256 characters.
- Can consist of letters, digits, underscores (_), periods (.), and hyphens (-).
01
- Click OK.
- Click OK.
Follow-up Operations
- A new network ACL comes with default inbound and outbound rules that deny all traffic in and out of associated subnets. You can add custom rules to allow traffic by referring to Adding a Network ACL Rule (Default Priorities) or Adding a Network ACL Rule (Custom Priorities). Traffic will preferentially match the custom rules.
- You need to associate the enabled network ACL with the subnets by referring to Associating Subnets with a Network ACL.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot