Help Center> Virtual Private Cloud> User Guide> Traffic Mirroring> Mirror Filters> Modifying an Inbound or Outbound Mirror Filter Rule
Updated on 2024-04-22 GMT+08:00
View PDF

Modifying an Inbound or Outbound Mirror Filter Rule

Scenarios

You can modify inbound and outbound rules of a mirror filter.

  • Inbound rules match the traffic received by a mirror source.
  • Outbound rules match the traffic sent by a mirror source.

Procedure

  1. Log in to the management console.
  1. Click in the upper left corner and select the desired region and project.
  2. Click in the upper left corner and choose Networking > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  3. In the navigation pane on the left, choose Traffic Mirroring > Mirror Filters.

    The mirror filter list page is displayed.

  4. Locate the row that contains the mirror filter and click the hyperlink in the Inbound and Outbound Rules column.

    The Inbound Rules tab page is displayed.

  5. In the inbound rule list, locate the row that contains the rule and click Modify in the Operation column.
    Table 1 Inbound rule parameter description

    Parameter

    Description

    Example Value

    Priority
    Priority of a mirror filter rule.
    • A priority value can be from 1 to 65535. A smaller value indicates a higher priority.
    • Priorities of inbound rules must be unique for each mirror filter.

    A mirror filter can contain multiple rules and the rules are matched in ascending order of priority.

    For details, see the matching process of mirror filter rules.

    1

    Protocol
    Select a network protocol.
    • If you select TCP, you can customize the source and destination port ranges.
    • If you select UDP, you can customize the source and destination port ranges.
    • If you set Type to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default.
    • If you set Type to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default.
    • If you select All, all network protocols are supported and all ports are specified for source and destination port ranges by default.

    TCP

    Action
    Whether to accept or reject inbound traffic of a mirror source.
    • If you set Action to Accept, the traffic will be mirrored to the mirror target.
    • If you set Action to Reject, the traffic will not be mirrored to the mirror target.

    Accept

    Type
    IP address version of inbound traffic. You can specify:
    • IPv4
    • IPv6

    IPv4

    Source
    Source of inbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    10.0.0.0/24

    Source Port Range
    Source port range of inbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    22-23

    Destination
    Destination of inbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    0.0.0.0/0

    Destination Port Range
    Destination port range of inbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    1-65535

    Description

    Enter the description of the mirror filter rule in the text box as required.

    -
  6. Click OK.

    You can view the modified inbound rule in the list.

  7. On the Outbound Rules tab page, locate the row that contains the rule in the outbound rule list and click Modify in the Operation column.
    Table 2 Outbound rule parameter description

    Parameter

    Description

    Example Value

    Priority
    Priority of a mirror filter rule.
    • A priority value can be from 1 to 65535. A smaller value indicates a higher priority.
    • Priorities of inbound rules must be unique for each mirror filter.

    A mirror filter can contain multiple rules and the rules are matched in ascending order of priority.

    For details, see the matching process of mirror filter rules.

    1

    Protocol
    Select a network protocol.
    • If you select TCP, you can customize the source and destination port ranges.
    • If you select UDP, you can customize the source and destination port ranges.
    • If you set Type to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default.
    • If you set Type to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default.
    • If you select All, all network protocols are supported and all ports are specified for source and destination port ranges by default.

    All

    Action
    Whether to accept or reject outbound traffic of a mirror source.
    • If you set Action to Accept, the traffic will be mirrored to the mirror target.
    • If you set Action to Reject, the traffic will not be mirrored to the mirror target.

    Reject

    Type
    IP address version of outbound traffic. You can specify:
    • IPv4
    • IPv6

    IPv4

    Source
    Source of outbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    192.168.0.0/24

    Source Port Range

    Source port range of outbound traffic.

    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    All

    Destination
    Destination of outbound traffic. You can enter:
    • A single IP address: IP address/mask

      Example IPv4 address: 192.168.10.10/32

      Example IPv6 address: 2002:50::44/128

    • An IP address range in CIDR notation: IP address/mask

      Example IPv4 address range: 192.168.52.0/24

      Example IPv6 address range: 2407:c080:802:469::/64

    • All IP addresses

      0.0.0.0/0 represents all IPv4 addresses.

      ::/0 represents all IPv6 addresses.

    10.2.0.0/24

    Destination Port Range
    Destination port range of outbound traffic.
    • Port range: 1 to 65535
    • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.
    • If not specified or 1-65535 is specified, all ports are used.

    All

    Description

    Enter the description of the mirror filter rule in the text box as required.

    -
  8. Click OK.

    You can view the modified outbound rule in the list.

Parent Topic: Mirror Filters