Updated on 2023-12-13 GMT+08:00

VPC.FirewallRule

Element Description

The VPC.FirewallRule element can be used to create ACL rules for subnet access control.

Element Properties

Table 1 Property Description

Property

Required

Descripiton

enable

No

Whether to enable the ACL rule

Type: boolean

Value Description: Supports true and false.

Default: True

Suggestion: Set the value based on specifications and requirements.

protocol

No

Rule protocol

Type: string

Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used.

Suggestion: Set the value based on specifications and requirements.

description

No

ACL rule description

Type: string

sourceIpAddr

No

Source IP address or network segment

Type: string

Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16.

Suggestion: Set the value based on specifications and requirements.

destIpAddr

No

Destination IP address or network segment

Type: string

Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16.

Suggestion: Set the value based on specifications and requirements.

ipVersion

No

IP protocol version

Type: integer

Value Description: Supports 4.

Default: 4

Suggestion: You are advised to leave this parameter blank or set it to 4.

sourcePort

No

Source port number or range

Type: string

Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22.

Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22.

Suggestion: Set the value based on specifications and requirements.

action

No

Action to be performed on the traffic matching the ACL rule

Type: string

Value Description: Supports ALLOW, DENY, and REJECT.

Default: DENY

Suggestion: Set the value based on specifications and requirements.

destPort

No

Destination port number or range

Type: string

Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22.

Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22.

Suggestion: Set the value based on specifications and requirements.

name

No

ACL rule name

Type: string

Value Description: Supports customization.

Suggestion: Customize the value.

Relationships Between Elements

None.

Return Value

Property

Type

Description

refID

string

ACL rule ID

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
  name:
    default: my-firewall-rule
  protocol:
    default: TCP
  src-port:
    default: 80
  dest-port:
    default: 80
  src-ip:
    type: string
  dest-ip:
    type: string
  action:
    default: ALLOW
node_templates:
  my-rule:
    type: HuaweiCloud.VPC.FirewallRule
    properties:
      name: {get_input: name}
      protocol: {get_input: protocol}
      sourcePort: {get_input: src-port}
      destPort: {get_input: dest-port}
      ipVersion: 4
      sourceIpAddr: {get_input: src-ip}
      destIpAddr: {get_input: dest-ip}
      action: {get_input: action}
      enable: true