VPC.FirewallRule
Element Description
The VPC.FirewallRule element can be used to create ACL rules for subnet access control.
Element Properties
|
Property |
Required |
Descripiton |
|---|---|---|
|
enable |
No |
Whether to enable the ACL rule Type: boolean Value Description: Supports true and false. Default: True Suggestion: Set the value based on specifications and requirements. |
|
protocol |
No |
Rule protocol Type: string Value Description: Supports TCP, UDP, and ICMP. If this parameter is not specified, any protocol can be used. Suggestion: Set the value based on specifications and requirements. |
|
description |
No |
ACL rule description Type: string |
|
sourceIpAddr |
No |
Source IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
|
destIpAddr |
No |
Destination IP address or network segment Type: string Value Description: Needs to be configured based on requirements. For example, 198.168.0.0/16. Suggestion: Set the value based on specifications and requirements. |
|
ipVersion |
No |
IP protocol version Type: integer Value Description: Supports 4. Default: 4 Suggestion: You are advised to leave this parameter blank or set it to 4. |
|
sourcePort |
No |
Source port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
|
action |
No |
Action to be performed on the traffic matching the ACL rule Type: string Value Description: Supports ALLOW, DENY, and REJECT. Default: DENY Suggestion: Set the value based on specifications and requirements. |
|
destPort |
No |
Destination port number or range Type: string Value Description: Supports an integer between 1 and 65535 or a port number range, for example, 20:22. Value Constraint: The value must be an integer between 1 and 65535 or a port number range, for example, 20:22. Suggestion: Set the value based on specifications and requirements. |
|
name |
No |
ACL rule name Type: string Value Description: Supports customization. Suggestion: Customize the value. |
Relationships Between Elements
None.
Return Value
|
Property |
Type |
Description |
|---|---|---|
|
refID |
string |
ACL rule ID |
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
name:
default: my-firewall-rule
protocol:
default: TCP
src-port:
default: 80
dest-port:
default: 80
src-ip:
type: string
dest-ip:
type: string
action:
default: ALLOW
node_templates:
my-rule:
type: HuaweiCloud.VPC.FirewallRule
properties:
name: {get_input: name}
protocol: {get_input: protocol}
sourcePort: {get_input: src-port}
destPort: {get_input: dest-port}
ipVersion: 4
sourceIpAddr: {get_input: src-ip}
destIpAddr: {get_input: dest-ip}
action: {get_input: action}
enable: true
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
