Help Center/ Host Security Service/ User Guide/ Container Protection/ Container Firewalls/ Configuring a Network Defense Policy (for a VPC Network)
Updated on 2025-08-26 GMT+08:00
View PDF
Share

Configuring a Network Defense Policy (for a VPC Network)

Scenarios

If no network defense policies are configured for a pod, all traffic is allowed to enter and leave the pod by default. In this case, pods can communicate with each other and access the external network, which poses security risks.

This section describes how to configure network defense policies for clusters using the VPC network model to control the inbound and outbound traffic of nodes, thereby enhancing cluster network security.

Creating a Network Defense Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  1. In the navigation pane on the left, choose Container Protection > Container Firewalls.
  2. (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
  3. Click Synchronize above the cluster list to synchronize the policies created on clusters.

    The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.

    Figure 1 Synchronizing cluster policies

  1. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  2. In the Operation column of a node, click Configure Policy.
  3. In the displayed dialog box, click OK to go to the cloud server console.
  4. Click the Security Groups tab and view security group rules.
  5. Click Manage Rule. The security group page is displayed.
  6. Configure inbound and outbound rules.

    For details, see Adding a Security Group Rule.

Related Operations

Modifying or deleting a network defense policy

  1. (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
  2. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  3. Click Synchronize above the node list to synchronize node information.

    The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.

  4. In the Operation column of a node, click Configure Policy.
  5. In the displayed dialog box, click OK to go to the cloud server console.
  6. Click the Security Groups tab and view security group rules.
  7. Click Manage Rule. The security group page is displayed.
  8. Click a rule tab and manage rules as needed.

    • Modifying a rule

      In the Operation column of a rule, click Modify. Modify the rule and click OK.

    • Deleting a rule

      In the Operation column of a rule, click Delete. In the confirmation dialog box, click OK.

Parent Topic: Container Firewalls