Why Does a Protection Rule Not Take Effect?
All Traffic Is Allowed Even If a Rule Is Configured to Allow Only Several EIPs
After EIP protection is enabled on CFW, the access control policy allows all traffic by default. If you want to allow traffic of only several EIPs, you need to configure a protection rule to block all traffic and set the lowest priority.
- Log in to the management console.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation pane, choose Internet Borders or Inter-VPC Borders tab. . The Access Policies page is displayed. Click the
- Configure a global blocking rule. Click Add Rule. Use the parameter settings shown below and configure other parameters as needed.
- Direction: Inbound
- Source: Any
- Destination: Any
- Service: Any
- Application: Any
- Action: Block
You are advised to enable the rules after adding all required ones.
- Configure an allow rule. For details about how to add a protection rule, see Adding Protection Rules to Block or Allow Traffic.
- Set the priority of the global blocking rule in the 5 to the lowest. For details, see Adjusting the Priority of a Protection Rule.
- Enable all rules. You are advised to enable the allow rules prior to the blocking rules.
Blocked IP Addresses Are Still Allowed Through Even If a Global Blocking Rule Is Configured
The EIP protection rules configured on CFW are applied based on the EIP management list. If you have enabled global blocking (0.0.0.0/0) but the traffic of EIPs not in an allow rule is allowed through, check whether the EIPs are protected. For more information, see Enabling Internet Border Traffic Protection.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot