Creating a Network ACL

Function

This API is used to create a network ACL.

URI

POST /v3/{project_id}/vpc/firewalls

Table 1 Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request body parameters
Parameter	Mandatory	Type	Description
firewall	Yes	CreateFirewallOption object	Request body for creating a network ACL.
dry_run	No	Boolean	Whether to only send the check request. The value can be one of the following: true: A check request will be sent and the network ACL will not be created. Check items include mandatory parameters, request format, and constraints. If the check fails, the system returns an error. If the check succeeds, response code 202 will be returned. false (default value): A request will be sent and a network ACL will be created.

Table 3 CreateFirewallOption
Parameter	Mandatory	Type	Description
name	Yes	String	Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	No	String	Description about the network ACL. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >).
enterprise_project_id	No	String	ID of the enterprise project that is associated with the network ACL. The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.
tags	No	Array of ResourceTag objects	Network ACL resource tags.
admin_state_up	No	Boolean	Whether a network ACL is enabled. The default value is true. The value can be true (enabled) or false (disabled).

Table 4 ResourceTag
Parameter	Mandatory	Type	Description
key	Yes	String	Tag key Tag keys must be unique for each resource. Minimum: 1 Maximum: 128
value	Yes	String	Tag value. Maximum: 255

Response Parameters

Status code: 201

Table 5 Response body parameters
Parameter	Type	Description
firewall	FirewallDetail object	Response body for creating a network ACL.
request_id	String	Request ID.

Table 6 FirewallDetail
Parameter	Type	Description
id	String	The unique ID of a network ACL. The value is a string in UUID format.
name	String	Network ACL name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	String	Description about the network ACL. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >).
project_id	String	ID of the project that is associated with the network ACL.
created_at	String	Time when a network ACL is created. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.
updated_at	String	Time when the network ACL was last updated. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss, which is automatically generated by the system.
admin_state_up	Boolean	Whether a network ACL is enabled. The value can be true (enabled) or false (disabled).
status	String	Network ACL status.
enterprise_project_id	String	ID of the enterprise project that is associated with the network ACL. The project ID can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.
tags	Array of ResourceTag objects	Network ACL tags.
associations	Array of FirewallAssociation objects	Subnets that are associated with a network ACL.
ingress_rules	Array of FirewallRuleDetail objects	Inbound network ACL rules.
egress_rules	Array of FirewallRuleDetail objects	Outbound network ACL rules.

Table 7 ResourceTag
Parameter	Type	Description
key	String	Tag key Tag keys must be unique for each resource. Minimum: 1 Maximum: 128
value	String	Tag value. Maximum: 255

Table 8 FirewallAssociation
Parameter	Type	Description
virsubnet_id	String	IDs of subnets that are associated with a network ACL.

Table 9 FirewallRuleDetail
Parameter	Type	Description
id	String	Network ACL rule ID, which uniquely identifies a network ACL rule. The value is a string in UUID format.
name	String	Network ACL rule name. The value can contain no more than 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
description	String	Description about the network ACL rule. The value can contain no more than 255 characters. The value cannot contain angle brackets (< or >).
action	String	Whether a network ACL rule allows or denies traffic. allow indicates traffic is allowed and deny that traffic is denied.
project_id	String	ID of the project that is associated with a network ACL rule.
protocol	String	Network ACL rule protocol. The value can be tcp, udp, icmp, icmpv6, or an IP protocol number (0–255).
ip_version	Integer	IP version of a network ACL rule. The value can be 4 (IPv4) or 6 (IPv6).
source_ip_address	String	Source IP address or CIDR block of a network ACL rule. source_ip_address and source_address_group_id cannot be specified at the same time.
destination_ip_address	String	Destination IP address or CIDR block of a network ACL rule. destination_ip_address and destination_address_group_id cannot be specified at the same time.
source_port	String	Source ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The maximum number of port entries is 20 by default.
destination_port	String	Destination ports of a network ACL rule. You can specify a single port or a port range. Separate every two entries with a comma. The maximum number of port entries is 20 by default.
source_address_group_id	String	Source IP address group ID of a network ACL rule. source_ip_address and source_address_group_id cannot be specified at the same time.
destination_address_group_id	String	Destination IP address group ID of a network ACL rule. destination_ip_address and destination_address_group_id cannot be specified at the same time.
enabled	Boolean	Whether to enable a network ACL rule. true means to enable the network ACL rule and false means to disable the network ACL rule. The default value is true.

Example Requests

Create a network ACL named network_acl_test1.

POST https://{Endpoint}/v3/{project_id}/vpc/firewalls

{
  "firewall" : {
    "name" : "network_acl_test1",
    "description" : "network_acl_test1",
    "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9"
  }
}

Example Responses

Status code: 201

Normal response to the POST operation. For more status codes, see Status Codes.

{
  "firewall" : {
    "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
    "name" : "network_acl_test1",
    "description" : "network_acl_test1",
    "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
    "created_at" : "2022-04-07T07:30:46.000+00:00",
    "updated_at" : "2022-04-07T07:30:46.000+00:00",
    "admin_state_up" : true,
    "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9",
    "status" : "ACTIVE",
    "tags" : [ ],
    "ingress_rules" : [ ],
    "egress_rules" : [ ],
    "associations" : [ ]
  }
}

Status Codes

Status Code	Description
201	Normal response to the POST operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.

Parent topic: Network ACL

Предыдущая статья

Network ACL

Следующая статья

Querying Network ACLs

Была ли эта статья полезна?

Поддержка Юридические документы