/ DOCS
nav-img
Advanced

Creating a Network ACL Rule

Function

This API is used to create a network ACL rule.

URI

POST /v2.0/fwaas/firewall_rules

Request Parameters

Table 1 Request parameter

Parameter

Mandatory

Type

Description

firewall_rule

Yes

firewall_rule object

Specifies the firewall rule objects. For details, see Table 2.

Table 2 Firewall Rule objects

Attribute

Mandatory

Type

Constraint

Description

name

No

String

The value can contain a maximum of 255 characters.

Specifies the network ACL rule name.

The value can contain a maximum of 255 characters.

description

No

String

The value can contain a maximum of 255 characters.

Provides supplementary information about the network ACL rule.

The value can contain a maximum of 255 characters.

protocol

No

String

The value can be TCP, UDP, ICMPV6, or ICMP.

Specifies the IP protocol.

The value can be TCP, UDP, ICMPV6, or ICMP.

source_port

No

String

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

Specifies the source port number or port number range.

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

destination_port

No

String

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

Specifies the destination port number or port number range.

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

ip_version

No

Integer

4/6

Specifies the IP protocol version.

The value can be 4 and 6, indicating IPv4 address and IPv6 address, respectively.

source_ip_address

No

String

N/A

Specifies the source IP address or CIDR block.

destination_ip_address

No

String

N/A

Specifies the destination IP address or CIDR block.

action

No

String

deny/allow

Specifies action performed on traffic passing through the network ACL.

The value can be deny or allow.

enabled

No

Boolean

The value can be true or false.

Specifies whether the network ACL rule is enabled.

The value can be true or false.

Example Request

Create an ACL rule with action set to allow, protocol set to tcp, and destination port set to 80.

POST https://{Endpoint}/v2.0/fwaas/firewall_rules


{
    "firewall_rule": {
        "action": "allow", 
        "enabled": true, 
        "destination_port": "80", 
        "protocol": "tcp", 
        "name": "ALLOW_HTTP"
    }
}

Response Parameters

Table 3 Response parameter

Parameter

Type

Description

firewall_rule

firewall_rule object

Specifies the firewall rule objects. For details, see Table 4.

Table 4 Firewall Rule objects

Attribute

Type

Description

id

String

Specifies the UUID of the network ACL rule.

name

String

Specifies the network ACL rule name.

description

String

Provides supplementary information about the network ACL rule.

tenant_id

String

Specifies the project ID.

public

Boolean

Specifies whether the firewall rule can be shared by different tenants.

protocol

String

Specifies the IP protocol.

source_port

String

Specifies the source port number or port number range.

destination_port

String

Specifies the destination port number or port number range.

ip_version

Integer

Specifies the IP protocol version.

source_ip_address

String

Specifies the source IP address or CIDR block.

destination_ip_address

String

Specifies the destination IP address or CIDR block.

action

String

Specifies action performed on traffic passing through the network ACL.

enabled

Boolean

Specifies whether the network ACL rule is enabled.

project_id

String

Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Example Response

{
    "firewall_rule": {
        "protocol": "tcp", 
        "description": "", 
        "source_ip_address": null, 
        "destination_ip_address": null, 
        "source_port": null, 
        "destination_port": "80", 
        "id": "b94acf06-efc2-485d-ba67-a61acf2a7e28", 
        "name": "ALLOW_HTTP", 
        "tenant_id": "23c8a121505047b6869edf39f3062712", 
        "enabled": true, 
        "action": "allow", 
        "ip_version": 4, 
        "public": false,
        "project_id": "23c8a121505047b6869edf39f3062712"
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Parent topic: Network ACL
Предыдущая статья
Querying a Network ACL Rule
Следующая статья
Updating a Network ACL Rule
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru