Облачная платформаAdvanced

Adding a Network ACL Rule

Язык статьи: Английский
Перевести

Scenarios

You can add inbound and outbound rules to a network ACL to control the traffic in and out of a subnet. Network ACL rules are matched in an ascending order, either by the system-generated rule numbers or those you define.

  • Adding a Network ACL Rule (Default Rule Numbers): Rules are matched in order of their number, starting with the lowest. The rule number is automatically assigned.

    As shown in Table 1, there are two custom inbound rules (rule A and rule B) and one default rule. The priority of rule A is 1 and that of rule B is 2. The default rule has the lowest priority. If rule C is added, the system sets its priority to 3, which has lower priority than rules A and B and higher priority than the default rule.

    Table 1 Default priorities

    Priority (Rules A and B)

    Priority (Rules A, B, and C)

    Custom rule A

    1

    Custom rule A

    1

    --

    --

    Custom rule B

    2

    Custom rule B

    2

    Custom rule C

    3

    Default rule

    *

    Default rule

    *

  • Adding a Network ACL Rule (Custom Rule Numbers): If you want a rule to be matched earlier or later than a specific rule, you can insert the rule above or below the specific rule.

    In Table 2, there are two custom inbound rules (rule A and rule B) and one default rule. The priority of rule A is 1 and that of rule B is 2. The default rule has the lowest priority. If you want rule C to be matched earlier than rule B, you can insert rule C above rule B. After rule C is added, the priority of rule C is 2, and that of rule B is 3.

    Table 2 Custom priorities

    Priority (Rules A and B)

    Priority (Rules A, B, and C)

    Custom rule A

    1

    Custom rule A

    1

    --

    --

    Custom rule C

    2

    Custom rule B

    2

    Custom rule B

    3

    Default rule

    *

    Default rule

    *

Adding a Network ACL Rule (Default Rule Numbers)

  1. Log in to the management console.
  1. Click in the upper left corner and choose Network > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  2. In the navigation pane on the left, choose Access Control > Network ACLs.

    The network ACL list is displayed.

  3. In the network ACL list, locate the target network ACL and click its name.

    The network ACL summary page is displayed.

  4. On the Inbound Rules or Outbound Rules tab, click Add Rule.

    The Add Inbound Rule or Add Outbound Rule dialog box is displayed.

  5. Configure required parameters.
    • Click to add more rules.
    • Locate the row that contains the network ACL rule and click Replicate in the Operation column to replicate an existing rule.
    Table 3 Parameter descriptions

    Parameter

    Description

    Example Value

    Type

    Network ACL type. There are two options:

    • IPv4
    • IPv6

    IPv4

    Action

    The action for the network ACL rule. There are two options:

    • Allow: allows matched traffic in and out of a subnet.
    • Deny: denies matched traffic in and out of a subnet.

    Allow

    Protocol

    The protocol supported by the network ACL to match traffic. The value can be TCP, UDP, or ICMP.

    TCP

    Source

    The source from which the traffic is allowed. The source can be an IP address, IP address range, or IP address group.

    Either the source or the destination can use the IP address group.

    • IP address:
      • Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/128 (IPv6)
      • All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
      • IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
    • IP address group: ipGroup-A

    192.168.0.0/24

    Source Port Range

    The source ports or port ranges used to match traffic. The value ranges from 1 to 65535.

    22-30

    Destination

    The destination to which the traffic is allowed. The destination can be an IP address, IP address range, or IP address group.

    Either the source or the destination can use the IP address group.

    • IP address:
      • Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/128 (IPv6)
      • All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
      • IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
    • IP address group: ipGroup-A

    0.0.0.0/0

    Destination Port Range

    The destination ports or port ranges used to match traffic. The value ranges from 1 to 65535.

    22-30

    Description

    Supplementary information about the network ACL rule. This parameter is optional.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    N/A

  6. Click OK.

    Return to the rule list to check the new rule.

Adding a Network ACL Rule (Custom Rule Numbers)

  1. Log in to the management console.
  1. Click in the upper left corner and choose Network > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  2. In the navigation pane on the left, choose Access Control > Network ACLs.

    The network ACL list is displayed.

  3. In the network ACL list, locate the target network ACL and click its name.

    The network ACL summary page is displayed.

  4. Click the Inbound Rules or Outbound Rules tab and insert a rule.
    • Locate the target rule and choose More > Insert Rule Above in the Operation column. The new rule will be matched earlier than the current rule.
    • Locate the target rule and choose More > Insert Rule Below in the Operation column. The new rule will be matched later than the current rule.
Предыдущая статья
Managing Network ACL Rules
Следующая статья
Modifying a Network ACL Rule
Поддержка Юридические документы
© 2026 Cloud.ru