/ DOCS
nav-img
Advanced

Modifying a Network ACL Rule

Scenarios

If a network ACL rule no longer meets your requirements, you can modify the port, protocol, and source/destination it.

Modifying rules may affect how and where traffic is directed. Be careful with this operation as it may interrupt services.

Notes and Constraints

Default network ACL rules cannot be modified or deleted.

Procedure

  1. Log in to the management console.
  1. Click in the upper left corner and choose Network > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  2. In the navigation pane on the left, choose Access Control > Network ACLs.

    The network ACL list is displayed.

  3. In the network ACL list, locate the target network ACL and click its name.

    The network ACL summary page is displayed.

  4. Click the Inbound Rules or Outbound Rules tab, locate the target rule, click Modify in the Operation column, and modify parameters based on Table 1.
    Table 1 Parameter descriptions

    Parameter

    Description

    Example Value

    Type

    Network ACL type. There are two options:

    • IPv4
    • IPv6

    IPv4

    Action

    The action for the network ACL rule. There are two options:

    • Allow: allows matched traffic in and out of a subnet.
    • Deny: denies matched traffic in and out of a subnet.

    Allow

    Protocol

    The protocol supported by the network ACL to match traffic. The value can be TCP, UDP, or ICMP.

    TCP

    Source

    The source from which the traffic is allowed. The source can be an IP address, IP address range, or IP address group.

    Either the source or the destination can use the IP address group.

    • IP address:
      • Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/128 (IPv6)
      • All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
      • IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
    • IP address group: ipGroup-A

    192.168.0.0/24

    Source Port Range

    The source ports or port ranges used to match traffic. The value ranges from 1 to 65535.

    22-30

    Destination

    The destination to which the traffic is allowed. The destination can be an IP address, IP address range, or IP address group.

    Either the source or the destination can use the IP address group.

    • IP address:
      • Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/128 (IPv6)
      • All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
      • IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
    • IP address group: ipGroup-A

    0.0.0.0/0

    Destination Port Range

    The destination ports or port ranges used to match traffic. The value ranges from 1 to 65535.

    22-30

    Description

    Supplementary information about the network ACL rule. This parameter is optional.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    N/A

  5. Click OK.
Предыдущая статья
Adding a Network ACL Rule
Следующая статья
Enabling or Disabling One or More Network ACL Rules
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru