文档中心

专有网络VPC API参考手册

最近更新时间：2023-04-16 17:00:00

5 网络 ACL 管理

5.1 CreateAcl

调用 CreateAcl 接口创建一个网络 ACL 组。

5.1.1 使用说明

POST http://{endpoint}/vpc/v1.0/networkacls

调用该接口创建网络 ACL 时，请注意：

• 网络 ACL 没有任何规则时，默认拒绝所有的访问，直至添加规则（默认规则）。

• 网络 ACL 可以关联多个子网，但一个子网同一时间只能关联一个子网 ACL。

• 在网络 ACL 中添加、删除规则或更改规则后，会直接自动作用到与其绑定的交换机。

• 网络 ACL 与交换机绑定后，不过滤同一交换机内的 ECS 之间的流量。

5.1.2 请求参数

5.1.3 返回数据

5.1.4 示例

1. 请求示例

POST http://{endpoint}/vpc/v1.0/networkacls

{

"NetworkAclName":"openapi-test-acl",

"VpcId":"vpc-1613tz2rk1",

"Description":"openapi-test"

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c",

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl",

"VpcId": "vpc-1613tz2rk1",

"Description": "vpc-1613tz2rk1",

"SubnetIds": null,

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-02-28 19:14:34"

}

5.2 DeleteAcl

调用 DeleteAcl 接口删除一个网络 ACL 组。

5.2.1 使用说明

DELETE http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

调用该接口删除网络 ACL 时，请注意：网络 ACL 已经关联子网，请先解除子网关联再进行删除。

5.2.2 请求参数

5.2.3 返回数据

5.2.4 示例

1. 请求示例

DELETE http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4553c4897137c1a2988b1a7558d65541"

}

5.3 ModifyAcl

调用 ModifyAcl 接口删除一个网络 ACL 组。

5.3.1 使用说明

PUT http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

5.3.2 请求参数

5.3.3 返回数据

5.3.4 示例

1. 请求示例

PUT http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

{

"NetworkAclName":"openapi-test-acl111",

"Description": "New description"

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c"

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl111",

"VpcId": "vpc-1613tz2rk1",

"Description": "New description",

"SubnetIds": null,

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-02-28 19:27:51"

}

5.4 AssociateSubnet

调用 AssociateSubnet 接口将子网关联网络 ACL 组。

5.4.1 使用说明

PUT http://{endpoint}/vpc/v1.0/networkacls/associate/{network_acl_id}

调用该接口将子网关联网络 ACL 组时，请注意：同一子网在同一时刻只能关联一个 ACL。

5.4.2 请求参数

5.4.3 返回数据

5.4.4 示例

1. 请求示例

PUT http://{endpoint}/vpc/v1.0/networkacls/associate/{network_acl_id}

{

"SubnetIds": ["snet-ozjx9dy782"]

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c"

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl111",

"VpcId": "vpc-1613tz2rk1",

"Description": "New description",

"SubnetIds": [

"snet-ozjx9dy782"

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-03-01 11:27:41"

}

5.5 UnAssociateSubnet

调用 UnAssociateSubnet 接口将子网与网络 ACL 组解关联。

5.5.1 使用说明

PUT http://{endpoint}/vpc/v1.0/networkacls/unassociate/{network_acl_id}

5.5.2 请求参数

5.5.3 返回数据

5.5.4 示例

1. 请求示例

PUT http://{endpoint}/vpc/v1.0/networkacls/unassociate/{network_acl_id}

{

"SubnetIds": ["snet-ozjx9dy782"]

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c"

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl111",

"VpcId": "vpc-1613tz2rk1",

"Description": "New description",

"SubnetIds": null,

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-03-01 11:27:41"

}

5.6 GetAclDetail

调用 GetAclDetail 接口获取网络 ACL 组详情。

5.6.1 使用说明

GET http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

5.6.2 请求参数

5.6.3 返回数据

5.6.4 示例

1. 请求示例

GET http://{endpoint}/vpc/v1.0/networkacls/{network_acl_id}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c"

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl111",

"VpcId": "vpc-1613tz2rk1",

"Description": "New description",

"SubnetIds": null,

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-03-01 11:27:41"

}

5.7 GetAclList

调用 GetAclList 接口获取网络 ACL 组列表。

5.7.1 使用说明

GET http://{endpoint}/vpc/v1.0/networkacls?PageNumber=1&PageSize=10&VpcId=vpc-xxx

5.7.2 请求参数

5.7.3 返回数据

5.7.4 示例

1. 请求示例

GET http://{endpoint}/vpc/v1.0/networkacls?PageNumber=1&PageSize=10&VpcId=vpc-xxx

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"NetworkAcls": [

{

"NetworkAclId": "acl-17zxux1aas",

"TenantId": "210512011001110",

"Name": "openapi-test-acl",

"VpcId": "vpc-1613tz2rk1",

"Description": "vpc-1613tz2rk1",

"SubnetIds": null,

"CreatedAt": "2022-02-28 19:14:34",

"UpdatedAt": "2022-02-28 19:14:34"

}

"PageNumber": 1,

"PageSize": 10,

"RequestId": "4b880158e26c95699c59dd15f786537c",

"TotalCount": 1

}

5.8 CreateAclRule

调用 CreateAclRule 接口创建一个网络 ACL 规则。

5.8.1 使用说明

POST http://{endpoint}/vpc/v1.0/networkaclrules

5.8.2 请求参数

5.8.3 返回数据

5.8.4 示例

1. 请求示例

POST http://{endpoint}/vpc/v1.0/networkaclrules

{

"NetworkAclId": "acl-17zxux1aas",

"NetworkAclRuleName": "openapi-test-acl-rule",

"Description": "openapi-test-acl-rule description",

"Direction": "ingress",

"Policy": "allow",

"Protocol": "icmp",

"SourceIpAddress": "0.0.0.0/0",

"SourcePort": "-1/-1",

"DestinationIpAddress": "0.0.0.0/0",

"DestinationPort": "-1/-1",

"EtherType": "ipv4

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c",

"NetworkAclRuleId": "aclr-5j1pzq6v2o",

"NetworkAclId": "acl-17zxux1aas",

"NetworkAclRuleName": "openapi-test-acl-rule",

"Description": "openapi-test-acl-rule description",

"Direction": "ingress",

"Policy": "allow",

"Protocol": "icmp",

"SourceIpAddress": "0.0.0.0/0",

"SourcePort": "-1/-1",

"DestinationIpAddress": "0.0.0.0/0",

"DestinationPort": "-1/-1",

"EtherType": "ipv4",

"RuleType": "custom",

"Priority": 1,

"CreatedAt": "2022-03-01 11:08:53",

"UpdatedAt": "2022-03-01 11:08:53"

}

5.9 DeleteAclRule

调用 DeleteAclRule 接口删除一个网络 ACL 规则。

5.9.1 使用说明

DELETE http://{endpoint}/vpc/v1.0/networkaclrules/{network_acl_rule_id}

5.9.2 请求参数

5.9.3 返回数据

5.9.4 示例

1. 请求示例

DELETE http://{endpoint}/vpc/v1.0/networkaclrules/{network_acl_rule_id}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4553c4897137c1a2988b1a7558d65541"

}

5.10 ModifyAclRule

调用 ModifyAclRule 接口修改网络 ACL 规则。

5.10.1 使用说明

PUT http://{endpoint}/vpc/v1.0/networkaclrules/{network_acl_rule_id}

5.10.2 请求参数

5.10.3 返回数据

5.10.4 示例

1. 请求示例

PUT http://{endpoint}/vpc/v1.0/networkaclrules/aclr-17zxux1aas

{

"NetworkAclRuleName": "openapi-test-acl-rule-111",

"Description": "openapi-test-acl-rule description",

"Policy": "drop",

"DestinationIpAddress": "8.8.8.8"

}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c",

"NetworkAclRuleId": "aclr-17zxux1aas",

"NetworkAclId": "acl-27zxux1abv",

"NetworkAclRuleName": "openapi-test-acl-rule-111",

"Description": "openapi-test-acl-rule description",

"Direction": "ingress",

"Policy": "drop",

"Protocol": "tcp",

"SourceIpAddress": "0.0.0.0/0",

"SourcePort": "-1/-1",

"DestinationIpAddress": "8.8.8.8",

"DestinationPort": "-1/-1",

"EtherType": "ipv4",

"RuleType": "custom",

"Priority": 1,

"CreatedAt": "2022-03-01 11:08:53",

"UpdatedAt": "2022-03-01 11:08:53"

}

5.11 AclRuleDetail

调用 GetAclRuleDetail 接口获取一个网络 ACL 规则详情。

5.11.1 使用说明

GET http://{endpoint}/vpc/v1.0/networkaclrules/{network_acl_rule_id}

5.11.2 请求参数

5.11.3 返回数据

5.11.4 示例

1. 请求示例

GET http://{endpoint}/vpc/v1.0/networkaclrules/{network_acl_rule_id}

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"RequestId": "4b880158e26c95699c59dd15f786537c",

"NetworkAclRuleId": "aclr-17zxux1aas",

"NetworkAclId": "acl-17zxux1aas",

"NetworkAclRuleName": "openapi-test-acl-rule-111",

"Description": "openapi-test-acl-rule description",

"Direction": "ingress",

"Policy": "drop",

"Protocol": "icmp",

"SourceIpAddress": "0.0.0.0/0",

"SourcePort": "-1/-1",

"DestinationIpAddress": "8.8.8.8",

"DestinationPort": "-1/-1",

"EtherType": "ipv4",

"RuleType": "custom",

"Priority": 1,

"CreatedAt": "2022-03-01 11:08:54",

"UpdatedAt": "2022-03-01 11:28:42"

}

5.12 GetAclRuleList

调用 GetAclRuleList 接口获取一个网络 ACL 规则列表。

5.12.1 使用说明

GET http://{endpoint}/vpc/v1.0/networkaclrules&PageNumber=1&PageSize=10

5.12.2 请求参数

5.12.3 返回数据

5.12.4 示例

1. 请求示例

GET http://{endpoint}/vpc/v1.0/networkaclrules&PageNumber=1&PageSize=10

2. 正常返回示例

HTTP/1.1 200 OK

Content-Type:application/json

{

"NetworkAclRules": [

{

"NetworkAclRuleId": "aclr-5j1pzq6v2o",

"NetworkAclId": "acl-17zxux1aas",

"NetworkAclRuleName": "openapi-test-acl-rule",

"Description": "openapi-test-acl-rule description",

"Direction": "ingress",

"Policy": "allow",

"Protocol": "icmp",

"SourceIpAddress": "0.0.0.0/0",

"SourcePort": "-1/-1",

"DestinationIpAddress": "0.0.0.0/0",

"DestinationPort": "-1/-1",

"EtherType": "ipv4",

"RuleType": "custom",

"Priority": 1,

"CreatedAt": "2022-03-01 11:08:54",

"UpdatedAt": "2022-03-01 11:08:54"

}

"PageNumber": 1,

"PageSize": 10,

"RequestId": "0bd4381e6813b06d99a148eb36c43bff",

"TotalCount": 1

}

意见反馈

文档内容是否对您有帮助？

如您有其他疑问，您也可以通过在线客服来与我们联系探讨在线客服