CaaS Directions
createNetworkAcl is used to apply for firewall service. One VM can only apply for one set of firewall service. One set of firewall service contains many sets of firewall status setups.
CaaS Request Parameter
| Parameter | Directions | Note |
|---|---|---|
| instanceId |
Source VM Instance ID Type : String Default Value : No Whether it is plural : No |
|
| policyString |
List of Firewall Status Setup Type : String Default Value : No Whether it is plural : Yes |
The format is 1. TCP / UDP {seqNo};;{status};;{srcaddr};;{action};;{protocol};;{portStart}-{portEnd} 2. ICMP {seqNo};;{status};;{srcaddr};;{action};;ICMP 3. IP {seqNo};;{status};;{srcaddr};;{action};;IP;;{number} 4. Any {seqNo};;{status};;{srcaddr};;{action};;any (a).seqNo: Firewall status setup order, such as 1, 2 status: "1": Enable "0": Disable (b).srcaddr: Source IP / MASK If it is for all kinds of IP, please designate "all" (c).action: Action "accept": Accept "deny": Deny (d).protocol: Protocol "TCP": TCP protocol "UDP": UDP protocol (e).number: protocol number value is 1 ~ 254 Example 1:ICMP, 6:TCP, 17:UDP (f).portStart: The policy can pass low port. For example :3389 (g).portEnd: The policy can pass high port. For example :3389 Example: 1;;1;;1.0.0.0/8;;accept;;any 2;;1;;all;;accept;;TCP;;53-53 |
networkAclName (Not a necessary parameter) |
Firewall Name Type : String Default Value : No Whether it is plural : No |
|
businessTag |
Service category Type : String Default Value : No Whether it is plural : No |
CaaS cb168f20-c515-4e41-84cd-830dedfe7f49; CVPC a2931aa4-8751-4f09-8df3-bcc0d18f8b75; |
CaaS Response Parameter
| Parameter | Directions | Note |
|---|---|---|
requestId (Not a necessary parameter) |
Request ID Type : JSON value : string Whether it is plural : No |
It is automatically produced by the system |
| orderUuidList |
List of Order Number Type : JSON value : array Occasion : For order enquiries Whether it is plural : Yes |
string List |
CaaS Request Example
https://hws.hicloud.hinet.net/cloud_hws/api/hws/?action=createNetworkAcl
&instanceId=BV550100010004
&policyString=1;;1;;all;;deny;;TCP;;53-53
&policyString=2;;1;;all;;deny;;TCP;;21-21
&networkAclName=myNetworkAclName
&chtAuthType=hwspass
&version=${version}
&expires=${expires}
&accessKey=${accessKey}
&signature=${signature}
CaaS Response Example
{
"requestId": "xxxEXAMPLE",
"orderUuidList":["op32a2c9-7eda-4106-b1c7-clefgd5d7e84"]
}
CVPC Directions
createNetworkAcl is used to apply for firewall service. One set of firewall service contains many sets of firewall status setups.
CVPC Request Parameter
| Parameter | Directions | Note |
|---|---|---|
| policyString |
List of Firewall Status Setup Type : String Default Value : No Whether it is plural : Yes |
The format is {seqNo};;{status};;{srcAddrs};;{destAddrs};;{action};;{services};;{comment};;{otherOptions};;{direction} Multiple policies are separated by double colon("::") (a).seqNo: Firewall configuration settings, such as 1, 2 (b).status: "1": enable "0": disable (c)(d).srcAddrs/destAddrs: The following formats are supported: nat${bsid} portforward${bsid} slb${bsid} geography${country_code} Please refer {country_code} asdocument fqdn${domain_name}, iprange${START-IP}-{END-IP} subnet${CIDR} (If it is any IP, please specify "0.0.0.0") (e).action: "accept": accept "deny": deny (f).services: The following formats are supported: * -protocol to TCP: TCP / [portLow] - [portHigh], such as TCP / 8000-8100 * -protocol is UDP: UDP / [portLow] - [portHigh], such as UDP / 8000-8100 * -protocol is IP: IP / [protocolNumber], such as "IP / 6" * -protocol is ICMP: "ICMP" * -protocol is ANY: "ANY" Multiple data separated by comma(「,」) (g).comment: ignore (h).otherOptions: -IP pool: format is IP_POOL$ipStart-ipEnd, such as "IP_POOL$10.20.3.1-10.20.3.50", Set Inside to Outside need to fill -Log: enable log is "LOG$1", disbale log is "LOG$0" - Multiple groups separated by commas, such as "IP_POOL$10.20.3.1-10.20.3.50,LOG$1" (i) .Direction: currently supports IPV4, the number of 0-4: 0: IPV4 Outside to Inside 1: IPV4 Inside to Outside 2: IPV4 Inside to Inside 3: IPV4 Inside to Intranet 4: IPV4 Intranet to Inside Example: 0;;1;;subnet$0.0.0.0;;nat$VT55020001IOSL;;accept;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;0::1;;1;;subnet$192.168.55.0/24;;portforward$VT55020001IOSJ;;accept;;IP/6;;;;LOG$1;;0::2;;1;;fqdn$xxxxx;;slb$VL55020001IOSR;;accept;;ICMP;;;;LOG$1;;0::3;;0;;subnet$192.168.55.0/24;;iprange$192.168.55.0-192.168.55.100;;accept;;UDP/3306-3306,TCP/27017-27017;;;;LOG$1,IP_POOL$210.61.223.76-210.61.223.76;;1::4;;1;;subnet$192.168.55.0/24;;subnet$192.168.55.0/24;;deny;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;2::5;;1;;subnet$192.168.55.0/24;;subnet$192.168.55.0/24;;accept;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;3::7;;1;;subnet$192.168.55.0/24;;subnet$192.168.55.0/24;;accept;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;4:: |
businessTag |
Service category Type : String Default Value : No Whether it is plural : No |
CaaS cb168f20-c515-4e41-84cd-830dedfe7f49; CVPC a2931aa4-8751-4f09-8df3-bcc0d18f8b75; |
vpcBusinessServiceId |
Vpc Service identifier Type : String Default Value : No Whether it is plural : No |
CVPC Response Parameter
| Parameter | Directions | Note |
|---|---|---|
requestId (Not a necessary parameter) |
Request ID Type : JSON value : string Whether it is plural : No |
It is automatically produced by the system |
| orderUuidList |
List of Order Number Type : JSON value : array Occasion : For order enquiries Whether it is plural : Yes |
string List |
CVPC Request Example
https://hws.hicloud.hinet.net/cloud_hws/api/hws/?action=createNetworkAcl
&businessTag=a2931aa4-8751-4f09-8df3-bcc0d18f8b75
&vpcBusinessServiceId=VV55020001IOSE
&policyString=0;;1;;subnet$192.168.55.0/24;;subnet$192.168.55.0/24;;accept;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;2::1;;1;;subnet$192.168.55.0/24;;subnet$192.168.55.0/24;;accept;;TCP/3306-3306,TCP/27017-27017;;;;LOG$1;;2
&chtAuthType=hwspass
&version=${version}
&expires=${expires}
&accessKey=${accessKey}
&signature=${signature}
CVPC Response Example
{
"requestId": "2c957f6158615d93015861d4ba6c0004",
"orderUuidList":["op32a2c9-7eda-4106-b1c7-clefgd5d7e84"]
}