CreateNetworkAclEntry#

Creates a rule in the network ACL with the specified rule number. Each network ACL has a sets of numbered ingress rules and egress rules. Priority rules depends on number: the rule with smaller number has higher priority.

Attention

The network ACL cannot have two rules of the same direction (ingres/egress) and the same number.

Request Parameters#

  • CidrBlock — The IPv4 address range in CIDR notation.

    • Type: String

    • Required: Yes

  • egress — Indicates whether this is an egress rule.

    • Type: Boolean

    • Required: Yes

  • Icmp — The ICMP or ICMPv6 type and code.

  • networkAclId — The ID of the network ACL.

    • Type: String

    • Required: Yes

  • PortRange — The port range the rule applies to. For TCP or UDP only.

  • Protocol — The protocol. A value of -1 or all denotes all protocols. If you specify all, `` -1``, or a protocol number (not TCP, UDP, or ICMP), traffic will be allowed on all ports, regardless of any ports or ICMP types or codes you specify.

    • Type: String

    • Required: Yes

  • RuleAction — Indicates whether to allow or deny the traffic that matches the rule.

    • Type: String

    • Valid values: allow | deny

    • Required: Yes

  • ruleNumber — The rule number.

    • Type: Integer

    • Required: Yes

    Attention

    The rule number must fall within the range of 0 to 32766.

Response Elements#

  • requestId — The request ID.

    • Type: String

  • returnTrue is returned if the request succeeds, and an error otherwise.

    • Type: Boolean

Examples#

c2-ec2 CreateNetworkAclEntry NetworkAclId <network_acl_id> RuleNumber <rule_number>\
                             Protocol <protocol> RuleAction <rule_action> Egress <egress>\
                             CidrBlock <cidr_block>
c2-ec2 CreateNetworkAclEntry NetworkAclId <network_acl_id> RuleNumber <rule_number>\
                             Protocol 6 RuleAction <rule_action> Egress <egress>\
                             CidrBlock <cidr_block> PortRange.From <port_from> PortRange.To <port_to>
c2-ec2 CreateNetworkAclEntry NetworkAclId <network_acl_id> RuleNumber <rule_number>\
                             Protocol 1 RuleAction <rule_action> Egress <egress>\
                             CidrBlock <cidr_block> Icmp.Code <icmp_code> Icmp.Type <icmp_type>