检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
) bound to the EIP. device_name String Name of the device (such as ECS and NAT) bound to the EIP device_owner String Owner of the device (such as ECS and NAT) bound to the EIP. associate_instance_type String Type of the associated instance: NATGW, ELB, or PORT. fw_instance_name String
"er:routeTables:list", "er:routes:list", "er:associations:list", "er:instances:get", "ecs:cloudServers:list", "ecs:availabilityZones:list", "smn:topic:list", "nat
For a professional edition firewall, one or more EIP, NAT, or EIP and NAT records may be displayed, depending on the imported records. Calling Method For details, see Calling APIs.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
It can be an EIP or NAT rule. Direction Traffic direction of the protection rule. Source The party that originates a session. Destination The recipient of a session. Service Its value can be TCP, UDP, ICMP, or Any. Source Port: Source ports to be allowed or blocked.
The IP addresses can be separated by commas (,), semicolons (;), \r\n, \n), or \t. effect_scope No Array of integers Effective scope: 1 (EIP), 2 (NAT), or [1 2] (EIP and NAT).
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A item Yes String Definition Aggregation type.
NAT protection: Protect NAT traffic. Private IP addresses can be configured. EIP protection Direction Direction of protected traffic. Inbound: Traffic from external networks to the internal server. Outbound: Traffic from the customer server to external networks.
Figure 1 Internet border traffic protection Introduction to Internet Border Traffic Protection Protected Objects ECSs, NAT gateways, ELBs, and other resources bound to EIPs.
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Range: 0: inbound (on-premises to cloud); 1: outbound (cloud to on-premises).
Address: www.example.test.api; Domain Description: api Domain Address: www.test.example.com; Domain Description: a domain name Domain Address: www.example.example.test; Domain Description: XX system Rule-ACL-Table: Order: 1 ACL Name: service A external connection Protection Rule: NAT
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory.
To use public network CIDR blocks other than 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the 100.64.0.0/10 segment reserved for carrier-level NAT as private network CIDR blocks, modify private network CIDR blocks or submit a service ticket to expand your private IP CIDR blocks,
The source and destination addresses must be private IP addresses. 2: NAT rule. The source address must be a private IP address, and the destination address must be an EIP or a domain name.
