检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
If NAT 64 protection is enabled and IPv6 access is used, allow traffic from the 198.19.0.0/16 CIDR block to pass through. NAT64 will translate source IP addresses into the CIDR block 198.19.0.0/16 for ACL access control.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A start_time No Long Definition Start time. Constraints N/A Range Milliseconds-level timestamp. Default Value N/A end_time No Long Definition End time.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A type Yes String Definition Log type.
It can be an EIP or NAT rule. Direction Traffic direction of the protection rule. Source The party that originates a session. Destination The recipient of a session. Service Its value can be TCP, UDP, ICMP, or Any. Source Port: Source ports to be allowed or blocked.
The IP addresses can be separated by commas (,), semicolons (;), \r\n, \n), or \t. effect_scope No Array of integers Effective scope: 1 (EIP), 2 (NAT), or [1 2] (EIP and NAT).
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A direction No String Definition Session direction.
Constraints N/A Range internet (north-south logs), nat (NAT logs), vpc (east-west logs), or vgw (VGW logs) Default Value N/A item Yes String Definition Aggregation type.
To use public network CIDR blocks other than 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the 100.64.0.0/10 segment reserved for carrier-level NAT as private network CIDR blocks, modify private network CIDR blocks or submit a service ticket to expand your private IP CIDR blocks,
NAT protection: Protect NAT traffic. Private IP addresses can be configured. EIP protection Direction Direction of protected traffic. Inbound: Traffic from external networks to the internal server. Outbound: Traffic from the customer server to external networks.
Figure 1 Internet border traffic protection Introduction to Internet Border Traffic Protection Protected Objects ECSs, NAT gateways, ELBs, and other resources bound to EIPs.
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory. Range: 0: inbound (on-premises to cloud); 1: outbound (cloud to on-premises).
Address: www.example.test.api; Domain Description: api Domain Address: www.test.example.com; Domain Description: a domain name Domain Address: www.example.example.test; Domain Description: XX system Rule-ACL-Table: Order: 1 ACL Name: service A external connection Protection Rule: NAT
If NAT 64 protection is enabled and IPv6 access is used, allow traffic from the 198.19.0.0/16 CIDR block to pass through. NAT64 will translate source IP addresses into the CIDR block 198.19.0.0/16 for ACL access control.
Constraints: If type is set to 0 (Internet rule) or 2 (NAT rule), the direction is mandatory.
To use public network CIDR blocks other than 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the 100.64.0.0/10 segment reserved for carrier-level NAT as private network CIDR blocks, modify private network CIDR blocks or submit a service ticket to expand your private IP CIDR blocks,
The source and destination addresses must be private IP addresses. 2: NAT rule. The source address must be a private IP address, and the destination address must be an EIP or a domain name.
