Queries network access control lists (ACLs).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeNetworkAcls

The operation that you want to perform. Set the value to DescribeNetworkAcls.

RegionId String Yes cn-hangzhou

The ID of the region where the network ACL is deployed.

You can call the DescribeRegions operation to query the most recent region list.

NetworkAclId String No nacl-bp1lhl0taikrbgnh****

The ID of the network ACL.

NetworkAclName String No acl-1

The name of the network ACL.

The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter and cannot start with http:// or https://.

VpcId String No vpc-123456

The ID of the VPC to which the network ACL applies.

ResourceType String No VSwitch

The type of the associated instance.

This parameter is valid only if ResourceType and ResourceId are both set.

ResourceId String No vsw-bp1de348lntdwnhbg****

The ID of the associated instance.

This parameter is valid only if ResourceType and ResourceId are both set.

PageNumber Integer No 1

The number of the page to return. Pages start from page 1. Default value: 1.

PageSize Integer No 10

The number of entries to return on each page. Maximum value: 50. Default value: 10.

ClientToken String No 123

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters. It cannot exceed 64 characters in length.

Response parameters

Parameter Type Example Description
NetworkAcls Array of NetworkAcl

The details of the network ACL.

NetworkAcl
CreationTime String 2019-04-25 11:44:17

The time when the network ACL was created.

Description String This is my NetworkAcl.

The description of the network ACL.

EgressAclEntries Array of EgressAclEntry

The outbound rules.

EgressAclEntry
Description String This is EgressAclEntries.

The description of the outbound rule.

DestinationCidrIp String 10.0.0.0/24

The destination CIDR block.

NetworkAclEntryId String nae-a2d447uw4tillfvgb****

The ID of the outbound rule.

NetworkAclEntryName String acl-2

The name of the outbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The range of destination ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: Internet Control Message Protocol (ICMP)
  • gre: Generic Routing Encapsulation (GRE)
  • tcp: TCP
  • udp: UDP
  • all: All protocols are supported.
IngressAclEntries Array of IngressAclEntry

The inbound rules.

IngressAclEntry
Description String This is IngressAclEntries.

The description of the inbound rule.

NetworkAclEntryId String nae-a2dk86arlydmezasw****

The ID of the inbound rule.

NetworkAclEntryName String acl-3

The name of the inbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The range of source ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: All protocols are supported.
SourceCidrIp String 10.0.0.0/24

The source CIDR block.

NetworkAclId String nacl-a2do9e413e0spxscd****

The ID of the network ACL.

NetworkAclName String acl-8

The name of the network ACL.

OwnerId Long 12345678

The ID of the Alibaba Cloud account to which the network ACL belongs.

RegionId String cn-hangzhou

The region where the network ACL is deployed.

Resources Array of Resource

The resources that are associated with the network ACL.

Resource
ResourceId String vsw-bp1de348lntdwcdf****

The ID of the associated resource.

ResourceType String VSwitch

The type of the associated resource.

Status String BINDED

The status of the associated resource. Valid values:

  • BINDED: The resource is associated with the network ACL.
  • BINDING: The resource is being associated with the network ACL.
  • UNBINDING: The resource is disassociated from the network ACL.
Status String Available

The status of the network ACL. Valid values:

  • Available: The network ACL is available for use.
  • Modifying: The network ACL is being configured.
VpcId String vpc-a2d33rfpl72k5defr****

The ID of the associated VPC.

PageNumber String 1

The page number of the returned page.

PageSize String 10

The number of entries on the current page.

RequestId String F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1

The ID of the request.

TotalCount String 2

The total number of entries returned.

Examples

Sample requests

https://vpc.aliyuncs.com/?Action=DescribeNetworkAcls
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format 

<DescribeNetworkAclsResponse>
  <TotalCount>2</TotalCount>
  <NetworkAcls>
        <NetworkAcl>
              <Status>Available</Status>
              <Description>This is my NetworkAcl.</Description>
              <OwnerId>12345678</OwnerId>
              <VpcId>vpc-a2d33rfpl72k5defr****</VpcId>
              <NetworkAclId>nacl-a2do9e413e0spxscd****</NetworkAclId>
              <CreationTime>2019-04-25 11:44:17</CreationTime>
              <NetworkAclName>acl-8</NetworkAclName>
              <RegionId>cn-hangzhou</RegionId>
              <IngressAclEntries>
                    <IngressAclEntry>
                          <Policy>accept</Policy>
                          <Description>This is IngressAclEntries.	</Description>
                          <Port>-1/-1	</Port>
                          <SourceCidrIp>10.0.0.0/24	</SourceCidrIp>
                          <NetworkAclEntryName>acl-3	</NetworkAclEntryName>
                          <Protocol>all</Protocol>
                          <NetworkAclEntryId>nae-a2dk86arlydmezasw****</NetworkAclEntryId>
                    </IngressAclEntry>
              </IngressAclEntries>
              <EgressAclEntries>
                    <EgressAclEntry>
                          <Policy>accept</Policy>
                          <Description>This is EgressAclEntries.	</Description>
                          <DestinationCidrIp>10.0.0.0/24	</DestinationCidrIp>
                          <Port>-1/-1	</Port>
                          <NetworkAclEntryName>acl-2	</NetworkAclEntryName>
                          <Protocol>all</Protocol>
                          <NetworkAclEntryId>nae-a2d447uw4tillfvgb****</NetworkAclEntryId>
                    </EgressAclEntry>
              </EgressAclEntries>
              <Resources>
                    <Resource>
                          <Status>BINDED</Status>
                          <ResourceId>vsw-bp1de348lntdwcdf****</ResourceId>
                          <ResourceType>VSwitch</ResourceType>
                    </Resource>
              </Resources>
        </NetworkAcl>
  </NetworkAcls>
  <PageSize>10</PageSize>
  <RequestId>F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1</RequestId>
  <PageNumber>1</PageNumber>
</DescribeNetworkAclsResponse>

JSON format 

{"TotalCount":"2","NetworkAcls":{"NetworkAcl":[{"Status":"Available","Description":"This is my NetworkAcl.","OwnerId":"12345678","VpcId":"vpc-a2d33rfpl72k5defr****","NetworkAclId":"nacl-a2do9e413e0spxscd****","CreationTime":"2019-04-25 11:44:17","NetworkAclName":"acl-8","RegionId":"cn-hangzhou","IngressAclEntries":{"IngressAclEntry":[{"Policy":"accept","Description":"This is IngressAclEntries.\t","Port":"-1/-1\t","SourceCidrIp":"10.0.0.0/24\t","NetworkAclEntryName":"acl-3\t","Protocol":"all","NetworkAclEntryId":"nae-a2dk86arlydmezasw****"}]},"EgressAclEntries":{"EgressAclEntry":[{"Policy":"accept","Description":"This is EgressAclEntries.\t","DestinationCidrIp":"10.0.0.0/24\t","Port":"-1/-1\t","NetworkAclEntryName":"acl-2\t","Protocol":"all","NetworkAclEntryId":"nae-a2d447uw4tillfvgb****"}]},"Resources":{"Resource":[{"Status":"BINDED","ResourceId":"vsw-bp1de348lntdwcdf****","ResourceType":"VSwitch"}]}}]},"PageSize":"10","RequestId":"F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1","PageNumber":"1"}

Error codes

HttpCode Error code Error message Description
500 InternalError The request processing has failed due to some unknown error. The error message returned because unknown errors have occurred.

For a list of error codes, visit the API Error Center.