This topic describes how to add an inbound rule to a network access control list (ACL). You can associate a network ACL with a VSwitch and then use inbound rules to allow or deny network traffic sent from a public or internal network to the ECS instances connected to the VSwitch.
Prerequisites
Procedure
- Log on to the VPC console.
- In the left-side navigation pane, click Network ACL.
- In the top navigation bar, select the region of the network ACL.
- On the Network ACL page, find the target network ACL, and then click Inbound Rule in the Actions column.
- On the Inbound Rule tab, click Create Inbound Rule.
- On the Create Inbound Rule page, configure the inbound rule according to the following information, and then
click OK.
Parameter Description Name Enter a name for the inbound rule to be created. The name must be 2 to 128 characters in length and can contain letters, numbers, underscores (_), and hyphens (-). The name must start with a letter or Chinese character and cannot start with
http://
orhttps://
.Effective order The order in which the inbound rule is evaluated. Valid values: 1 to 20. A smaller number indicates a higher priority. For more information, see Rule evaluation order.
Action Select an action for the inbound rule. Valid values: - Accept
- Drop
Protocol Select the transport layer protocol. Valid values: - all: All protocols are supported.
- ICMP
- GRE
- TCP
- UDP
Source IP Addresses Enter the range of source IP addresses. Default value: 0.0.0.0/32.
Destination Port Range Enter the destination port range. Valid values: 1 to 65535. Separate the first port and last port with a forward slash (/), for example, 1/200 or 80/80. You cannot set the port range to -1/-1, which indicates that all ports are allowed.