Modify a NAT Firewall security access control policy.
Operation description
This API modifies the configuration of an access control policy that allows, denies, or observes traffic passing through a NAT Firewall.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-cloudfirewall:ModifyNatFirewallControlPolicy |
update |
*NatFirewallControlPolicy
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the request and response. Valid values:
|
zh |
| AclAction |
string |
No |
The action that you want to perform on traffic. Valid values:
|
log |
| Description |
string |
No |
The description of the access control policy. Fuzzy match is supported. Note
If you do not specify this parameter, the descriptions of all policies are queried. |
test description |
| DestPort |
string |
No |
The destination port in the access control policy. Note
This parameter is required when you set DestPortType to |
80 |
| Destination |
string |
No |
The destination address in the access control policy.
|
x.x.x.x/32 |
| DestinationType |
string |
No |
The type of the destination address in the access control policy. Valid values:
|
net |
| NatGatewayId |
string |
Yes |
The ID of the NAT gateway. |
ngw-xxxxxx |
| Proto |
string |
No |
The protocol type in the access control policy. Valid values:
Note
ANY indicates that the policy applies to all protocol types. Note
If the destination is a domain name-based address book that contains a threat intelligence address book or a cloud service address book, you can select TCP. If you select TCP, you can select HTTP, HTTPS, SMTP, SMTPS, or SSL. |
TCP |
| Source |
string |
No |
The source address in the access control policy. Valid values:
|
10.2.XX.XX/24 |
| AclUuid |
string |
Yes |
The UUID of the access control policy. To modify an access control policy, you must provide the UUID of the policy. You can call the DescribeNatFirewallControlPolicy operation to query the UUIDs of access control policies. |
63ab1c02-926a-4d1b-9ef7-***** |
| Direction |
string |
No |
The direction of the traffic to which the access control policy applies. Valid values:
|
out |
| SourceType |
string |
No |
The type of the source address in the access control policy. Valid values:
|
net |
| DestPortType |
string |
No |
The type of the destination port in the access control policy. Valid values:
|
port |
| DestPortGroup |
string |
No |
The name of the destination port address book in the access control policy. |
my_dest_port_group |
| Release |
string |
No |
The status of the access control policy. Valid values:
|
true |
| ApplicationNameList |
array |
No |
The application names. |
|
|
string |
No |
The application types supported by the access control policy. |
ANY |
|
| DomainResolveType |
string |
No |
The DNS resolution method of the domain name. Valid values:
Note
If the domain name is resolved in FQDN mode, you can select only the TCP protocol. The supported applications are HTTP, HTTPS, SMTP, SMTPS, SSL, IMAPS, and POPS. |
0 |
| RepeatType |
string |
No |
The recurrence type for the policy to take effect. Valid values:
Valid values:
|
Permanent |
| RepeatDays |
array |
No |
The days of a week or a month on which the policy recurs.
Note
When RepeatType is set to Weekly, RepeatDays does not allow duplicates.
Note
When RepeatType is set to Monthly, RepeatDays cannot contain duplicate values. |
|
|
integer |
No |
The recurring days of the effective period for the access control policy. Note
If |
1 |
|
| RepeatStartTime |
string |
No |
The start time of the repeat cycle. Use the 24-hour HH:mm format, such as 08:00. The time must be on the hour or half-hour and at least 30 minutes before the repeat end time. Note
This parameter is not used if |
08:00 |
| RepeatEndTime |
string |
No |
The end time of the policy's recurrence period. The time must be in the 24-hour HH:mm format, such as 23:30, be on the hour or half-hour, and be at least half an hour later than the recurrence start time. Note
When RepeatType is Permanent or None, RepeatEndTime is empty. When RepeatType is Daily, Weekly, or Monthly, you must set RepeatEndTime to specify the end time for the repetition. |
23:30 |
| StartTime |
integer |
No |
The start time of the effective period for the access control policy is specified in the Unix timestamp format. It must be on the hour or half-hour and at least half an hour earlier than the end time. Note
When RepeatType is Permanent, StartTime is empty. When RepeatType is None, Daily, Weekly, or Monthly, StartTime is required. |
1694761200 |
| EndTime |
integer |
No |
The end time of the effective period for the access control policy. The time is a Unix timestamp. The time must be on the hour or half-hour and be at least 30 minutes after the start time. Note
If |
1694764800 |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The ID of the request. |
3768197C-E6E8-52CD-8358-***** |
Examples
Success response
JSON format
{
"RequestId": "3768197C-E6E8-52CD-8358-*****"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorParametersUid | The aliUid parameter is invalid. | The aliUid parameter is invalid. |
| 400 | ErrorDBSelect | An error occurred while querying database. | An error occurred while querying database. |
| 400 | ErrorParametersSource | The source is invalid. | The source is invalid. |
| 400 | ErrorParametersProto | The protocol is invalid. | The protocol is invalid. |
| 400 | ErrorParametersDestination | The Destination parameter is invalid. | The Destination parameter is invalid. |
| 400 | ErrorParametersDestPort | The dst_port is invalid. | The dst_port is invalid. |
| 400 | ErrorParametersAction | The action is invalid. | The action is invalid. |
| 400 | ErrorAddressCountExceed | The maximum number of addresses is exceeded. | The maximum number of address is exceeded. |
| 400 | ErrorAclNotExist | The ACL does not exist. | The ACL does not exist. |
| 400 | ErrorRecordLog | An error occurred while updating the operation log. | An error occurred while updating the operation log. |
| 400 | ErrorParametersDestinationCount | Exceeding the number of countries in a single ACL. | Exceeds the number of selected areas for one ACL. It is recommended to split it into multiple ACLs. |
| 400 | ErrorAclExtendedCountExceed | ACL or extended ACL rules are not matched. | The quota for access control policies or extra access control policies is exhausted. |
| 400 | ErrorAclEffectiveTimeNonPermanent | ACL rule is not allowed to update status when effective is not permanent. | ACL rule is not allowed to update status when effective is not permanent. |
| 400 | ErrorParametersNatGatewayId | Invalid parameters NatGatewayId. | The request parameter NatGatewayId is invalid or does not exist. |
| 400 | ErrorUUIDNew | The UUID is invalid. | The UUID is invalid. |
| 400 | ErrorParameterIpVersion | The IP version is invalid. | The IP version is invalid. |
| 400 | ErrorParametersDirection | The direction is invalid. | The direction is invalid. |
| 400 | ErrorDomainResolve | An error occurred while resolving the domain. | An error occurred while resolving the domain. |
| 400 | ErrorParameters | Parameters error. | Parameter error. |
| 400 | ErrorDBInsert | An error occurred while performing an insert operation in the database. | An error occurred while performing an insert operation in the database. |
| 400 | ErrorDBUpdate | internal error: sql updat. | An error occurred while updating the database. |
| 400 | ErrorParametersFtpNotSupport | domain destination not support ftp. | FTP application is not supported when the policy destination is a domain name |
| 400 | ErrorAddressGroupNotExist | The address group does not exist. | The address group does not exist. |
| 400 | ErrorParametersApplicationNameList | Specified parameter ApplicationNameList is not valid. | Specified parameter ApplicationNameList is not valid. |
| 400 | ErrorParametersAclUuid | Specified parameter AclUuid is not valid. | Specified parameter AclUuid is not valid. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.