ModifyNatFirewallControlPolicy - Cloud Firewall - Alibaba Cloud Documentation Center

Modifies the configuration of an access control policy for a NAT firewall.

Operation description

This operation modifies the configuration of an access control policy. The policy controls whether traffic that passes through a NAT firewall is allowed, denied, or monitored.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the request and response. Valid values: zh (default): Chinese. en: English.	zh
AclAction	string	No	The action that is performed on traffic that hits the access control policy. Valid values: accept: allows the traffic. drop: denies the traffic. log: monitors the traffic.	log
Description	string	No	The description of the access control policy. Fuzzy query is supported. Note If you do not set this parameter, the description is not modified.	描述信息
DestPort	string	No	The destination port for traffic in the access control policy. Note Set this parameter when DestPortType is `port`.	80
Destination	string	No	The destination address in the access control policy. If DestinationType is `net`, set Destination to a destination CIDR block. Example: 1.2.3.4/24 If DestinationType is `group`, set Destination to the name of a destination address book. Example: db_group If DestinationType is `domain`, set Destination to a destination domain name. Example: .aliyuncs.com If DestinationType* is `location`, set Destination to a destination region. Example: ["BJ11", "ZB"]	x.x.x.x/32
DestinationType	string	No	The type of the destination address in the access control policy. Valid values: net: CIDR block group: address book domain: domain name location: region	net
NatGatewayId	string	Yes	The ID of the NAT Gateway.	ngw-xxxxxx
Proto	string	No	The protocol type for traffic that the access control policy applies to. Valid values: ANY TCP UDP ICMP Note ANY indicates that the policy applies to all protocol types. Note If the destination is a domain name-based threat intelligence address book or cloud service address book, you can set the protocol to TCP. If you select TCP, you can specify an application, such as HTTP, HTTPS, SMTP, SMTPS, or SSL.	TCP
Source	string	No	The source address in the access control policy. Valid values: If SourceType is `net`, set Source to a source CIDR block. Example: 10.2.XX.XX/24 If SourceType is `group`, set Source to the name of a source address book. Example: db_group.	10.2.XX.XX/24
AclUuid	string	Yes	The unique ID of the access control policy. To modify an access control policy, provide its unique ID. Call the DescribeNatFirewallControlPolicy operation to obtain the ID.	63ab1c02-926a-4d1b-9ef7-*****
Direction	string	No	The traffic direction of the access control policy. Valid values: out: outbound traffic.	out
SourceType	string	No	The type of the source address in the access control policy. Valid values: net: source CIDR block group: source address book	net
DestPortType	string	No	The type of the destination port for traffic in the access control policy. port: port group: port address book	port
DestPortGroup	string	No	The name of the destination port address book for traffic in the access control policy.	my_dest_port_group
Release	string	No	The status of the access control policy. Valid values: true: The policy is enabled. false: The policy is disabled.	true
ApplicationNameList	array	No	The list of application names.
	string	No	The list of application types supported by the access control policy.	ANY
DomainResolveType	string	No	The domain name resolution method of the access control policy. Valid values: 0: FQDN-based 1: dynamic DNS-based 2: FQDN- and dynamic DNS-based	0
RepeatType	string	No	The recurrence type for the policy validity period. Valid values: Permanent (default): The policy is always valid. None: The policy is valid for a specific period. Daily: The policy is valid daily. Weekly: The policy is valid weekly. Monthly: The policy is valid monthly. Valid values: Daily : Daily Monthly : Monthly Permanent : Always Weekly : Weekly None : Specify a single time	Permanent
RepeatDays	array	No	The days of the week or month on which the policy is valid. If RepeatType is `Permanent`, `None`, or `Daily`, leave RepeatDays empty. Example: [] If RepeatType is `Weekly`, RepeatDays cannot be empty. Example: [0, 6] Note If you set RepeatType to `Weekly`, do not specify duplicate values for RepeatDays. If RepeatType is `Monthly`, RepeatDays cannot be empty. Example: [1, 31] Note If you set RepeatType to `Monthly`, do not specify duplicate values for RepeatDays.
	integer	No	The day of the week or month on which the policy is valid. Note If you set RepeatType to `Weekly`, the value range is 0 to 6. The week starts on Sunday. If you set RepeatType to `Monthly`, the value range is 1 to 31.	1
RepeatStartTime	string	No	The start time of the recurrence. For example: 08:00. The time must be on the hour or half-hour, and at least 30 minutes earlier than the end time. Note If RepeatType is `Permanent` or `None`, leave RepeatStartTime empty. If RepeatType is `Daily`, `Weekly`, or `Monthly`, set this parameter.	08:00
RepeatEndTime	string	No	The end time of the recurrence. For example: 23:30. The time must be on the hour or half-hour, and at least 30 minutes later than the start time. Note If RepeatType is `Permanent` or `None`, leave RepeatEndTime empty. If RepeatType is `Daily`, `Weekly`, or `Monthly`, set this parameter.	23:30
StartTime	integer	No	The start time of the policy validity period. This is a UNIX timestamp. The time must be on the hour or half-hour, and at least 30 minutes earlier than the end time. Note If RepeatType is `Permanent`, leave StartTime empty. If RepeatType is `None`, `Daily`, `Weekly`, or `Monthly`, set this parameter.	1694761200
EndTime	integer	No	The end time of the policy validity period. This is a UNIX timestamp. The time must be on the hour or half-hour, and at least 30 minutes later than the start time. Note If RepeatType is `Permanent`, leave EndTime empty. If RepeatType is `None`, `Daily`, `Weekly`, or `Monthly`, set this parameter.	1694764800

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	3768197C-E6E8-52CD-8358-*****

Examples

Success response

JSON format

{
  "RequestId": "3768197C-E6E8-52CD-8358-*****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorParametersUid	The aliUid parameter is invalid.	The aliUid parameter is invalid.
400	ErrorDBSelect	An error occurred while querying database.	An error occurred while querying database.
400	ErrorParametersSource	The source is invalid.	The source is invalid.
400	ErrorParametersProto	The protocol is invalid.	The protocol is invalid.
400	ErrorParametersDestination	The Destination parameter is invalid.	The Destination parameter is invalid.
400	ErrorParametersDestPort	The dst_port is invalid.	The dst_port is invalid.
400	ErrorParametersAction	The action is invalid.	The action is invalid.
400	ErrorAddressCountExceed	The maximum number of addresses is exceeded.	The maximum number of address is exceeded.
400	ErrorAclNotExist	The ACL does not exist.	The ACL does not exist.
400	ErrorRecordLog	An error occurred while updating the operation log.	An error occurred while updating the operation log.
400	ErrorParametersDestinationCount	Exceeding the number of countries in a single ACL.	Exceeds the number of selected areas for one ACL. It is recommended to split it into multiple ACLs.
400	ErrorAclExtendedCountExceed	ACL or extended ACL rules are not matched.	The quota for access control policies or extra access control policies is exhausted.
400	ErrorAclEffectiveTimeNonPermanent	ACL rule is not allowed to update status when effective is not permanent.	ACL rule is not allowed to update status when effective is not permanent.
400	ErrorParametersNatGatewayId	Invalid parameters NatGatewayId.	The request parameter NatGatewayId is invalid or does not exist.
400	ErrorUUIDNew	The UUID is invalid.	The UUID is invalid.
400	ErrorParameterIpVersion	The IP version is invalid.	The IP version is invalid.
400	ErrorParametersDirection	The direction is invalid.	The direction is invalid.
400	ErrorDomainResolve	An error occurred while resolving the domain.	An error occurred while resolving the domain.
400	ErrorParameters	Parameters error.	Parameter error.
400	ErrorDBInsert	An error occurred while performing an insert operation in the database.	An error occurred while performing an insert operation in the database.
400	ErrorDBUpdate	internal error: sql updat.	An error occurred while updating the database.
400	ErrorParametersFtpNotSupport	domain destination not support ftp.	FTP application is not supported when the policy destination is a domain name
400	ErrorAddressGroupNotExist	The address group does not exist.	The address group does not exist.
400	ErrorParametersApplicationNameList	Specified parameter ApplicationNameList is not valid.	Specified parameter ApplicationNameList is not valid.
400	ErrorParametersAclUuid	Specified parameter AclUuid is not valid.	Specified parameter AclUuid is not valid.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.