Source Type |
The type of the traffic source. Valid values:
- IP: If you select this option, enter a CIDR block for Source.
- Address Book: If you select this option, select a preconfigured address book.
Note You can add multiple CIDR blocks to an address book. This way, you can configure access
control for multiple IP addresses in an efficient manner.
|
Source |
The source CIDR block of the traffic source.
Note You can enter only one CIDR block.
If you set Source Type to Address Book, you need only to select a preconfigured address book.
Note You can select only one address book at a time. If you want to use multiple address
books, you can create multiple policies. To create a policy, click Create Policy.
|
Destination Type |
The type of the traffic destination. Valid values:
- IP: If you select this option, enter an IP address for Destination.
- Address Book: If you select this option, select an address book.
- Domain Name: If you select this option, enter a domain name for Destination. You can enter a
wildcard domain name. Example: *.aliyun.com.
|
Destination |
The address of the traffic destination.
- If you set Destination Type to IP, enter a CIDR block.
- If you set Destination Type to Address Book, find the required address book and click Select in the Actions column.
Note You can select only one address book at a time. If you want to use multiple address
books, you can create multiple policies. To create a policy, click Create Policy.
- If you set Destination Type to Domain Name, enter a domain name for Destination. You can enter a wildcard domain name. Example:
*.aliyun.com.
|
Protocol |
The protocol of the traffic. Valid values:
- ANY: any protocol
- TCP
- UDP
- ICMP
|
Port Type |
The type of the port. Valid values:
- Ports: If you select this option, you can enter only one port range for Ports.
- Address Book: If you select this option, you need only to select a preconfigured port address book. A port address book contains multiple ports. This allows you to configure access
control for multiple ports in an efficient manner.
|
Ports |
The ports on which you want to control traffic. If you set Port Type to Ports, enter a port range. If you set Port Type to Address Book, find the required
port address book and click Select in the Actions column.
Note
- You can select only one address book at a time. If you want to use multiple address
books, you can create multiple policies. To create a policy, click Create Policy.
- If you set Protocol to ICMP, the destination ports you specify do not take effect.
If you set Protocol to ANY, the destination ports you specify do not take effect in ICMP traffic control.
|
Application |
The type of the application. Valid values: ANY, HTTP, HTTPS, Memcache, MongoDB, MQTT,
MySQL, RDP, Redis, SMTP, SMTPS, SSH, and VNC.
If you set Protocol to TCP, you can use all the valid values of Application. If you set Protocol to a value
other than TCP, you can set Application only to ANY.
Note Cloud Firewall identifies applications based on packet characteristics, instead of
port numbers. If Cloud Firewall fails to identify the application for a packet, Cloud
Firewall allows the packet.
|
Policy Action |
The action on the traffic that reaches the VPC firewall. Valid values:
- Allow: If traffic meets the conditions that you specify for the policy, the traffic is
allowed.
- Deny: If traffic meets the conditions that you specify for the policy, the traffic is
denied, and no notifications are sent.
- Monitor: If traffic meets the conditions that you specify for the policy, the traffic is
recorded and allowed. After you observe the traffic for a period of time, you can
change the policy action to Allow or Deny based on your business requirements.
|
Description |
The description of the policy. Enter a description that can help identify the policy.
|
Priority |
The priority of the policy. Default value: Lowest. Valid values:
- Lowest: The policy has the lowest priority and is the last one to take effect.
- Highest: The policy has the highest priority and is the first one to take effect.
|