All Products
Search
Document Center

ENS:DescribeNetworkAcls

Last Updated:Mar 12, 2024

Queries network access control lists (ACLs).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
NetworkAclIdstringNo

The ID of the network ACL.

nacl-bp1lhl0taikrbgnh****
NetworkAclNamestringNo

The name of the network ACL.

acl-1
ResourceIdstringNo

The ID of the associated instance.

n-5****
PageNumberstringNo

The page number. Pages start from page 1. Default value: 1.

1
PageSizestringNo

The number of entries per page. Maximum value: 50. Default value: 10.

10

Response parameters

ParameterTypeDescriptionExample
object

Schema of Response

RequestIdstring

The ID of the request.

A1707FC0-430C-423A-B624-284046B20399
TotalCountstring

The total number of entries returned.

3
PageSizestring

The number of entries per page.

2
PageNumberstring

The page number.

1
NetworkAclsobject []

Details of the network ACLs.

Statusstring

The status of the network ACL. Valid values:

  • Available: The network ACL is available.
  • Modifying: The network ACL is being configured.
Available
CreationTimestring

The time when the network ACL was created. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

2019-11-01T06:08:46Z
Descriptionstring

The description of the network ACL.

This is my NetworkAcl.
NetworkAclIdstring

The ID of the network ACL.

nacl-a2do9e413e0spxscd****
NetworkAclNamestring

The name of the network ACL.

acl-8
IngressAclEntriesobject []

Details of the inbound rules.

Policystring

The action that is performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
accept
NetworkAclEntryIdstring

The ID of the inbound rule.

nae-5dk86arlydmezasw****
NetworkAclEntryNamestring

The name of the inbound rule.

acl-3
CidrBlockstring

The source CIDR block.

10.0.0.0/24
Protocolstring

The protocol type. Valid values:

  • icmp: ICMP.
  • tcp: TCP.
  • udp: UDP.
  • all: all protocols.
all
PortRangestring

The destination port range of the inbound rule.

  • If Protocol of the inbound rule is set to all or icmp, the port range is -1/-1, which indicates all ports.
  • If Protocol of the inbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80. 1/200 indicates port 1 to port 200. 80/80 indicates port 80. Valid values for a port: 1 to 65535.
-1/-1
Priorityinteger

The priority of the rule. Valid values: 1 to 100. Default value: 1.

1
Typestring

The type of the rule. Valid values:

  • system: The rule is created by the system.
  • custom: The rule is created by a user.
system
Descriptionstring

The description of the inbound rule.

This is IngressAclEntries.
EgressAclEntriesobject []

Details of the outbound rules.

Policystring

The action that is performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
accept
NetworkAclEntryIdstring

The ID of the outbound rule.

nae-a2d447uw4tillfvgb****
NetworkAclEntryNamestring

The name of the outbound rule.

acl-2
CidrBlockstring

The destination CIDR block.

10.0.0.0/24
Protocolstring

The protocol type. Valid values:

  • icmp: ICMP.
  • tcp: TCP.
  • udp: UDP.
  • all: all protocols.
all
PortRangestring

The destination port range of the outbound rule.

  • If Protocol of the outbound rule is set to all or icmp the port range is -1/-1, which indicates all ports.
  • If Protocol of the outbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80. 1/200 indicates port 1 to port 200. 80/80 indicates port 80. Valid values for a port: 1 to 65535.
-1/-1
Priorityinteger

The priority of the rule. Valid values: 1 to 100. Default value: 1.

1
Typestring

The type of the rule. Valid values:

  • system: The rule is created by the system.
  • custom: The rule is created by a user.
system
Descriptionstring

The description of the outbound rule.

This is EgressAclEntries.
Resourcesobject []

Details of the associated resources.

Statusstring

The association status of the resource. Valid values:

  • BINDED: The resource is associated with the network ACL.
  • BINDING: The resource is being associated with the network ACL.
  • UNBINDING: The resource is being disassociated from the network ACL.
BINDING
ResourceTypestring

The type of the associated resource.

Network
ResourceIdstring

The ID of the associated resource.

n-****
EnsRegionIdstring

The ID of the edge node.

cn-fuzhou-telecom

Examples

Sample success responses

JSONformat

{
  "RequestId": "A1707FC0-430C-423A-B624-284046B20399",
  "TotalCount": "3",
  "PageSize": "2",
  "PageNumber": "1",
  "NetworkAcls": [
    {
      "Status": "Available",
      "CreationTime": "2019-11-01T06:08:46Z",
      "Description": "This is my NetworkAcl.",
      "NetworkAclId": "nacl-a2do9e413e0spxscd****",
      "NetworkAclName": "acl-8",
      "IngressAclEntries": [
        {
          "Policy": "accept",
          "NetworkAclEntryId": "nae-5dk86arlydmezasw****",
          "NetworkAclEntryName": "acl-3",
          "CidrBlock": "10.0.0.0/24",
          "Protocol": "all",
          "PortRange": "-1/-1",
          "Priority": 1,
          "Type": "system",
          "Description": "This is IngressAclEntries."
        }
      ],
      "EgressAclEntries": [
        {
          "Policy": "accept",
          "NetworkAclEntryId": "nae-a2d447uw4tillfvgb****",
          "NetworkAclEntryName": "acl-2",
          "CidrBlock": "10.0.0.0/24",
          "Protocol": "all",
          "PortRange": "-1/-1",
          "Priority": 1,
          "Type": "system",
          "Description": "This is EgressAclEntries."
        }
      ],
      "Resources": [
        {
          "Status": "BINDING",
          "ResourceType": "Network",
          "ResourceId": "n-****",
          "EnsRegionId": "cn-fuzhou-telecom"
        }
      ]
    }
  ]
}

Error codes

HTTP status codeError codeError message
400ens.interface.errorAn error occurred while call the API.
400NoPermissionPermission denied.
400InvalidParameter.%sThe specified field %s invalid. Please check it again.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history