All Products
Search

This Product

    IPv6 Gateway:Create and manage an egress-only rule

    Document Center

    IPv6 Gateway:Create and manage an egress-only rule

    Last Updated:Mar 20, 2024

    After you enable IPv6 Internet bandwidth for an IPv6 address, the IPv6 address can be used for communication over the Internet. You can create egress-only rules for the IPv6 address to allow only outbound IPv6 traffic. This topic describes how to create an egress-only rule for the IPv6 address of an Elastic Compute Service (ECS) instance. This allows the ECS instance to access IPv6 clients but does not allow the IPv6 clients to access the ECS instance in a virtual private cloud (VPC) over the Internet.

    Prerequisites

    Internet bandwidth is purchased for the IPv6 address for which you want to create an egress-only rule. For more information, see Enable and manage IPv6 Internet bandwidth.

    Create an egress-only rule

    Warning

    If the IPv6 gateway is also accepting inbound traffic, the inbound traffic is denied after an egress-only rule is created. The ECS instance denies access from IPv6 clients over the Internet. Exercise caution when you perform this operation.

    1. Log on to the IPv6 Gateway console.
    2. In the top navigation bar, select the region where the IPv6 gateway is deployed.

    3. On the IPv6 Gateway page, click the ID of the desired IPv6 gateway.

    4. On the details page of the IPv6 gateway, click the Egress-only Rule > Create Egress-only Rule.

    5. In the Create Egress-only Rule panel, specify the parameters described in the following table and click OK.

      Parameter

      Description

      Resource Group

      Select the resource group to which the egress-only rule belongs.

      Rule Granularity

      Select ECS.

      Associate Instance

      Select an ECS instance or an elastic network interface (ENI) that uses an IPv6 address for communication over the Internet.

      IPv6 Address

      Select an appropriate IPv6 address.

    Delete an egress-only rule

    You can delete an egress-only rule anytime. After you delete the egress-only rule that you created for an IPv6 address for which Internet bandwidth is purchased, an ECS instance can use the IPv6 address to access IPv6 clients over the Internet. The ECS instance is also accessible to IPv6 clients over the Internet.

    1. Log on to the IPv6 Gateway console.
    2. In the top navigation bar, select the region where the IPv6 gateway is deployed.

    3. On the IPv6 Gateway page, click the ID of the desired IPv6 gateway.

    4. On the details page of the IPv6 gateway, click the Egress-only Rule tab, find the egress-only rule that you want to delete, and then click Delete in the Actions column.

    5. In the Delete Rule message, click OK.

    References