After you create defense rules for a cluster, you can enable or disable defense for the cluster. You can also enable, disable, and modify the defense rules of the cluster. If you no longer need a defense rule, you can delete it. This topic describes how to enable, disable, modify, and delete a defense rule.

Prerequisites

A defense rule is created for your cluster. For more information about how to create a defense rule, see Create a defense rule.

Background information

The defense rule that is created for the cluster can take effect only when the blocking status of the cluster is normal. If the blocking status is abnormal, you must troubleshoot the issue. For more information, see Troubleshoot the issues causing the abnormal blocking status of a cluster.

Manage the defense status

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Protection Configuration > Container Protection > Container Firewall.
  3. On the Container Firewall page, click the Protection management tab.
  4. In the cluster list of the Protection management tab, find the cluster for which you want to manage the defense status.
    Turn on or off Switch in the Defensive status column to enable or disable defense for the cluster. You can also select multiple clusters and click Batch open or Batch shutdown below the list to manage the defense status for multiple clusters.
    Important You can enable defense rules for a cluster only when Normal is displayed in the Interceptible status column of the cluster. If Abnormal or Normal to be confirmed is displayed in the Interceptible status column, you cannot enable defense rules for the cluster. For more information about how to troubleshoot the issues that cause the abnormal status in the Interceptible status column, see Troubleshoot the issues causing the abnormal blocking status of a cluster.

Manage a defense rule

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Protection Configuration > Container Protection > Container Firewall.
  3. On the Container Firewall page, click the Protection management tab.
  4. In the cluster list of the Protection management tab, find the cluster whose defense rules you want to manage.
    1. Click Rule management in the Operation column to go to the Defense rules panel.
    2. In the defense rule list of the Defense rules panel, find the defense rule that you want to manage.
      • Enable or disable the defense rule

        Turn on or off Switch in the Enabled status column to enable or disable the defense rule.

        You can also select multiple defense rules and click Batch open or Batch shutdown below the list to enable or disable the defense rules at a time.

      • View the details about the defense rule

        Click Details in the Operation column to go to the Details panel. In the panel, view the configurations of the source network object and destination network object, and other details about the defense rule.

      • Modify the defense rule
        Click Edit in the Operation column to go to the Edit rules panel. In the panel, modify the defense rule.
        Note The modification on the defense rule takes effect within 1 minute.
      • Delete the defense rule

        Click Delete in the Operation column to delete the defense rule.

        You can also select multiple defense rules and click Batch delete below the list to delete the defense rules at a time.

        Note The defense rule is deleted within 1 minute.