Updates the rules of a network access control list (ACL).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.` OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
UpdateIngressAclEntries Boolean No false

Specifies whether to update inbound rules. Valid values:

  • true: yes
  • false (default): no
UpdateEgressAclEntries Boolean No false

Specifies whether to update outbound rules. Valid values:

  • true: yes
  • false (default): no
NetworkAclId String Yes nacl-bp1lhl0taikrzxsc****

The ID of the network ACL.

RegionId String Yes cn-hangzhou

The region ID of the network ACL. You can call the DescribeRegions operation to query the most recent region list.

ClientToken String No 123e4567-e89b-12d3-a456-426655440000

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Note If you do not set this parameter, the system automatically uses RequestId as ClientToken. RequestId may be different for each API request.
Action String Yes UpdateNetworkAclEntries

The operation that you want to perform. Set the value to UpdateNetworkAclEntries.

IngressAclEntries.N.NetworkAclEntryId String No nae-2zepn32de59j8m4****

The ID of the inbound rule.

Valid values of N: 0 to 29. You can update at most 30 inbound rules.

IngressAclEntries.N.EntryType String No custom

The type of the rule. Set the value to custom, which specifies custom rules.

IngressAclEntries.N.NetworkAclEntryName String No acl-3

The name of the inbound rule.

IngressAclEntries.N.Policy String No accept

The access control policy. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
IngressAclEntries.N.SourceCidrIp String No 10.0.0.0/24

The source CIDR block.

IngressAclEntries.N.Description String No This is IngressAclEntries.

The description of the inbound rule.

IngressAclEntries.N.Protocol String No all

The transport layer protocol. Valid values:

  • icmp: Internet Control Message Protocol (ICMP)
  • gre: Generic Routing Encapsulation (GRE)
  • tcp: TCP
  • udp: UDP
  • all: all protocols
IngressAclEntries.N.Port String No -1/-1

The source port range of the inbound rule.

  • If Protocol of the inbound rule is set to all, icmp, or gre, the port range is -1/-1, which specifies that all ports are available.
  • If Protocol of the inbound rule is set to tcp or udp, the port range is 1 to 65535. Set the port range in the following format: 1/200 or 80/80, which specifies port 1 to port 200 or port 80.
EgressAclEntries.N.NetworkAclEntryId String No nae-2zecs97e0brcge46****

The ID of the outbound rule.

Valid values of N: 0 to 29. You can update at most 30 outbound rules.

EgressAclEntries.N.EntryType String No custom

The type of the rule. Set the value to custom, which specifies custom rules.

EgressAclEntries.N.NetworkAclEntryName String No acl-2

The name of the outbound rule.

EgressAclEntries.N.Policy String No accept

The access control policy. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the traffic.
EgressAclEntries.N.Description String No This is EgressAclEntries.

The description of the outbound rule.

EgressAclEntries.N.Protocol String No all

The transport layer protocol. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: all protocols
EgressAclEntries.N.DestinationCidrIp String No 10.0.0.0/24

The destination CIDR block.

EgressAclEntries.N.Port String No -1/-1

The destination port range of the outbound traffic.

  • If Protocol of the outbound rule is set to all, icmp, or gre, the port range is -1/-1, which specifies that all ports are available.
  • If Protocol of the outbound rule is set to tcp or udp, the port range is 1 to 65535. The port range is set in the following format: 1/200 or 80/80, which specifies port 1 to port 200 or port 80.

Response parameters

Parameter Type Example Description
RequestId String 1170A5A0-E760-4331-9133-A7D38D973215

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?IngressAclEntries=[{"NetworkAclEntryId":"nae-2zepn32de59j8m4****","EntryType":"custom","NetworkAclEntryName":"acl-3","Policy":"accept","SourceCidrIp":"10.0.0.0/24","Description":"This is IngressAclEntries.","Protocol":"all","Port":"-1/-1"}]
&EgressAclEntries=[{"NetworkAclEntryId":"nae-2zecs97e0brcge46****","EntryType":"custom","NetworkAclEntryName":"acl-2","Policy":"accept","Description":"This is EgressAclEntries.","Protocol":"all","DestinationCidrIp":"10.0.0.0/24","Port":"-1/-1"}]
&UpdateIngressAclEntries=false
&UpdateEgressAclEntries=false
&NetworkAclId=nacl-bp1lhl0taikrzxsc****
&RegionId=cn-hangzhou
&ClientToken=123e4567-e89b-12d3-a456-426655440000
&Action=UpdateNetworkAclEntries
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateNetworkAclEntriesResponse>
    <RequestId>1170A5A0-E760-4331-9133-A7D38D973215</RequestId>
</UpdateNetworkAclEntriesResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "1170A5A0-E760-4331-9133-A7D38D973215"
}

Error codes

HttpCode Error code Error message Description
400 IllegalParam.IngressAclEntryId The specified IngressAclEntryId is invalid. The error message returned because the ID of the inbound ACL rule is invalid.
400 IllegalParam.EgressAclEntryId The specified EgressAclEntryId is invalid. The error message returned because the ID of the outbound ACL rule is invalid.
500 InternalError The request processing has failed due to some unknown error. The error message returned because an unknown error occurred.

For a list of error codes, visit the API Error Center.