Managing Network ACLs

Last updated: 2020-04-02 17:59:58

    Creating Network ACLs

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. Select the target region and VPC at the top of the list and click +Create.
    4. In the pop-up box, enter a name for the ACL, select the belonging VPC, and click OK.
    5. On the list page, click the ID of the ACL to go to the details page, where you can add ACL rules and associated subnets.

    Adding Network ACL Rules

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. In the list, find the network ACL to be modified, and click its ID to go to the details page.
    4. To add an outbound or inbound rule, click Outbound Rules or Inbound Rules and choose Edit > New Line. Then, select the protocol type, enter the port and source IP address, and select the policy.
      • Protocol type: select the protocol types to be allowed or rejected by the ACL rule, such as TCP and UDP.
      • Port: indicates the source port of the traffic. It can be a single port or port range, for example port 80 or ports 90–100.
      • Source IP: indicates the source IP address or source IP address range of the traffic. It can be an IP address or CIDR block, for example, 10.20.3.0 or 10.0.0.2/24.
      • Policy: allow or reject.
    5. Click Save.

    Deleting Network ACL Rules

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. In the list, find the network ACL in which an ACL rule will be deleted, and click its ID to go to the Basic Information page.
    4. Click the Inbound Rules tab or the Outbound Rules tab to go to the Rule List page.
    5. Click Edit. The steps for deleting inbound rules are the same as those for deleting outbound rules. Here, the deletion of outbound rules is used as an example.
    6. In the list, locate the row of the rule to be deleted. Then, click Delete in the operation column.

      This ACL rule is now grayed out. If the deletion is a misoperation, you can click Recover the deleted rule in the operation column to restore the rule.

    7. Click Save to save the change.

      The deletion or restoration of the ACL rule takes effect only after you save it.

    Associating a Network ACL with a Subnet

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. In the list, find the network ACL to be associated, and click its ID to go to the details page.
    4. On the Basic Information page, click Add Association in the Associated Subnets section.
    5. Choose the subnet to be associated from the pop-up box, and then click OK to associate it.
      2

    Disassociating a Network ACL from a Subnet

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. In the list, find the network ACL to be disassociated, and click its ID to go to the details page.
    4. Disassociate the ACL from subnets in one of the following ways:
      • Method 1: locate the subnet to be disassociated in the Associated Subnets section of the Basic Information page, and then click Unbind.
        1
      • Method 2: In the Associated Subnets section of the Basic Information page, select the check boxes of the subnets to be disassociated and click Batch Unbind.
        2
    5. Click OK in the pop-up window.
      3

    Deleting Network ACLs

    1. Log in to VPC Console.
    2. Click Security > Network ACL in the left sidebar to go to the management page.
    3. Select the target region and VPC.
    4. In the list, find the network ACL that you want to delete, and click its ID to go to the details page.
    5. Click Delete and confirm the operation. Then, this network ACL and all its rules are deleted.

      If Delete is grayed out, such as for the network ACL named testEg in the following figure, it indicates that the network ACL is associated with a subnet. In this case, you must disassociate it from the subnet before you can complete the deletion.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help