Create a User-defined Network ACL
Each user can create a maximum of 200 user-defined network ACLs by default.
- Log in to the management console.
- Under Computing, click Bare Metal Server.
The BMS console is displayed.
- Click the User-defined Networks tab and click Create User-defined Network ACL.
- Enter a name and description and click OK.
- After the user-defined network ACL is created successfully, it is displayed in the list of user-defined network ACLs.
Add an Inbound/Outbound Rule
Add an inbound or outbound rule based on your network security requirements.
- On the BMS console, click the User-defined Networks tab and select User-defined Network ACLs.
- Click the name of the target user-defined network ACL.
- On the Inbound Rules or Outbound Rules tab, click Add Rule to add an inbound or outbound rule.
You can click + to add more rules.
Table 1 Parameter description Parameter
Description
Policy
Specifies the policy of the user-defined network ACL. This parameter is mandatory. You can select a value from the drop-down list.
Protocol
Specifies the protocol supported by the user-defined network ACL. This parameter is mandatory. You can select a value from the drop-down list. Currently, only TCP, UDP, ICMP, and All protocols are available. If you select ICMP or All protocols, port information cannot be specified.
Source
Specifies the source IP address from which the traffic is permitted.
The default value is 0.0.0.0/0, which indicates that traffic from all IP addresses is permitted.
For example:
xxx.xxx.xxx.xxx/32 (IP address)
xxx.xxx.xxx.0/24 (CIDR block)
0.0.0.0/0 (any IP address)
Source Port Range
Specifies the source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-), such as 1-100.
You must specify this parameter if TCP or UDP is selected for Protocol.
Destination
Specifies the destination IP address to which the traffic is permitted.
The default value is 0.0.0.0/0, which indicates that traffic from all IP addresses is permitted.
For example:
xxx.xxx.xxx.xxx/32 (IP address)
xxx.xxx.xxx.0/24 (CIDR block)
0.0.0.0/0 (any IP address)
Destination Port Range
Specifies the destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-), such as 1-100.
You must specify this parameter if TCP or UDP is selected for Protocol.
Description
Specifies description of the user-defined network ACL rule. This parameter is optional.
The description can contain a maximum of 255 characters and cannot contain angle brackets (<) or (>).
- Click OK.
Associate a User-defined Network ACL with a User-defined Subnet
When you need to associate a user-defined network ACL with a user-defined subnet, go to the user-defined network ACL details page and click the User-defined Subnets tab. By default, a user-defined network ACL denies all inbound traffic to and outbound traffic from the associated subnet until you add rules.
- On the BMS console, click the User-defined Networks tab and select User-defined Network ACLs.
- Click the name of the target user-defined network ACL.
- On the Associate Subnet page, click Associate.
- Select the user-defined subnets you want to associate with the user-defined network ACL and click OK.
User-defined subnets that have already been associated with user-defined network ACLs will not be displayed on the page for you to select. One-click user-defined subnet association and disassociation are not supported. If you want to associate a user-defined subnet that has already been associated with another user-defined network ACL, you must first disassociate the subnet from the original network ACL.