forked from docs/doc-exports
Qin Ying, Fan
310d2d9eb1
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com> Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
116 lines
7.2 KiB
HTML
116 lines
7.2 KiB
HTML
<a name="EN-US_TOPIC_0000001487936070"></a><a name="EN-US_TOPIC_0000001487936070"></a>
|
|
|
|
<h1 class="topictitle1">What Are the Relationships Among Firewall Groups, Policies, and Rules?</h1>
|
|
<div id="body0000001487936070"><div class="section" id="EN-US_TOPIC_0000001487936070__section35711833105314"><h4 class="sectiontitle">Relationships</h4><p id="EN-US_TOPIC_0000001487936070__p15901133735314">Firewall resources are classified into groups, policies, and rules.</p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p1961171419118">The relationships among them are as follows:</p>
|
|
<ul id="EN-US_TOPIC_0000001487936070__ul1034301619186"><li id="EN-US_TOPIC_0000001487936070__li20343131610188">A firewall policy can be associated with multiple firewall rules.</li><li id="EN-US_TOPIC_0000001487936070__li153431616141817">A firewall group can be associated with two firewall policies. One policy controls inbound traffic and the other controls outbound traffic.</li><li id="EN-US_TOPIC_0000001487936070__li1334310160185">A firewall policy must be associated with a firewall group.</li></ul>
|
|
<p id="EN-US_TOPIC_0000001487936070__p111221342131713">Log in to the network console and view basic information about the firewall. You can view the name and ID of the firewall.</p>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001487936070__p8060118"></p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p564119361128"><span><img id="EN-US_TOPIC_0000001487936070__image13332038141214" src="en-us_image_0000001487964866.png"></span></p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p222332313231">On the <strong id="EN-US_TOPIC_0000001487936070__b6325111144115">Inbound Rules</strong> or <strong id="EN-US_TOPIC_0000001487936070__b108071534413">Outbound Rules</strong> tab, you can add, modify, or delete firewall rules. These rules are associated with the same inbound or outbound policy.</p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p839922962513"></p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p123323915142"><span><img id="EN-US_TOPIC_0000001487936070__image8110184116149" src="en-us_image_0000001538445357.png"></span></p>
|
|
<div class="section" id="EN-US_TOPIC_0000001487936070__section431917432913"><h4 class="sectiontitle">Example</h4><p id="EN-US_TOPIC_0000001487936070__p1868338122911">The following describes how to create firewall resources.</p>
|
|
<ul id="EN-US_TOPIC_0000001487936070__ul139071353134310"><li id="EN-US_TOPIC_0000001487936070__li190719536437">Creating a firewall rule</li></ul>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen8550113225517">POST /v2.0/fwaas/firewall_rules</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p95365410399">Request body</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen64065496556">{
|
|
"firewall_rule": {
|
|
"name": "fw-rule-ingress-1",
|
|
"description": "create a ingress firewall rule ",
|
|
"protocol": "TCP",
|
|
"action": "ALLOW",
|
|
"ip_version": 4,
|
|
"destination_ip_address": "192.168.22.0/24",
|
|
"source_ip_address": "0.0.0.0/0",
|
|
"enabled": true
|
|
}
|
|
}</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p13158105933717">Response body of obtaining <strong id="EN-US_TOPIC_0000001487936070__b1470348131419">firewall_rule_id</strong>: 84d10f4a-9f8b-41b8-bdfa-5a0f18736f12</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen136476582412">{
|
|
"firewall_rule": {
|
|
"protocol": "tcp",
|
|
"description": "create a ingress firewall rule ",
|
|
"source_ip_address": "0.0.0.0/0",
|
|
"destination_ip_address": "192.168.22.0/24",
|
|
"source_port": null,
|
|
"destination_port": null,
|
|
"id": "84d10f4a-9f8b-41b8-bdfa-5a0f18736f12",
|
|
"name": "fw-rule-ingress-1",
|
|
"tenant_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"project_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"enabled": true,
|
|
"action": "allow",
|
|
"ip_version": 4,
|
|
"public": false
|
|
}
|
|
}</pre>
|
|
<ul id="EN-US_TOPIC_0000001487936070__ul112281324145111"><li id="EN-US_TOPIC_0000001487936070__li132282024125112">Creating a firewall policy</li></ul>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen15624532164714">POST /v2.0/fwaas/firewall_policies</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p1062443284711">Request body of associating with a firewall rule</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen1262433217473">{
|
|
"firewall_policy": {
|
|
"description": "create a ingress firewall policy",
|
|
"firewall_rules": [
|
|
"84d10f4a-9f8b-41b8-bdfa-5a0f18736f12"
|
|
],
|
|
"name": "fw-policy-ingress"
|
|
}
|
|
}</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p86241732194715">Response body of obtaining <strong id="EN-US_TOPIC_0000001487936070__b1058341371913">firewall_policy_id</strong>: da037721-b895-4e07-bbcc-f5f6ac2759fb</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen92426535210">{
|
|
"firewall_policy": {
|
|
"id": "da037721-b895-4e07-bbcc-f5f6ac2759fb",
|
|
"name": "fw-policy-ingress",
|
|
"project_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"tenant_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"description": "create a ingress firewall policy",
|
|
"firewall_rules": [
|
|
"84d10f4a-9f8b-41b8-bdfa-5a0f18736f12"
|
|
],
|
|
"audited": false,
|
|
"public": false
|
|
}
|
|
}</pre>
|
|
<ul id="EN-US_TOPIC_0000001487936070__ul148565516577"><li id="EN-US_TOPIC_0000001487936070__li348585565713">Creating a firewall group</li></ul>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen1236120127536">POST /v2.0/fwaas/firewall_groups</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p1936111265316">Request body of associating with an inbound firewall policy</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen133616122531">{
|
|
"firewall_group": {
|
|
"name": "fw-group-example",
|
|
"description": "create a firewall group",
|
|
"ingress_firewall_policy_id": "da037721-b895-4e07-bbcc-f5f6ac2759fb",
|
|
"admin_state_up": true
|
|
}
|
|
}</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p9361512145319">Response body of obtaining <strong id="EN-US_TOPIC_0000001487936070__b7958430152012">firewall_group_id</strong>: 102493e8-fc6d-4f0d-b57f-55c5be86f5c0.</p>
|
|
<pre class="screen" id="EN-US_TOPIC_0000001487936070__screen19361512105320">{
|
|
"firewall_group": {
|
|
"id": "102493e8-fc6d-4f0d-b57f-55c5be86f5c0",
|
|
"name": "fw-group-example",
|
|
"project_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"tenant_id": "5f6387106c2048b589b369d96c2f23a2",
|
|
"admin_state_up": true,
|
|
"egress_firewall_policy_id": null,
|
|
"ingress_firewall_policy_id": "da037721-b895-4e07-bbcc-f5f6ac2759fb",
|
|
"description": "create a firewall group",
|
|
"created_at": "2023-03-09T08:54:40",
|
|
"updated_at": "2023-03-09T08:54:40",
|
|
"status": "INACTIVE",
|
|
"ports": [],
|
|
"public": false
|
|
}
|
|
}</pre>
|
|
<p id="EN-US_TOPIC_0000001487936070__p8109101625214">Log in to the network console and view the created firewall resources.</p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p27049516587"></p>
|
|
<p id="EN-US_TOPIC_0000001487936070__p116953172127"><span><img id="EN-US_TOPIC_0000001487936070__image3977192111217" src="en-us_image_0000001538444809.png"></span></p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="vpc_api_0004.html">FAQs</a></div>
|
|
</div>
|
|
</div>
|
|
|