ACL
更新时间:2025-08-05
批量创建ACL规则
Java
1public void batchCreateBecAclRules(BecClient client) {
2 BatchCreateBecAclRulesRequest request = new BatchCreateBecAclRulesRequest();
3 // subnetId,子网ID,必需
4 request.setSubnetId("sbn-zwwt3pis8meh");
5 // aclRules,ACL规则列表,必需
6 List<AclRule> aclRules = new ArrayList<>();
7 AclRule aclRule = new AclRule();
8 // protocol,协议,包括all、tcp、udp、icmp。all包括tcp、udp、icmp
9 aclRule.setProtocol("tcp");
10 // sourceIpAddress,源IP,可以传"all",表示匹配所有IP
11 aclRule.setSourceIpAddress("192.168.1.1");
12 // destinationIpAddress,目的IP,可以传"all",表示匹配所有IP
13 aclRule.setDestinationIpAddress("192.168.0.1");
14 // sourcePort,源端口,取值范围0-65535。允许传端口范围,例如1-65535;或单个端口,例如8080
15 aclRule.setSourcePort("80");
16 // destinationPort,目的端口,取值范围0-65535。允许传端口范围,例如1-65535;或单个端口,例如8080
17 aclRule.setDestinationPort("8080");
18 // position,优先级,取值1-32768,且不能与已有条目重复。数值越小,优先级越高,规则匹配顺序为按优先级由高到低匹配
19 aclRule.setPosition(1);
20 // direction,方向。入站ingress,出站egress
21 aclRule.setDirection("ingress");
22 // etherType,IP类型,取值IPv4、IPv6
23 aclRule.setEtherType("IPv4");
24 // action,策略。允许allow,拒绝deny
25 aclRule.setAction("allow");
26 aclRules.add(aclRule);
27 request.setAclRules(aclRules);
28 BatchCreateBecAclRulesResponse response = client.batchCreateBecAclRules(request);
29 }修改ACL名称
Java
1public void updateBecAcl(BecClient client) {
2 UpdateBecAclRequest request = new UpdateBecAclRequest();
3 // ACL ID,必需
4 request.setAclId("acl-k6bfhosd");
5 // ACL名称,必需
6 request.setName("new name");
7 UpdateBecAclResponse response = client.updateBecAcl(request);
8 }修改ACL规则
Java
1public void updateBecAclRule(BecClient client) {
2 UpdateBecAclRuleRequest request = new UpdateBecAclRuleRequest();
3 // ACL规则ID,必需
4 request.setAclRuleId("ar-aaim4hgcsnvz");
5 // ACL规则,必需
6 AclRule aclRule = new AclRule();
7 // 协议,包括all、tcp、udp、icmp。all包括tcp、udp、icmp
8 aclRule.setProtocol("tcp");
9 // 源IP,可以传"all",表示匹配所有IP
10 aclRule.setSourceIpAddress("192.168.1.1");
11 // 目的IP,可以传"all",表示匹配所有IP
12 aclRule.setDestinationIpAddress("192.168.2.1");
13 // 源端口,取值范围0-65535,支持端口范围或单个端口,例如80或1000-2000
14 aclRule.setSourcePort("80");
15 // 目的端口,取值范围0-65535,支持端口范围或单个端口,例如8080或3000-4000
16 aclRule.setDestinationPort("8080");
17 // 优先级,取值1-32768,且不能与已有条目重复。数值越小优先级越高
18 aclRule.setPosition(1);
19 // 方向。入站ingress,出站egress
20 aclRule.setDirection("ingress");
21 // IP类型,取值IPv4、IPv6
22 aclRule.setEtherType("IPv4");
23 // 策略。允许allow,拒绝deny
24 aclRule.setAction("allow");
25 request.setAclRule(aclRule);
26 UpdateBecAclRuleResponse response = client.updateBecAclRule(request);
27 }查询ACL列表
Java
1public void getBecAcls(BecClient client) {
2 GetBecAclsRequest request = new GetBecAclsRequest();
3 ListRequest listRequest = new ListRequest();
4 // 页号,缺省值为1,非必需
5 listRequest.setPageNo(1);
6 // 查询返回每页个数,取值范围为1~100,缺省值为100,非必需
7 listRequest.setPageSize(10);
8 // 关键字类型,取值为aclName、vpcName,非必需
9 listRequest.setKeywordType("aclName");
10 // 查询的关键字值,非必需
11 listRequest.setKeyword("name");
12 request.setListRequest(listRequest);
13 // VPC ID,非必需
14 request.setVpcId("vpc-h5okp5hjsnzy");
15 // 节点ID。用于查询所属节点的资源,非必需
16 request.setRegionId("cn-baoding-ct");
17 GetBecAclsResponse response = client.getBecAcls(request);
18 }查询ACL详情
Java
1public void getBecAcl(BecClient client) {
2 GetBecAclRequest request = new GetBecAclRequest();
3 // VPC ID,非必需
4 request.setVpcId("vpc-h5okp5hjsnzy");
5 GetBecAclResponse response = client.getBecAcl(request);
6 }批量删除ACL规则
Java
1public void batchDeleteBecAclRules(BecClient client) {
2 BatchDeleteBecAclRulesRequest request = new BatchDeleteBecAclRulesRequest();
3 // ACL规则ID列表,必需
4 List<String> aclRuleIds = Arrays.asList("ar-aaim4hgcsnvz");
5 request.setAclRuleIds(aclRuleIds);
6 BatchDeleteBecAclRulesResponse response = client.batchDeleteBecAclRules(request);
7 }