CFW
更新时间:2026-03-23
创建CFW策略
- 创建一个云防火墙策略,可以配置多条防火墙规则
- 创建的策略可用于绑定到EIP、VPC等实例进行流量防护
函数声明
Go
1type CreateCfwRequest struct {
2 Name string `json:"name"`
3 Description string `json:"description,omitempty"`
4 Type int32 `json:"type,omitempty"`
5 Border int32 `json:"border,omitempty"`
6 CfwRules []CreateRule `json:"cfwRules"`
7}
8
9type CreateRule struct {
10 IpVersion int32 `json:"ipVersion"`
11 Priority int32 `json:"priority"`
12 Protocol string `json:"protocol"`
13 Direction string `json:"direction"`
14 SourceAddress string `json:"sourceAddress"`
15 DestAddress string `json:"destAddress"`
16 SourcePort string `json:"sourcePort"`
17 DestPort string `json:"destPort"`
18 Action string `json:"action"`
19 Description string `json:"description,omitempty"`
20}
21
22type CreateCfwResponse struct {
23 CfwId string `json:"cfwId"`
24}
25
26func (c *Client) CreateCfw(args *CreateCfwRequest) (*CreateCfwResponse, error)参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/jl13ca9qu
返回值
操作成功:
JSON
1{
2 "cfwId": "cfw-xxxxxxxx"
3}操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.CreateCfwRequest{
2 Name: "test-cfw-policy",
3 Description: "test firewall policy",
4 CfwRules: []cfw.CreateRule{
5 {
6 IpVersion: 4,
7 Priority: 1,
8 Protocol: "TCP",
9 Direction: "in",
10 SourceAddress: "192.168.0.1",
11 DestAddress: "192.168.0.2",
12 SourcePort: "80",
13 DestPort: "88",
14 Action: "allow",
15 Description: "allow http traffic",
16 },
17 },
18}
19result, err := cfwClient.CreateCfw(args)
20if err != nil {
21 fmt.Println("create cfw failed:", err)
22 return
23}
24fmt.Println("create cfw success, cfw id is:", result.CfwId)查询CFW策略列表
- 查询用户账号下的CFW策略列表信息
- 支持按标记分页查询
- 若不提供查询条件,则默认查询所有CFW策略
- 返回结果支持marker分页,分页大小默认为1000,可通过maxKeys参数指定
函数声明
Go
1type ListCfwArgs struct {
2 Marker string `json:"marker,omitempty"`
3 MaxKeys int `json:"maxKeys,omitempty"`
4}
5
6type ListCfwResponse struct {
7 Marker string `json:"marker"`
8 MaxKeys int32 `json:"maxKeys"`
9 NextMarker string `json:"nextMarker"`
10 IsTruncated bool `json:"isTruncated"`
11 Cfws []Cfw `json:"cfws"`
12}
13
14type Cfw struct {
15 CfwId string `json:"cfwId"`
16 Name string `json:"name"`
17 Description string `json:"description"`
18 CreatedTime string `json:"createdTime"`
19 BindInstanceNum int32 `json:"bindInstanceNum"`
20 Type int32 `json:"type"`
21 Border int32 `json:"border"`
22 CfwRules []CfwRule `json:"cfwRules"`
23}
24
25func (c *Client) ListCfw(args *ListCfwArgs) (*ListCfwResponse, error)参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
JSON
1{
2 "marker": "",
3 "maxKeys": 1000,
4 "nextMarker": "",
5 "isTruncated": false,
6 "cfws": [
7 {
8 "cfwId": "cfw-xxxxxxxx",
9 "name": "test-cfw",
10 "description": "test description",
11 "createdTime": "2024-01-01T00:00:00Z",
12 "bindInstanceNum": 2,
13 "type": 1,
14 "border": 1,
15 "cfwRules": []
16 }
17 ]
18}操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.ListCfwArgs{
2 Marker: "",
3 MaxKeys: 100,
4}
5result, err := cfwClient.ListCfw(args)
6if err != nil {
7 fmt.Println("list cfw failed:", err)
8 return
9}
10fmt.Println("cfw list:", result.Cfws)查询指定CFW策略
- 查询指定CFW策略的详细信息
- 包括策略基本信息和关联的所有规则列表
函数声明
Go
1type GetCfwResponse struct {
2 CfwId string `json:"cfwId"`
3 Name string `json:"name"`
4 Description string `json:"description"`
5 CreatedTime string `json:"createdTime"`
6 BindInstanceNum int32 `json:"bindInstanceNum"`
7 Type int32 `json:"type"`
8 Border int32 `json:"border"`
9 CfwRules []CfwRule `json:"cfwRules"`
10}
11
12type CfwRule struct {
13 IpVersion int32 `json:"ipVersion"`
14 Priority int32 `json:"priority"`
15 Protocol string `json:"protocol"`
16 Direction string `json:"direction"`
17 SourceAddress string `json:"sourceAddress"`
18 DestAddress string `json:"destAddress"`
19 SourcePort string `json:"sourcePort"`
20 DestPort string `json:"destPort"`
21 Action string `json:"action"`
22 Description string `json:"description"`
23 CfwId string `json:"cfwId"`
24 CfwRuleId string `json:"cfwRuleId"`
25}
26
27func (c *Client) GetCfw(cfwId string) (*GetCfwResponse, error)参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
JSON
1{
2 "cfwId": "cfw-xxxxxxxx",
3 "name": "test-cfw",
4 "description": "test description",
5 "createdTime": "2024-01-01T00:00:00Z",
6 "bindInstanceNum": 2,
7 "type": 1,
8 "border": 1,
9 "cfwRules": [
10 {
11 "ipVersion": 4,
12 "priority": 1,
13 "protocol": "TCP",
14 "direction": "in",
15 "sourceAddress": "192.168.0.1",
16 "destAddress": "192.168.0.2",
17 "sourcePort": "80",
18 "destPort": "88",
19 "action": "allow",
20 "description": "allow http traffic",
21 "cfwId": "cfw-xxxxxxxx",
22 "cfwRuleId": "cfwr-yyyyyyyy"
23 }
24 ]
25}操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1result, err := cfwClient.GetCfw("cfw-xxxxxxxx")
2if err != nil {
3 fmt.Println("get cfw failed:", err)
4 return
5}
6fmt.Println("cfw info:", result)修改CFW策略
- 修改指定CFW策略的基本信息
- 可以修改策略的名称和描述信息
函数声明
Go
1type UpdateCfwRequest struct {
2 Name string `json:"name,omitempty"`
3 Description string `json:"description,omitempty"`
4}
5
6func (c *Client) UpdateCfw(cfwId string, args *UpdateCfwRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.UpdateCfwRequest{
2 Name: "updated-cfw-name",
3 Description: "updated description",
4}
5err := cfwClient.UpdateCfw("cfw-xxxxxxxx", args)
6if err != nil {
7 fmt.Println("update cfw failed:", err)
8 return
9}
10fmt.Println("update cfw success")删除CFW策略
- 删除指定的CFW策略
- CFW存在绑定关系时不允许删除,需要先解绑所有关联的实例
- 被删除的CFW策略无法找回
函数声明
Go
1func (c *Client) DeleteCfw(cfwId string) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1err := cfwClient.DeleteCfw("cfw-xxxxxxxx")
2if err != nil {
3 fmt.Println("delete cfw failed:", err)
4 return
5}
6fmt.Println("delete cfw success")批量创建CFW规则
- 为指定CFW策略批量创建防火墙规则
- 五元组(protocol/sourceAddress/destAddress/sourcePort/destPort) + 方向(direction)不能全部相同
- 一次最多创建100条规则
函数声明
Go
1type CreateCfwRuleRequest struct {
2 CfwRules []CreateRule `json:"cfwRules"`
3}
4
5func (c *Client) CreateCfwRule(cfwId string, args *CreateCfwRuleRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.CreateCfwRuleRequest{
2 CfwRules: []cfw.CreateRule{
3 {
4 IpVersion: 4,
5 Priority: 2,
6 Protocol: "UDP",
7 Direction: "out",
8 SourceAddress: "192.168.1.1",
9 DestAddress: "192.168.1.2",
10 SourcePort: "53",
11 DestPort: "53",
12 Action: "allow",
13 Description: "allow dns traffic",
14 },
15 },
16}
17err := cfwClient.CreateCfwRule("cfw-xxxxxxxx", args)
18if err != nil {
19 fmt.Println("create cfw rule failed:", err)
20 return
21}
22fmt.Println("create cfw rule success")修改CFW规则
- 修改指定CFW策略中的某条规则
- 五元组(protocol/sourceAddress/destAddress/sourcePort/destPort) + 方向(direction)不能全部相同
函数声明
Go
1type UpdateCfwRuleRequest struct {
2 IpVersion int32 `json:"ipVersion,omitempty"`
3 Priority int32 `json:"priority,omitempty"`
4 Protocol string `json:"protocol,omitempty"`
5 Direction string `json:"direction,omitempty"`
6 SourceAddress string `json:"sourceAddress,omitempty"`
7 DestAddress string `json:"destAddress,omitempty"`
8 SourcePort string `json:"sourcePort,omitempty"`
9 DestPort string `json:"destPort,omitempty"`
10 Action string `json:"action,omitempty"`
11 Description string `json:"description,omitempty"`
12}
13
14func (c *Client) UpdateCfwRule(cfwId, cfwRuleId string, args *UpdateCfwRuleRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.UpdateCfwRuleRequest{
2 Priority: 10,
3 SourceAddress: "192.168.2.1",
4 DestAddress: "192.168.2.2",
5 Description: "updated rule",
6}
7err := cfwClient.UpdateCfwRule("cfw-xxxxxxxx", "cfwr-yyyyyyyy", args)
8if err != nil {
9 fmt.Println("update cfw rule failed:", err)
10 return
11}
12fmt.Println("update cfw rule success")批量删除CFW规则
- 批量删除指定CFW策略中的规则
- CFW已绑定到实例时,至少保留一条规则
函数声明
Go
1type DeleteCfwRuleRequest struct {
2 CfwRuleIds []string `json:"cfwRuleIds"`
3}
4
5func (c *Client) DeleteCfwRule(cfwId string, args *DeleteCfwRuleRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.DeleteCfwRuleRequest{
2 CfwRuleIds: []string{
3 "cfwr-xxxxxxxx",
4 "cfwr-yyyyyyyy",
5 },
6}
7err := cfwClient.DeleteCfwRule("cfw-xxxxxxxx", args)
8if err != nil {
9 fmt.Println("delete cfw rule failed:", err)
10 return
11}
12fmt.Println("delete cfw rule success")查询防护边界实例列表
- 查询可以绑定CFW的实例列表
- 支持按实例类型查询,如EIP等
- 支持分页查询
- 返回结果支持marker分页,分页大小默认为1000,可通过maxKeys参数指定
函数声明
Go
1type ListInstanceRequest struct {
2 InstanceType string `json:"instanceType"`
3 Marker string `json:"marker,omitempty"`
4 MaxKeys int `json:"maxKeys,omitempty"`
5 Status string `json:"status,omitempty"`
6 Region string `json:"region,omitempty"`
7}
8
9type ListInstanceResponse struct {
10 Marker string `json:"marker"`
11 IsTruncated bool `json:"isTruncated"`
12 NextMarker string `json:"nextMarker"`
13 MaxKeys int `json:"maxKeys"`
14 Instances []Instance `json:"instances"`
15}
16
17type Instance struct {
18 InstanceId string `json:"instanceId"`
19 InstanceName string `json:"instanceName"`
20 Status string `json:"status"`
21 Region string `json:"region"`
22 CfwId string `json:"cfwId"`
23 CfwName string `json:"cfwName"`
24 VpcId string `json:"vpcId"`
25 VpcName string `json:"vpcName"`
26 PublicIp string `json:"publicIp"`
27 Role string `json:"role"`
28 LocalIfId string `json:"localIfId"`
29 LocalIfName string `json:"localIfName"`
30 PeerRegion string `json:"peerRegion"`
31 PeerVpcId string `json:"peerVpcId"`
32 PeerVpcName string `json:"peerVpcName"`
33 MemberId string `json:"memberId"`
34 MemberName string `json:"memberName"`
35 MemberAccountId string `json:"memberAccountId"`
36}
37
38func (c *Client) ListInstance(args *ListInstanceRequest) (*ListInstanceResponse, error)参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
JSON
1{
2 "marker": "",
3 "maxKeys": 1000,
4 "nextMarker": "",
5 "isTruncated": false,
6 "instances": [
7 {
8 "instanceId": "ip-xxxxxxxx",
9 "instanceName": "test-eip",
10 "status": "available",
11 "region": "bj",
12 "cfwId": "cfw-xxxxxxxx",
13 "cfwName": "test-cfw",
14 "publicIp": "1.2.3.4"
15 }
16 ]
17}操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.ListInstanceRequest{
2 InstanceType: "eip",
3 MaxKeys: 100,
4 Region: "bj",
5}
6result, err := cfwClient.ListInstance(args)
7if err != nil {
8 fmt.Println("list instance failed:", err)
9 return
10}
11fmt.Println("instance list:", result.Instances)批量实例绑定CFW
- 将指定的实例批量绑定到CFW策略
- 没有规则的CFW不能绑定到实例
- 绑定后实例的流量将受到CFW规则的防护
函数声明
Go
1type BindCfwRequest struct {
2 InstanceType string `json:"instanceType"`
3 Instances []CfwBind `json:"instances"`
4}
5
6type CfwBind struct {
7 Region string `json:"region"`
8 InstanceId string `json:"instanceId"`
9 Role string `json:"role,omitempty"`
10 MemberId string `json:"memberId,omitempty"`
11}
12
13func (c *Client) BindCfw(cfwId string, args *BindCfwRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.BindCfwRequest{
2 InstanceType: "eip",
3 Instances: []cfw.CfwBind{
4 {
5 Region: "bj",
6 InstanceId: "ip-xxxxxxxx",
7 },
8 {
9 Region: "bj",
10 InstanceId: "ip-yyyyyyyy",
11 },
12 },
13}
14err := cfwClient.BindCfw("cfw-xxxxxxxx", args)
15if err != nil {
16 fmt.Println("bind cfw failed:", err)
17 return
18}
19fmt.Println("bind cfw success")批量实例解绑CFW
- 将指定的实例批量从CFW策略解绑
- 解绑后实例的流量将不再受到CFW规则的防护
函数声明
Go
1type UnbindCfwRequest struct {
2 InstanceType string `json:"instanceType"`
3 Instances []CfwBind `json:"instances"`
4}
5
6func (c *Client) UnbindCfw(cfwId string, args *UnbindCfwRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.UnbindCfwRequest{
2 InstanceType: "eip",
3 Instances: []cfw.CfwBind{
4 {
5 Region: "bj",
6 InstanceId: "ip-xxxxxxxx",
7 },
8 },
9}
10err := cfwClient.UnbindCfw("cfw-xxxxxxxx", args)
11if err != nil {
12 fmt.Println("unbind cfw failed:", err)
13 return
14}
15fmt.Println("unbind cfw success")实例开启CFW保护
- 已绑定CFW并且临时关闭了防护功能的实例,使用该接口恢复CFW的防护功能
- 开启后CFW规则将对实例流量生效
函数声明
Go
1type EnableCfwRequest struct {
2 InstanceId string `json:"instanceId"`
3 Role string `json:"role,omitempty"`
4 MemberId string `json:"memberId,omitempty"`
5}
6
7func (c *Client) EnableCfw(cfwId string, args *EnableCfwRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.EnableCfwRequest{
2 InstanceId: "ip-xxxxxxxx",
3}
4err := cfwClient.EnableCfw("cfw-xxxxxxxx", args)
5if err != nil {
6 fmt.Println("enable cfw failed:", err)
7 return
8}
9fmt.Println("enable cfw success")实例关闭CFW保护
- 已绑定CFW的实例,使用该接口临时关闭CFW的防护功能
- 关闭后CFW规则将不对实例流量生效
函数声明
Go
1type DisableCfwRequest struct {
2 InstanceId string `json:"instanceId"`
3 Role string `json:"role,omitempty"`
4 MemberId string `json:"memberId,omitempty"`
5}
6
7func (c *Client) DisableCfw(cfwId string, args *DisableCfwRequest) error参数含义
请参考OpenAPI文档:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
返回值
操作成功:
无特殊返回参数
操作失败:
抛出异常,异常列表参考:https://cloud.baidu.com/doc/CFW/s/Cl13c6svf
代码示例
Go
1args := &cfw.DisableCfwRequest{
2 InstanceId: "ip-xxxxxxxx",
3}
4err := cfwClient.DisableCfw("cfw-xxxxxxxx", args)
5if err != nil {
6 fmt.Println("disable cfw failed:", err)
7 return
8}
9fmt.Println("disable cfw success")评价此篇文章