class Fog::AWS::Compute::NetworkAcl
Constants
- ICMP
- TCP
- UDP
Public Instance Methods
Add an inbound rule, shortcut method for add_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 17 def add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) add_rule(rule_number, protocol, rule_action, cidr_block, false, options) end
Add an outbound rule, shortcut method for add_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 22 def add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) add_rule(rule_number, protocol, rule_action, cidr_block, true, options) end
Add a new rule
network_acl.add_rule(100, Fog::AWS::Compute::NetworkAcl::TCP
, 'allow', '0.0.0.0/0', true, 'PortRange.From' => 22, 'PortRange.To' => 22)
Parameters¶ ↑
-
rule_number<~Integer> - The rule number for the entry, between 100 and 32766
-
protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.
-
rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)
-
cidr_block<~String> - The CIDR range to allow or deny
-
egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).
-
options<~Hash>:
-
'Icmp.Code' -
ICMP
code, required if protocol is 1 -
'Icmp.Type' -
ICMP
type, required if protocol is 1 -
'PortRange.From' - The first port in the range, required if protocol is 6 (
TCP
) or 17 (UDP
) -
'PortRange.To' - The last port in the range, required if protocol is 6 (
TCP
) or 17 (UDP
)
Returns¶ ↑
True or false depending on the result
# File lib/fog/aws/models/compute/network_acl.rb, line 46 def add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) requires :network_acl_id service.create_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options) true end
Associate a subnet with this network ACL
network_acl.associate_with(subnet)
Parameters¶ ↑
-
subnet<~Subnet> -
Subnet
object to associate with this network ACL
Returns¶ ↑
True or false depending on the result
# File lib/fog/aws/models/compute/network_acl.rb, line 130 def associate_with(subnet) requires :network_acl_id # We have to manually find out the network ACL the subnet is currently associated with old_id = service.network_acls.all('association.subnet-id' => subnet.subnet_id).first.associations.find { |a| a['subnetId'] == subnet.subnet_id }['networkAclAssociationId'] service.replace_network_acl_association(old_id, network_acl_id) true end
Remove an inbound rule, shortcut method for remove_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 54 def remove_inbound_rule(rule_number) remove_rule(rule_number, false) end
Remove an outbound rule, shortcut method for remove_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 59 def remove_outbound_rule(rule_number) remove_rule(rule_number, true) end
Update a specific rule number
network_acl.remove_rule(100, true)
Parameters¶ ↑
-
rule_number<~Integer> - The rule number for the entry, between 100 and 32766
-
egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).
Returns¶ ↑
True or false depending on the result
# File lib/fog/aws/models/compute/network_acl.rb, line 75 def remove_rule(rule_number, egress) requires :network_acl_id service.delete_network_acl_entry(network_acl_id, rule_number, egress) true end
Create a network ACL
>> g = AWS.network_acls.new(:vpc_id => 'vpc-abcdefgh') >> g.save
# File lib/fog/aws/models/compute/network_acl.rb, line 158 def save requires :vpc_id data = service.create_network_acl(vpc_id).body['networkAcl'] new_attributes = data.reject { |key,value| key == 'tagSet' } merge_attributes(new_attributes) if tags = self.tags # expect eventual consistency Fog.wait_for { self.reload rescue nil } service.create_tags( self.identity, tags ) end true end
Update an inbound rule, shortcut method for update_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 83 def update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) update_rule(rule_number, protocol, rule_action, cidr_block, false, options) end
Update an outbound rule, shortcut method for update_rule
# File lib/fog/aws/models/compute/network_acl.rb, line 88 def update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) update_rule(rule_number, protocol, rule_action, cidr_block, true, options) end
Update a specific rule number
network_acl.update_rule(100, Fog::AWS::Compute::NetworkAcl::TCP
, 'allow', '0.0.0.0/0', true, 'PortRange.From' => 22, 'PortRange.To' => 22)
Parameters¶ ↑
-
rule_number<~Integer> - The rule number for the entry, between 100 and 32766
-
protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.
-
rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)
-
cidr_block<~String> - The CIDR range to allow or deny
-
egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).
-
options<~Hash>:
-
'Icmp.Code' -
ICMP
code, required if protocol is 1 -
'Icmp.Type' -
ICMP
type, required if protocol is 1 -
'PortRange.From' - The first port in the range, required if protocol is 6 (
TCP
) or 17 (UDP
) -
'PortRange.To' - The last port in the range, required if protocol is 6 (
TCP
) or 17 (UDP
)
Returns¶ ↑
True or false depending on the result
# File lib/fog/aws/models/compute/network_acl.rb, line 112 def update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) requires :network_acl_id service.replace_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options) true end