Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
VM::EC2::VPC::NetworkAUser)Contributed Perl DocumenVM::EC2::VPC::NetworkAcl(3)

NAME
       VM::EC2::VPC::NetworkAcl	- Virtual Private Cloud	network	ACL

SYNOPSIS
	use VM::EC2;

	my $ec2	     = VM::EC2->new(...);
	my @acls     = $ec2->describe_network_acls(-network_acl_id=>'acl-12345678');
	 foreach my $acl (@acls) {
	     my	$vpc_id	 = $acl->vpcId;
	     my	$default = $acl->default;
	     my	@entries = $acl->entries;
	     my	@assoc	 = $acl->associations;
	     ...
	 }

	my $acl	     = $ec2->create_network_acl_entry(...);

DESCRIPTION
       This object represents an Amazon	EC2 VPC	network	ACL, and is returned
       by VM::EC2->describe_network_acls() and ->create_network_acl()

METHODS
       These object methods are	supported:

	networkAclId   -- The network ACL's ID.
	vpcId	       -- The ID of the	VPC the	network	ACL is in.
	default	       -- Whether this is the default network ACL in the VPC.
	entrySet       -- A list of entries (rules) in the network ACL.
	associationSet -- A list of associations between the network ACL and
			  one or more subnets.
	tagSet	       -- Tags assigned	to the resource.
	associations   -- Alias	for associationSet.
	entries	       -- Alias	for entrySet.

       The object also supports	the tags() method described in
       VM::EC2::Generic:

CONVENIENCE METHODS
   $success = $acl->create_entry(%args)	=head2 $success	=
       $acl->create_entry($acl_entry)
       Creates an entry	(i.e., rule) in	a network ACL with the rule number you
       specified. Each network ACL has a set of	numbered ingress rules and a
       separate	set of numbered	egress rules. When determining whether a
       packet should be	allowed	in or out of a subnet associated with the ACL,
       Amazon VPC processes the	entries	in the ACL according to	the rule
       numbers,	in ascending order.

       Arguments:

	-rule_number	      -- Rule number to	assign to the entry (e.g., 100).
				 ACL entries are processed in ascending	order by
				 rule number.  Positive	integer	from 1 to 32766.
				 (Required)
	-protocol	      -- The IP	protocol the rule applies to. You can use
				 -1 to mean all	protocols.  See
				 http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
				 for a list of protocol	numbers. (Required)
	-rule_action	      -- Indicates whether to allow or deny traffic that
				  matches the rule.  allow | deny (Required)
	-egress		      -- Indicates whether this	rule applies to	egress
				 traffic from the subnet (true)	or ingress traffic
				 to the	subnet (false).	 Default is false.
	-cidr_block	      -- The CIDR range	to allow or deny, in CIDR notation
				 (e.g.,	172.16.0.0/24).	(Required)
	-icmp_code	      -- For the ICMP protocol,	the ICMP code. You can use
				 -1 to specify all ICMP	codes for the given ICMP
				 type.	Required if specifying 1 (ICMP)	for protocol.
	-icmp_type	      -- For the ICMP protocol,	the ICMP type. You can use
				 -1 to specify all ICMP	types.	Required if
				 specifying 1 (ICMP) for the protocol
	-port_from	      -- The first port	in the range.  Required	if specifying
				 6 (TCP) or 17 (UDP) for the protocol.
	-port_to	      -- The last port in the range.  Required if specifying
				 6 (TCP) or 17 (UDP) for the protocol.

       Alternately, can	pass an	existing ACL entry object
       VM::EC2::VPC::NetworkAcl::Entry as the only argument for	ease in
       copying entries from one	ACL to another.

       Returns true on successful creation.

   $success = $acl->delete_entry(%args)	=head2 $success	=
       $acl->delete_entry($acl_entry)
       Deletes an ingress or egress entry (i.e., rule) from a network ACL.

       Arguments:

	-network_acl_id	      -- ID of the ACL where the entry will be created

	-rule_number	      -- Rule number of	the entry (e.g., 100).

       Optional	arguments:

	-egress	   -- Whether the rule to delete is an egress rule (true) or ingress
		      rule (false).  Default is	false.

       Alternately, can	pass an	existing ACL entry object
       VM::EC2::VPC::NetworkAcl::Entry as the only argument to ease deletion
       of entries.

       Returns true on successful deletion.

   $success = replace_entry(%args) =head2 $success = replace_entry($acl_entry)
       Replaces	an entry (i.e.,	rule) in a network ACL.

       Arguments:

	-network_acl_id	      -- ID of the ACL where the entry will be created
				 (Required)
	-rule_number	      -- Rule number of	the entry to replace. (Required)
	-protocol	      -- The IP	protocol the rule applies to. You can use
				 -1 to mean all	protocols.  See
				 http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
				 for a list of protocol	numbers. (Required)
	-rule_action	      -- Indicates whether to allow or deny traffic that
				  matches the rule.  allow | deny (Required)
	-egress		      -- Indicates whether this	rule applies to	egress
				 traffic from the subnet (true)	or ingress traffic
				 to the	subnet (false).	 Default is false.
	-cidr_block	      -- The CIDR range	to allow or deny, in CIDR notation
				 (e.g.,	172.16.0.0/24).	(Required)
	-icmp_code	      -- For the ICMP protocol,	the ICMP code. You can use
				 -1 to specify all ICMP	codes for the given ICMP
				 type.	Required if specifying 1 (ICMP)	for protocol.
	-icmp_type	      -- For the ICMP protocol,	the ICMP type. You can use
				 -1 to specify all ICMP	types.	Required if
				 specifying 1 (ICMP) for the protocol
	-port_from	      -- The first port	in the range.  Required	if specifying
				 6 (TCP) or 17 (UDP) for the protocol.
	-port_to	      -- The last port in the range.  Only required if
				 specifying 6 (TCP) or 17 (UDP)	for the	protocol and
				 is a different	port than -port_from.

       Alternately, can	pass an	existing ACL entry object
       VM::EC2::VPC::NetworkAcl::Entry as the only argument for	ease in
       replacing entries from one ACL to another.  The rule number in the
       passed entry object must	already	exist in the ACL.

       Returns true on successful replacement.

   $association_id = $acl->associate($subnet_id)
       Associates the ACL with a subnet	in the same VPC.  Replaces whatever
       ACL the subnet was associated with previously.

   $association_id = $acl->disassociate($subnet_id)
       Disassociates the ACL with a subnet in the same VPC.  The subnet	will
       then be associated with the default ACL.

STRING OVERLOADING
       When used in a string context, this object will interpolate the
       networkAclId.

SEE ALSO
       VM::EC2 VM::EC2::Generic	VM::EC2::Tag VM::EC2::VPC
       VM::EC2::VPC::NetworkAcl::Entry VM::EC2::VPC::NetworkAcl::Association

AUTHOR
       Lance Kinley <lkinley@loyaltymethods.com>.

       Copyright (c) 2012 Loyalty Methods, Inc.

       This package and	its accompanying libraries is free software; you can
       redistribute it and/or modify it	under the terms	of the GPL (either
       version 1, or at	your option, any later version)	or the Artistic
       License 2.0.  Refer to LICENSE for the full license text. In addition,
       please see DISCLAIMER.txt for disclaimers of warranty.

perl v5.24.1			  2017-07-02	   VM::EC2::VPC::NetworkAcl(3)

NAME | SYNOPSIS | DESCRIPTION | METHODS | CONVENIENCE METHODS | STRING OVERLOADING | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=VM::EC2::VPC::NetworkAcl&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help