DocsICP FilingConsole
官方文档
首页

DescribeDnsFirewallPolicy

更新时间:
复制 MD 格式
产品详情
我的收藏

Queries the list of access control lists (ACLs) for the DNS firewall.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cloudfirewall:DescribeDnsFirewallPolicy

get

*DnsFirewallPolicy

acs:yundun-cloudfirewall::{#accountId}:dnsfirewallpolicy/{#AclUuid}

 None None

Request parameters

Parameter

Type

Required

Description

Example
SourceIp

string

No

The source IP address of the request.

140.205.118.XXX
Lang

string

No

The language of the response messages. Valid values: zh (Chinese) and en (English).

zh
Lang

string

No

The language of the response messages. Valid values: zh (Chinese) and en (English).

zh
CurrentPage

string

Yes

The page number to return. Default value: 1.

1
PageSize

string

Yes

The number of entries to return on each page.

10
Source

string

No

The source address in the DNS firewall policy. Fuzzy match is supported.

Note

The value of Source can be a CIDR block or an address book.

192.0.XX.XX/24
Destination

string

No

The destination address in the DNS firewall policy. Fuzzy match is supported.

Note

The value of Destination can be a CIDR block, a domain name, or an address book.

10.2.XX.XX/24
Description

string

No

The description of the DNS firewall policy.

test
AclAction

string

No

The action that is performed on traffic that hits the DNS firewall policy. Valid values:

  • accept: allows the traffic.

  • drop: denies the traffic.

  • log: monitors the traffic.

Note

If you do not specify this parameter, policies of all action types are queried.

accept
Release

string

No

The status of the access control policy. The policy is enabled by default after it is created. Valid values:

  • true: enables the access control policy.

  • false: disables the access control policy.

true
AclUuid

string

No

The unique ID of the firewall rule.

b6c8f905-2eb6-442a-ba35-9416e****
IpVersion

string

No

The IP version that is supported. Valid values:

  • 4: IPv4

  • 6: IPv6

Valid values:

  • 4 :

    IPv4

  • 6 :

    IPv6

4

Response elements

Element

Type

Description

Example

object

PageNo

string

The page number.

1
PageSize

string

The number of entries per page.

10
RequestId

string

The ID of the request.

0A4ACDE9-9F9F-56C1-B3B7-60971BA1****
TotalCount

string

The total number of entries.

10
Policys

array<object>

The DNS firewall access control policies.

object

The DNS firewall access control policy.

Direction

string

The direction of the traffic to which the access control policy applies. Valid values:

  • in: inbound traffic

  • out: outbound traffic

in
DestinationGroupType

string

The type of the destination address book in the access control policy. Valid values:

  • ip: an IP address book

  • domain: a domain address book

ip
HitLastTime

integer

The last time the policy was hit. The value is a UNIX timestamp. Unit: seconds.

1579261141
Destination

string

The destination address in the access control policy. Valid values:

  • If DestinationType is net, the value of this parameter is a destination CIDR block.

  • If DestinationType is domain, the value of this parameter is a destination domain.

  • If DestinationType is group, the value of this parameter is the name of a destination address book.

x.x.x.x/32
SourceType

string

The type of the source address in the access control policy. Valid values:

  • net: a source CIDR block

  • group: a source address book

net
AclUuid

string

The unique ID of the access control policy.

01281255-d220-4db1-8f4f-c4df221a****
Priority

integer

The priority of the access control policy. A smaller value indicates a higher priority.

110
Source

string

The source address in the access control policy. Valid values:

  • If SourceType is net, the value of this parameter is a source CIDR block. Example: 192.0.XX.XX/24.

  • If SourceType is group, the value of this parameter is the name of a source address book. Example: db_group.

  • If SourceType is location, the value of this parameter is a location. For more information about the valid values of this parameter, see AddControlPolicy. Example: ["BJ11", "ZB"].

192.0.XX.XX/24
DestinationType

string

The type of the destination address in the access control policy. Valid values:

  • net: destination CIDR block

  • group: destination address book

  • domain: destination domain

  • location: destination location

net
HitTimes

integer

The number of hits for the access control policy.

100
IpVersion

integer

The IP version supported by the access control policy. Valid values:

  • 4: IPv4

  • 6: IPv6

6
Description

string

The description of the access control policy.

test
SourceGroupType

string

The type of the source address book in the access control policy. Valid values:

  • ip: an IP address book

  • tag: a tag address book

  • domain: a domain address book

  • threat: a threat intelligence address book

  • backsrc: a back-to-origin address book

ip
AclAction

string

The action that is performed on traffic that matches the access control policy. Valid values:

  • accept: allows the traffic.

  • drop: denies the traffic.

  • log: monitors the traffic.

accept
Release

string

Indicates whether the access control policy is enabled. After a policy is created, it is enabled by default. Valid values:

  • true: enabled

  • false: disabled

true
DestinationAddrs

array

The destination addresses in the address book.

string

The destination addresses in the address book.

192.0.XX.XX/24

SourceAddrs

array

The source addresses.

string

The source address.

10.2.XX.XX/24

Examples

Success response

JSON format

{
  "PageNo": "1",
  "PageSize": "10",
  "RequestId": "0A4ACDE9-9F9F-56C1-B3B7-60971BA1****",
  "TotalCount": "10",
  "Policys": [
    {
      "Direction": "in",
      "DestinationGroupType": "ip",
      "HitLastTime": 1579261141,
      "Destination": "x.x.x.x/32",
      "SourceType": "net",
      "AclUuid": "01281255-d220-4db1-8f4f-c4df221a****",
      "Priority": 110,
      "Source": "192.0.XX.XX/24",
      "DestinationType": "net",
      "HitTimes": 100,
      "IpVersion": 6,
      "Description": "test",
      "SourceGroupType": "ip",
      "AclAction": "accept",
      "Release": "true",
      "DestinationAddrs": [
        "192.0.XX.XX/24\n"
      ],
      "SourceAddrs": [
        "10.2.XX.XX/24\n"
      ]
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description
400 ErrorParametersUid The aliUid parameter is invalid. The aliUid parameter is invalid.
400 ErrorDBSelect An error occurred while querying database. An error occurred while querying database.
400 ErrorParameterIpVersion The IP version is invalid. The IP version is invalid.
400 ErrorParametersSource The source is invalid. The source is invalid.
400 ErrorParametersAction The action is invalid. The action is invalid.
400 ErrorParametersNewOrder The newOrder is invalid. The newOrder is invalid.
400 ErrorParametersPageSizeOrNo Either pageSize or pageNo is invalid. Either pageSize or pageNo is invalid.
400 ErrorMarshalJSON An error occurred while encoding JSON. An error occurred while encoding JSON.
400 ErrorParametersDestination The Destination parameter is invalid. The Destination parameter is invalid.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.