# Network ACLs

## List all network ACLs

> Returns the list of Network ACLs belonging to a specific VPC.\
> A Network ACL is created automatically for a subnet.\
> To configure the Network ACL, use the network ACL name you defined during the network setup process to find the corresponding network ACL ID.\ <br>

```json
{"openapi":"3.0.1","info":{"title":"Default module","version":"1.0.0"},"tags":[{"name":"Network ACLs"}],"security":[],"paths":{"/api/v2/vmware/vpc/{vpc_id}/hpc/network-acls":{"get":{"summary":"List all network ACLs","deprecated":false,"description":"Returns the list of Network ACLs belonging to a specific VPC.\nA Network ACL is created automatically for a subnet.\nTo configure the Network ACL, use the network ACL name you defined during the network setup process to find the corresponding network ACL ID.\n\n","tags":["Network ACLs"],"parameters":[{"name":"vpc_id","in":"path","description":"The unique identifier of the VPC where the Network ACL belongs.","required":true,"schema":{"type":"string"}},{"name":"page","in":"query","description":"The order number of pages for pagination.","required":false,"schema":{"type":"integer","default":1}},{"name":"page_size","in":"query","description":"The number of items per page.","required":false,"schema":{"type":"integer","default":25}}],"responses":{"200":{"description":"Successful response - returns the list of Network ACLs.","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"The unique ID of the NACL."},"name":{"type":"string","description":"The unique name of the NACL."},"description":{"type":"string","description":"Description or purpose of the NACL."},"subnet":{"type":"string","description":"The subnet is associated with NACL. Subnet name and its CIDR block. It must be '<subnet name> (<CIDR>)."},"number_of_inbound_rules":{"type":"integer","description":"Number of defined inbound rules."},"number_of_outbound_rules":{"type":"integer","description":"Number of defined outbound rules."},"status":{"type":"string","description":"The status of the NACL. It must be 'active' or 'inactive'."},"created_at":{"type":"string","format":"date-time","description":"Timestamp of when the NACL was created."},"updated_at":{"type":"string","format":"date-time","description":"Timestamp of the last update to the NACL."}}}},"total":{"type":"integer","description":"Total number of NACLs is created within a VPC."}}}}},"headers":{}}}}}}}
```

## Get a network ACL details

> Returns the details of a specific Network ACL belonging to a given VPC.<br>

```json
{"openapi":"3.0.1","info":{"title":"Default module","version":"1.0.0"},"tags":[{"name":"Network ACLs"}],"security":[],"paths":{"/api/v2/vmware/vpc/{vpc_id}/hpc/network-acls/{network_acl_id}":{"get":{"summary":"Get a network ACL details","deprecated":false,"description":"Returns the details of a specific Network ACL belonging to a given VPC.\n","tags":["Network ACLs"],"parameters":[{"name":"vpc_id","in":"path","description":"The unique identifier of the VPC where the Network ACL belongs.","required":true,"schema":{"type":"string"}},{"name":"network_acl_id","in":"path","description":"The unique identifier of the network acl come from list network acls","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Successful response - returns the details of the Network ACL.","content":{"application/json":{"schema":{"type":"object","properties":{"status":{"type":"boolean"},"data":{"type":"object","properties":{"id":{"type":"string","description":"The unique ID of the NACL."},"name":{"type":"string","description":"The unique name of the NACL."},"description":{"type":"string","description":"Description or purpose of the NACL."},"subnet":{"type":"string","description":"The subnet is associated with NACL. Subnet name and its CIDR block. It must be '<subnet name> (<CIDR>)."},"status":{"type":"string","description":"The status of the NACL. It must be 'active' or 'inactive'."},"created_at":{"type":"string","format":"date-time","description":"Timestamp of when the NACL was created."},"updated_at":{"type":"string","format":"date-time","description":"Timestamp of the last update to the NACL."}}}}}}},"headers":{}}}}}}}
```

## Update a network ACL

> Update name or description of a Network ACL.

```json
{"openapi":"3.0.1","info":{"title":"Default module","version":"1.0.0"},"tags":[{"name":"Network ACLs"}],"security":[],"paths":{"/api/v2/vmware/vpc/{vpc_id}/hpc/network-acls/{network_acl_id}":{"patch":{"summary":"Update a network ACL","deprecated":false,"description":"Update name or description of a Network ACL.","tags":["Network ACLs"],"parameters":[{"name":"vpc_id","in":"path","description":"The unique identifier of the VPC where the Network ACL belongs.","required":true,"schema":{"type":"string"}},{"name":"network_acl_id","in":"path","description":"The unique identifier of the network acl come from list network acls","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"The new name for the Network ACL that you want to update."},"description":{"type":"string","description":"The new description for the Network ACL that you want to update."}},"required":["name"]}}}},"responses":{"200":{"description":"Successful response - Returns a network ACL with updated description.","content":{"application/json":{"schema":{"type":"object","properties":{"status":{"type":"boolean"},"data":{"type":"object","properties":{"id":{"type":"string","description":"The unique ID of the NACL."},"name":{"type":"string","description":"The unique name of the NACL."},"description":{"type":"string","description":"Description or purpose of the NACL."},"vpc_id":{"type":"string","description":"The unique identifier of the VPC where the Network ACL belongs."},"status":{"type":"string","description":"The status of the NACL. It must be 'active' or 'inactive'."},"created_at":{"type":"string","format":"date-time","description":"Timestamp of when the NACL was created."},"updated_at":{"type":"string","format":"date-time","description":"Timestamp of the last update to the NACL."}}}}}}},"headers":{}}}}}}}
```

## List all rule groups of a Network ACL

> Each Network ACL comprises 2 rule groups (or firewall policies): \
> \* Inbound (ingress) rules: An inbound rule permits servers to receive traffic.\
> \* Outbound (egress) rules: An outbound rule permits servers to send traffic out.\
> You need to obtain the 'firewall\_group\_id' here to update the rules.

```json
{"openapi":"3.0.1","info":{"title":"Default module","version":"1.0.0"},"tags":[{"name":"Network ACLs"}],"security":[],"paths":{"/api/v2/vmware/vpc/{vpc_id}/hpc/network-acls/{network_acl_id}/firewall-policies":{"get":{"summary":"List all rule groups of a Network ACL","deprecated":false,"description":"Each Network ACL comprises 2 rule groups (or firewall policies): \n* Inbound (ingress) rules: An inbound rule permits servers to receive traffic.\n* Outbound (egress) rules: An outbound rule permits servers to send traffic out.\nYou need to obtain the 'firewall_group_id' here to update the rules.","tags":["Network ACLs"],"parameters":[{"name":"vpc_id","in":"path","description":"The unique identifier of the VPC where the Network ACL belongs.","required":true,"schema":{"type":"string"}},{"name":"network_acl_id","in":"path","description":"The unique identifier of the network ACL comes from the \"List all network ACLs\" API.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Successful response—returns all rule groups of Network ACL.","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"The unique ID of the policy (firewall_policy_id)."},"name":{"type":"string","description":"The unique name of the NACL."},"description":{"type":"string","description":"Description or purpose of the NACL."},"firewall_group_id":{"type":"string","description":"The unique ID of the rule group (inbound or outbound)."},"type":{"type":"string","enum":["EGRESS","INGRESS"],"description":"The type of rule group. It must be 'ingress' or 'egress'."},"status":{"type":"string","description":"The status of the NACL. It must be 'active' or 'inactive'."},"created_at":{"type":"string","format":"date-time","description":"Timestamp of when the NACL was created."},"updated_at":{"type":"string","format":"date-time","description":"Timestamp of the last update to the NACL."}}}},"total":{"type":"integer","description":"The number of rule groups."}}}}},"headers":{}}}}}}}
```

## Update a rule of a network ACL

> Create a new rule or modify existing rules\
> Components of a Network ACL Rule:\
> \*Priority: Rules are processed in ascending order by priority number. Once a rule matches the traffic, it is applied, even if higher-numbered priority rules conflict with it. The system automatically increments the priority number, but the user can change it as long as it does not duplicate an existing number.\
> \*Type: Specifies the type of traffic, such as HTTP, HTTPS, or ALL.\
> Protocol: NACL supports TCP, UDP, ICMP, or any protocols.\
> \*Port: The specific port of the traffic is targeted from 1 to 65535.\
> \*Source: For inbound rules, this specifies the origin of the traffic (CIDR range).\
> \*Destination: For outbound rules, this specifies the target of the traffic (CIDR range).\
> \*Traffic Action: The specified traffic is permitted with Allow or Deny.

```json
{"openapi":"3.0.1","info":{"title":"Default module","version":"1.0.0"},"tags":[{"name":"Network ACLs"}],"security":[],"paths":{"/api/v2/vmware/vpc/{vpc_id}/hpc/network-acls/{network_acl_id}/firewall-policies/{firewall_policy_id}/firewall-rules":{"put":{"summary":"Update a rule of a network ACL","deprecated":false,"description":"Create a new rule or modify existing rules\nComponents of a Network ACL Rule:\n*Priority: Rules are processed in ascending order by priority number. Once a rule matches the traffic, it is applied, even if higher-numbered priority rules conflict with it. The system automatically increments the priority number, but the user can change it as long as it does not duplicate an existing number.\n*Type: Specifies the type of traffic, such as HTTP, HTTPS, or ALL.\nProtocol: NACL supports TCP, UDP, ICMP, or any protocols.\n*Port: The specific port of the traffic is targeted from 1 to 65535.\n*Source: For inbound rules, this specifies the origin of the traffic (CIDR range).\n*Destination: For outbound rules, this specifies the target of the traffic (CIDR range).\n*Traffic Action: The specified traffic is permitted with Allow or Deny.","tags":["Network ACLs"],"parameters":[{"name":"vpc_id","in":"path","description":"The unique identifier of the VPC where the Network ACL belongs.","required":true,"schema":{"type":"string"}},{"name":"network_acl_id","in":"path","description":"The unique identifier of the network ACL comes from the \"List all network ACLs\" API.","required":true,"schema":{"type":"string"}},{"name":"firewall_policy_id","in":"path","description":"The unique ID of the policy (Obtain this ID by \"List all rule groups of a Network ACL\" API).","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"rules":{"type":"array","items":{"type":"object","properties":{"rule_number":{"type":"integer","description":"Rules are processed in ascending order by priority number. Once a rule matches the traffic, it is applied, even if higher-numbered priority of rules conflict with it. The system automatically increments the priority number, but the user can change it as long as it does not duplicate an existing number."},"type":{"type":"string","description":"Specifies the type of traffic, such as HTTP, HTTPS, or ALL."},"protocol":{"type":"string","description":"NACL supports TCP, UDP, ICMP, or any protocols."},"port":{"type":"string","description":"The specific port of the traffic is targeted from 1 to 65535."},"traffic_action":{"type":"string","enum":["Allow","Deny"],"description":"The specified traffic is permitted with Allow or Deny."},"source_cidr":{"type":"string","description":"For inbound rules, this specifies the origin of the traffic (CIDR range)."}},"required":["rule_number","protocol","port","type","traffic_action","source_cidr"]}}}}}}},"responses":{"200":{"description":"Successful response - Returns all rules of a Network ACL which have been updated.","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"The unique ID of the rule"},"rule_number":{"type":"integer","description":"Rules are processed in ascending order by priority number. Once a rule matches the traffic, it is applied, even if higher-numbered priority of rules conflict with it. The system automatically increments the priority number, but the user can change it as long as it does not duplicate an existing number."},"firewall_policy_id":{"type":"string","description":"The unique ID of the policy (Obtain this ID by \"List all rule groups of a Network ACL\" API)."},"firewall_group_id":{"type":"string","description":"The unique ID of the rule group (inbound or outbound)."},"osp_firewall_rule_id":{"type":"string","description":"The unique ID of the rule group (inbound or outbound) in the infrastructure platform managed by FPT.","nullable":true},"type":{"type":"string","description":"Specifies the type of traffic, such as HTTP, HTTPS, or ALL."},"protocol":{"type":"string","description":"NACL supports TCP, UDP, ICMP, or any protocols."},"port":{"type":"string","description":"The specific port of the traffic is targeted from 1 to 65535."},"source_cidr":{"type":"string","description":"For inbound rules, this specifies the origin of the traffic (CIDR range)."},"destination_cidr":{"type":"string","description":"For outbound rules, this specifies the target of the traffic (CIDR range).","nullable":true},"traffic_action":{"type":"string","description":"The specified traffic is permitted with Allow or Deny."},"is_default":{"type":"boolean","description":"The default rule is auto-created with a new NACL.","nullable":true},"status":{"type":"string","description":"The status of the rule. It must be 'active' or 'inactive'."},"created_at":{"type":"string","format":"date-time","description":"Timestamp of when the rule was created."},"updated_at":{"type":"string","format":"date-time","description":"Timestamp of the last update to rule."}}}},"total":{"type":"integer","description":"The number of rules."}}}}},"headers":{}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ai-docs.fptcloud.com/api-reference/ai-infrastructure/metal-cloud/network-acls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.