After you enable IPv6 Internet bandwidth for an IPv6 address, the IPv6 address can be used for communication over the Internet. You can create egress-only rules for the IPv6 address to allow only outbound IPv6 traffic. This topic describes how to create an egress-only rule for the IPv6 address of an Elastic Compute Service (ECS) instance. This allows the ECS instance to access IPv6 clients but does not allow the IPv6 clients to access the ECS instance in a virtual private cloud (VPC) over the Internet.
You cannot create egress-only rules for IPv6 addresses that are not associated with network instances.
Prerequisites
Internet bandwidth is purchased for the IPv6 address for which you want to create an egress-only rule. For more information, see Enable and manage IPv6 Internet bandwidth.
Create an egress-only rule
If the IPv6 gateway is also accepting inbound traffic, the inbound traffic is denied after an egress-only rule is created. The ECS instance denies access from IPv6 clients over the Internet. Exercise caution when you perform this operation.
- Log on to the IPv6 Gateway console.
- In the top navigation bar, select the region where the IPv6 gateway is deployed.
On the IPv6 Gateway page, click the ID of the desired IPv6 gateway.
On the details page of the IPv6 gateway, choose .
In the Create Egress-only Rule panel, specify the parameters described in the following table and click OK.
Parameter
Description
Resource Group
Select the resource group to which the egress-only rule belongs.
Associate Instance
Select an ECS instance or an elastic network interface (ENI) that uses an IPv6 address for communication over the Internet.
IPv6 Address
Select an appropriate IPv6 address.
Delete an egress-only rule
You can delete an egress-only rule anytime. After you delete the egress-only rule that you created for an IPv6 address for which Internet bandwidth is purchased, an ECS instance can use the IPv6 address to access IPv6 clients over the Internet. The ECS instance is also accessible to IPv6 clients over the Internet.
- Log on to the IPv6 Gateway console.
- In the top navigation bar, select the region where the IPv6 gateway is deployed.
On the IPv6 Gateway page, click the ID of the desired IPv6 gateway.
On the details page of the IPv6 gateway, click the Egress-only Rule tab, find the egress-only rule that you want to delete, and then click Delete in the Actions column.
In the Delete Rule message, click OK.
References
CreateIpv6EgressOnlyRule: creates an egress-only rule for an IPv6 address.
DeleteIpv6EgressOnlyRule: deletes an egress-only rule.