> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. > NetworkRuleConfig is a network firewall rule config document. # NetworkRuleConfig ```yaml theme={null} apiVersion: v1alpha1 kind: NetworkRuleConfig name: ingress-apid # Name of the config document. # Port selector defines which ports and protocols on the host are affected by the rule. portSelector: # Ports defines a list of port ranges or single ports. ports: - 50000 protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP). # Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`. ingress: - subnet: 192.168.0.0/16 # Subnet defines a source subnet. ```
Field Type Description Value(s)
`name` string Name of the config document.
`portSelector` RulePortSelector Port selector defines which ports and protocols on the host are affected by the rule.
`ingress` IngressRule Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
## portSelector RulePortSelector is a port selector for the network rule.
Field Type Description Value(s)
`ports` PortRanges Ports defines a list of port ranges or single ports.
The port ranges are inclusive, and should not overlap.
`protocol` Protocol Protocol defines traffic protocol (e.g. TCP or UDP). `tcp`
`udp`
`icmp`
`icmpv6`
## ingress\[] IngressRule is a ingress rule.
Field Type Description Value(s)
`subnet` Prefix Subnet defines a source subnet.
`except` Prefix Except defines a source subnet to exclude from the rule, it gets excluded from the `subnet`.