security group rule¶
A security group rule specifies the network access rules for servers and other resources on the network.
Compute v2, Network v2
security group rule create¶
Create a new security group rule
openstack security group rule create
[--extra-property type=<property_type>,name=<property_name>,value=<property_value>]
[--remote-ip <ip-address> | --remote-group <group> | --remote-address-group <group>]
[--dst-port <port-range>]
[--protocol <protocol>]
[--description <description>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
- --extra-property type=<property_type>,name=<property_name>,value=<property_value>¶
Additional parameters can be passed using this property. Default type of the extra property is string (‘str’), but other types can be used as well. Available types are: ‘dict’, ‘list’, ‘str’, ‘bool’, ‘int’. In case of ‘list’ type, ‘value’ can be semicolon-separated list of values. For ‘dict’ value is semicolon-separated list of the key:value pairs.
- --remote-ip <ip-address>¶
Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)
- --remote-group <group>¶
Remote security group (name or ID)
- --remote-address-group <group>¶
Remote address group (name or ID)
- --dst-port <port-range>¶
Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.
- --protocol <protocol>¶
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))
- --description <description>¶
Set security group rule description
- --icmp-type <icmp-type>¶
ICMP type for ICMP IP protocols
- --icmp-code <icmp-code>¶
ICMP code for ICMP IP protocols
- --ingress¶
Rule applies to incoming network traffic (default)
- --egress¶
Rule applies to outgoing network traffic
- --ethertype <ethertype>¶
Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)
- --project <project>¶
Owner’s project (name or ID)
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- group¶
Create rule in this security group (name or ID)
security group rule delete¶
Delete security group rule(s)
openstack security group rule delete <rule> [<rule> ...]
- rule¶
Security group rule(s) to delete (ID only)
security group rule list¶
List security group rules
openstack security group rule list
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--protocol <protocol>]
[--ethertype <ethertype>]
[--ingress | --egress]
[--long]
[--project <project>]
[--project-domain <project-domain>]
[<group>]
- --sort-column SORT_COLUMN¶
specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
- --sort-ascending¶
sort the column(s) in ascending order
- --sort-descending¶
sort the column(s) in descending order
- --protocol <protocol>¶
List only rules with the specified IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))
- --ethertype <ethertype>¶
List only rules with the specified Ethertype (IPv4 or IPv6)
- --ingress¶
List only rules applied to incoming network traffic
- --egress¶
List only rules applied to outgoing network traffic
- --long¶
Deprecated This argument is no longer needed
- --project <project>¶
List only rules with the specified project (name or ID)
- --project-domain <project-domain>¶
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
- group¶
List all rules in this security group (name or ID)
security group rule show¶
Display security group rule details
openstack security group rule show <rule>
- rule¶
Security group rule to display (ID only)
