8cbc51cda4
This patch rearranges and reformats existing content. Change-Id: Ibcad865d2ae45696628f77b5bd5f0e6b1f6842cf
6.1 KiB
firewall group rule
A firewall group rule represents a collection of attributes like ports, IP addresses which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.
Network v2
firewall group rule create
Create a firewall rule for a given project
firewall group rule create
openstack firewall group rule create--name <name>
Set firewall rule name.
--enable
Enable firewall rule (default).
--disable
Disable firewall rule.
--public
Make the firewall rule public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).
--private
Restrict use of the firewall rule to the current project.
--project <project>
Owner's project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--description <description>
A description of the firewall rule.
--protocol <protocol>
Protocol for the firewall rule ('tcp', 'udp', 'icmp', 'any'). Default is 'any'.
--action <action>
Action for the firewall rule ('allow', 'deny', 'reject'). Default is 'deny'.
--ip-version <ip-version>
Set IP version 4 or 6 (default is 4).
--source-port <source-port>
Source port number or range (integer in [1, 65535] or range like 123:456).
--no-source-port
Detach source port number or range.
--destination-port <destination-port>
Destination port number or range (integer in [1, 65535] or range like 123:456).
--no-destination-port
Detach destination port number or range.
--source-ip-address <source-ip-address>
Source IP address or subnet.
--no-source-ip-address
Detach source IP address.
--destination-ip-address <destination-ip-address>
Destination IP address or subnet.
--no-destination-ip-address
Detach destination IP address.
--enable-rule
Enable this rule (default is enabled).
--disable-rule
Disable this rule.
firewall group rule delete
Delete a given firewall rule
firewall group rule delete
openstack firewall group rule delete
<firewall-rule> [<firewall-rule> ...]
Firewall rule(s) to delete (name or ID).firewall group rule list
List all firewall rules
firewall group rule list
openstack firewall group rule list
[--long]--long
List additional fields in output.
firewall group rule set
Set firewall rule properties
firewall group rule set
openstack firewall group rule set
Firewall rule to set (name or ID).--name <name>
Set firewall rule name.
--enable
Enable firewall rule (default).
--disable
Disable firewall rule.
--public
Make the firewall rule public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).
--private
Restrict use of the firewall rule to the current project.
--project <project>
Owner's project (name or ID).
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--description <description>
A description of the firewall rule.
--protocol <protocol>
Protocol for the firewall rule ('tcp', 'udp', 'icmp', 'any').
--action <action>
Action for the firewall rule ('allow', 'deny', 'reject').
--ip-version <ip-version>
Set IP version 4 or 6 (default is 4).
--source-port <source-port>
Source port number or range (integer in [1, 65535] or range like 123:456).
--no-source-port
Detach source port number or range.
--destination-port <destination-port>
Destination port number or range (integer in [1, 65535] or range like 123:456).
--no-destination-port
Detach destination port number or range.
--source-ip-address <source-ip-address>
Source IP address or subnet.
--no-source-ip-address
Detach source IP address.
--destination-ip-address <destination-ip-address>
Destination IP address or subnet.
--no-destination-ip-address
Detach destination IP address.
--enable-rule
Enable this rule (default is enabled).
--disable-rule
Disable this rule.
firewall group rule show
Show information of a given firewall rule
firewall group rule show
openstack firewall group rule show
<firewall-rule>
Firewall rule to display (name or ID).firewall group rule unset
Unset firewall rule properties
firewall group rule unset
openstack firewall group rule unset
Firewall rule to unset (name or ID).--enable
Disable firewall rule.
--public
Restrict use of the firewall rule to the current project.
--source-port
Detach source port number or range.
--destination-port
Detach destination port number or range.
--source-ip-address
Detach source IP address.
--destination-ip-address
Detach destination IP address.
--enable-rule
Disable this rule.