python-openstackclient/doc/source/command-objects/security-group-rule.rst

===================
security group rule
===================

A **security group rule** specifies the network access rules for servers
and other resources on the network.

Compute v2, Network v2

security group rule create
--------------------------

Create a new security group rule

.. program:: security group rule create
.. code:: bash

    os security group rule create
        [--proto <proto>]
        [--src-ip <ip-address> | --src-group <group>]
        [--dst-port <port-range>]
        [--ingress | --egress]
        [--ethertype <ethertype>]
        [--project <project> [--project-domain <project-domain>]]
        <group>

.. option:: --proto <proto>

    IP protocol (icmp, tcp, udp; default: tcp)

.. option:: --src-ip <ip-address>

    Source IP address block
    (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)

.. option:: --src-group <group>

    Source security group (name or ID)

.. option:: --dst-port <port-range>

    Destination port, may be a single port or port range: 137:139
    (only required for IP protocols tcp and udp)

.. option:: --ingress

    Rule applies to incoming network traffic (default)

    *Network version 2 only*

.. option:: --egress

    Rule applies to outgoing network traffic

    *Network version 2 only*

.. option:: --ethertype <ethertype>

    Ethertype of network traffic (IPv4, IPv6; default: IPv4)

    *Network version 2 only*

.. option:: --project <project>

    Owner's project (name or ID)

    *Network version 2 only*

.. option:: --project-domain <project-domain>

    Domain the project belongs to (name or ID).
    This can be used in case collisions between project names exist.

    *Network version 2 only*

.. describe:: <group>

    Create rule in this security group (name or ID)

security group rule delete
--------------------------

Delete a security group rule

.. program:: security group rule delete
.. code:: bash

    os security group rule delete
        <rule>

.. describe:: <rule>

    Security group rule to delete (ID only)

security group rule list
------------------------

List security group rules

.. program:: security group rule list
.. code:: bash

    os security group rule list
        [--all-projects]
        [--long]
        [<group>]

.. option:: --all-projects

    Display information from all projects (admin only)

    *Network version 2 ignores this option and will always display information*
    *for all projects (admin only).*

.. option:: --long

    List additional fields in output

    *Compute version 2 does not have additional fields to display.*

.. describe:: <group>

    List all rules in this security group (name or ID)

security group rule show
------------------------

Display security group rule details

.. program:: security group rule show
.. code:: bash

    os security group rule show
        <rule>

.. describe:: <rule>

    Security group rule to display (ID only)
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00			`===================`
			`security group rule`
			`===================`

Doc: Add network resource descriptions Add descriptions to the network resource command documentation. Change-Id: I547ffb48f8950311a5ee65d6b535846f2aca0efc 2016-04-24 19:17:36 -05:00			`A security group rule specifies the network access rules for servers`
			`and other resources on the network.`

Refactor security group delete to use SDK Refactored the 'os security group delete' command to use the SDK when neutron is enabled, but continue to use the nova client when nova network is enabled. This patch set introduces a new NetworkAndComputeCommand class to be used for commands that must support neutron and nova network. The new class allows both the parser and actions to be unique. The current DeleteSecurityGroup class is now a subclass of this new class and has moved under the network v2 commands. This patch set also introduces a new FakeSecurityGroup class for testing security groups. And finally, this patch set updates the command documentation for security group and security group rule to indicate that Network v2 is also used. Change-Id: Ic21376b86b40cc6d97f360f3760ba5beed154537 Partial-Bug: #1519511 Related-to: blueprint neutron-client 2015-12-14 13:29:43 -06:00			`Compute v2, Network v2`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00
			`security group rule create`
			`--------------------------`

			`Create a new security group rule`

			`.. program:: security group rule create`
			`.. code:: bash`

			`os security group rule create`
			`[--proto <proto>]`
Add source security group support to create rule The 'security group rule create' command was updated to support a source security group. Now either a source IP address block or source security group can be specified when creating a rule. The default remains the same. Change-Id: If57de2871810caddeeaee96482eb34146968e173 Closes-Bug: #1522969 2015-12-04 16:37:40 -06:00			`[--src-ip <ip-address> \| --src-group <group>]`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00			`[--dst-port <port-range>]`
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-03-31 16:19:20 -05:00			`[--ingress \| --egress]`
			`[--ethertype <ethertype>]`
Add project options to security group rule create Add the --project and --project-domain options to the 'os security group rule create' command. These options are for Network v2 only. Change-Id: Ie3e136be076f0f2c22fbe7048d1d6eaebf5aa655 Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-04-04 16:20:20 -05:00			`[--project <project> [--project-domain <project-domain>]]`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00			`<group>`

			`.. option:: --proto <proto>`

			`IP protocol (icmp, tcp, udp; default: tcp)`

			`.. option:: --src-ip <ip-address>`

Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-03-31 16:19:20 -05:00			`Source IP address block`
			`(may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)`
Add source security group support to create rule The 'security group rule create' command was updated to support a source security group. Now either a source IP address block or source security group can be specified when creating a rule. The default remains the same. Change-Id: If57de2871810caddeeaee96482eb34146968e173 Closes-Bug: #1522969 2015-12-04 16:37:40 -06:00
			`.. option:: --src-group <group>`

Support security group name for --src-group Support security group name for the "--src-group" option on the "os security group rule create" command. Change-Id: Ic23d0671dad77566269c9a588644c8d774368733 Closes-Bug: #1540656 2016-03-17 12:58:44 -05:00			`Source security group (name or ID)`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00
			`.. option:: --dst-port <port-range>`

Refactor security group rule create to use SDK Refactored the 'os security group rule create' command to use the SDK when neutron is enabled, but continue to use the nova client when nova network is enabled. Added a release note for the change in security group rules output due to Network v2. Change-Id: I8c6c99d5272ff5d410a449f73d198d834c5cd96e Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-03-11 15:30:47 -06:00			`Destination port, may be a single port or port range: 137:139`
			`(only required for IP protocols tcp and udp)`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00
Add network options to security group rule create Add the following network options to the "os security group rule" command: (1) --ingress and --egress (2) --ethertype These options enable egress and IPv6 security group rules for Network v2. Change-Id: Ie30b5e95f94e0c087b0ce81e518de72d2dda25ad Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-03-31 16:19:20 -05:00			`.. option:: --ingress`

			`Rule applies to incoming network traffic (default)`

			`Network version 2 only`

			`.. option:: --egress`

			`Rule applies to outgoing network traffic`

			`Network version 2 only`

			`.. option:: --ethertype <ethertype>`

			`Ethertype of network traffic (IPv4, IPv6; default: IPv4)`

			`Network version 2 only`

Add project options to security group rule create Add the --project and --project-domain options to the 'os security group rule create' command. These options are for Network v2 only. Change-Id: Ie3e136be076f0f2c22fbe7048d1d6eaebf5aa655 Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-04-04 16:20:20 -05:00			`.. option:: --project <project>`

			`Owner's project (name or ID)`

			`Network version 2 only`

			`.. option:: --project-domain <project-domain>`

			`Domain the project belongs to (name or ID).`
			`This can be used in case collisions between project names exist.`

			`Network version 2 only`

Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00			`.. describe:: <group>`

			`Create rule in this security group (name or ID)`

			`security group rule delete`
			`--------------------------`

			`Delete a security group rule`

			`.. program:: security group rule delete`
			`.. code:: bash`

			`os security group rule delete`
			`<rule>`

			`.. describe:: <rule>`

			`Security group rule to delete (ID only)`

			`security group rule list`
			`------------------------`

			`List security group rules`

			`.. program:: security group rule list`
			`.. code:: bash`

			`os security group rule list`
Add options to security group rule list Add the following options to the 'os security group rule list' command: --long: Display direction and ethertype for Network v2 --all-projects: Display information from all projects for Compute v2 Change-Id: If8a1cbd7669cdfa6577d6d2f6fffd9e999a39a82 Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-04-11 13:45:12 -05:00			`[--all-projects]`
			`[--long]`
Add support to list all security group rules Both nova and neutron allow security group rules to be listed without specifying the owning security group. This patch set makes the group argument on 'os security group rule list' optional. Behavior is unchanged when the argument is specified. When the argument is not specified then all accessible security group rules will be listed. The listing will include the owning security group for each rule. Change-Id: I6914baecf70a65354e1e82dad92c6afbd32b4973 Related-Bug: #1519512 2015-12-16 16:01:40 -06:00			`[<group>]`
Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00
Add options to security group rule list Add the following options to the 'os security group rule list' command: --long: Display direction and ethertype for Network v2 --all-projects: Display information from all projects for Compute v2 Change-Id: If8a1cbd7669cdfa6577d6d2f6fffd9e999a39a82 Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-04-11 13:45:12 -05:00			`.. option:: --all-projects`

			`Display information from all projects (admin only)`

			`Network version 2 ignores this option and will always display information`
			`for all projects (admin only).`

			`.. option:: --long`

			`List additional fields in output`

			`Compute version 2 does not have additional fields to display.`

Doc: Add security group and security group rule Add missing command list documentation for the 'security group' and 'security group rule' commands. In addition, update the command description and argument help to fix minor issues and use consistent terminology. Change-Id: I9f4a3fbac5637289f19511874e16391d3fe27132 2015-11-24 07:52:43 -06:00			`.. describe:: <group>`

			`List all rules in this security group (name or ID)`
Add "security group rule show" command Add the "os security group rule show" command which will use the SDK when neutron is enabled, and use the nova client when nova network is enabled. Change-Id: I41efaa4468ec15e4e86d74144cc72edc25a29024 Partial-Bug: #1519512 Implements: blueprint neutron-client 2016-02-19 10:19:28 -06:00
			`security group rule show`
			`------------------------`

			`Display security group rule details`

			`.. program:: security group rule show`
			`.. code:: bash`

			`os security group rule show`
			`<rule>`

			`.. describe:: <rule>`

			`Security group rule to display (ID only)`