194 lines
4.2 KiB
ReStructuredText
194 lines
4.2 KiB
ReStructuredText
===================
|
|
security group rule
|
|
===================
|
|
|
|
A **security group rule** specifies the network access rules for servers
|
|
and other resources on the network.
|
|
|
|
Compute v2, Network v2
|
|
|
|
security group rule create
|
|
--------------------------
|
|
|
|
Create a new security group rule
|
|
|
|
.. program:: security group rule create
|
|
.. code:: bash
|
|
|
|
os security group rule create
|
|
[--remote-ip <ip-address> | --remote-group <group>]
|
|
[--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
|
|
[--protocol <protocol>]
|
|
[--ingress | --egress]
|
|
[--ethertype <ethertype>]
|
|
[--project <project> [--project-domain <project-domain>]]
|
|
[--description <description>]
|
|
<group>
|
|
|
|
.. option:: --remote-ip <ip-address>
|
|
|
|
Remote IP address block
|
|
(may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)
|
|
|
|
.. option:: --remote-group <group>
|
|
|
|
Remote security group (name or ID)
|
|
|
|
.. option:: --dst-port <port-range>
|
|
|
|
Destination port, may be a single port or a starting and
|
|
ending port range: 137:139. Required for IP protocols TCP
|
|
and UDP. Ignored for ICMP IP protocols.
|
|
|
|
.. option:: --icmp-type <icmp-type>
|
|
|
|
ICMP type for ICMP IP protocols
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --icmp-code <icmp-code>
|
|
|
|
ICMP code for ICMP IP protocols
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --protocol <protocol>
|
|
|
|
IP protocol (icmp, tcp, udp; default: tcp)
|
|
|
|
*Compute version 2*
|
|
|
|
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
|
|
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
|
|
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
|
|
udp, udplite, vrrp and integer representations [0-255];
|
|
default: tcp)
|
|
|
|
*Network version 2*
|
|
|
|
.. option:: --ingress
|
|
|
|
Rule applies to incoming network traffic (default)
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --egress
|
|
|
|
Rule applies to outgoing network traffic
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --ethertype <ethertype>
|
|
|
|
Ethertype of network traffic
|
|
(IPv4, IPv6; default: based on IP protocol)
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --project <project>
|
|
|
|
Owner's project (name or ID)
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --project-domain <project-domain>
|
|
|
|
Domain the project belongs to (name or ID).
|
|
This can be used in case collisions between project names exist.
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --description <description>
|
|
|
|
Set security group rule description
|
|
|
|
*Network version 2 only*
|
|
|
|
.. describe:: <group>
|
|
|
|
Create rule in this security group (name or ID)
|
|
|
|
security group rule delete
|
|
--------------------------
|
|
|
|
Delete security group rule(s)
|
|
|
|
.. program:: security group rule delete
|
|
.. code:: bash
|
|
|
|
os security group rule delete
|
|
<rule> [<rule> ...]
|
|
|
|
.. describe:: <rule>
|
|
|
|
Security group rule(s) to delete (ID only)
|
|
|
|
security group rule list
|
|
------------------------
|
|
|
|
List security group rules
|
|
|
|
.. program:: security group rule list
|
|
.. code:: bash
|
|
|
|
os security group rule list
|
|
[--all-projects]
|
|
[--protocol <protocol>]
|
|
[--ingress | --egress]
|
|
[--long]
|
|
[<group>]
|
|
|
|
.. option:: --all-projects
|
|
|
|
Display information from all projects (admin only)
|
|
|
|
*Network version 2 ignores this option and will always display information*
|
|
*for all projects (admin only).*
|
|
|
|
.. option:: --long
|
|
|
|
List additional fields in output
|
|
|
|
*Compute version 2 does not have additional fields to display.*
|
|
|
|
|
|
.. option:: --protocol
|
|
|
|
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
|
|
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
|
|
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
|
|
representations [0-255])
|
|
|
|
*Network version 2*
|
|
|
|
.. option:: --ingress
|
|
|
|
List rules applied to incoming network traffic
|
|
|
|
*Network version 2 only*
|
|
|
|
.. option:: --egress
|
|
|
|
List rules applied to outgoing network traffic
|
|
|
|
*Network version 2 only*
|
|
|
|
.. describe:: <group>
|
|
|
|
List all rules in this security group (name or ID)
|
|
|
|
security group rule show
|
|
------------------------
|
|
|
|
Display security group rule details
|
|
|
|
.. program:: security group rule show
|
|
.. code:: bash
|
|
|
|
os security group rule show
|
|
<rule>
|
|
|
|
.. describe:: <rule>
|
|
|
|
Security group rule to display (ID only)
|