4.2 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	security group rule
A security group rule specifies the network access rules for servers and other resources on the network.
Compute v2, Network v2
security group rule create
Create a new security group rule
security group rule create
os security group rule create
    [--remote-ip <ip-address> | --remote-group <group>]
    [--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--ethertype <ethertype>]
    [--project <project> [--project-domain <project-domain>]]
    [--description <description>]
    <group>--remote-ip <ip-address>
Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)
--remote-group <group>
Remote security group (name or ID)
--dst-port <port-range>
Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.
--icmp-type <icmp-type>
ICMP type for ICMP IP protocols
Network version 2 only
--icmp-code <icmp-code>
ICMP code for ICMP IP protocols
Network version 2 only
--protocol <protocol>
IP protocol (icmp, tcp, udp; default: tcp)
Compute version 2
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]; default: tcp)
Network version 2
--ingress
Rule applies to incoming network traffic (default)
Network version 2 only
--egress
Rule applies to outgoing network traffic
Network version 2 only
--ethertype <ethertype>
Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)
Network version 2 only
--project <project>
Owner's project (name or ID)
Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
Network version 2 only
--description <description>
Set security group rule description
Network version 2 only
<group>
Create rule in this security group (name or ID)
security group rule delete
Delete security group rule(s)
security group rule delete
os security group rule delete
    <rule> [<rule> ...]<rule>
Security group rule(s) to delete (ID only)
security group rule list
List security group rules
security group rule list
os security group rule list
    [--all-projects]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--long]
    [<group>]--all-projects
Display information from all projects (admin only)
Network version 2 ignores this option and will always display information for all projects (admin only).
--long
List additional fields in output
Compute version 2 does not have additional fields to display.
--protocol
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255])
Network version 2
--ingress
List rules applied to incoming network traffic
Network version 2 only
--egress
List rules applied to outgoing network traffic
Network version 2 only
<group>
List all rules in this security group (name or ID)
security group rule show
Display security group rule details
security group rule show
os security group rule show
    <rule><rule>
Security group rule to display (ID only)
