firewall group rule

updated: 2017-07-28 21:18

firewall group rule

A firewall group rule represents a collection of attributes like ports, IP addresses which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.

Network v2

firewall group rule create

Create a new firewall rule

openstack firewall group rule create
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--prefix PREFIX]
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    [--project <project>]
    [--project-domain <project-domain>]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

firewall group rule delete

Delete firewall rule(s)

openstack firewall group rule delete
    <firewall-rule>
    [<firewall-rule> ...]
firewall-rule

Firewall rule(s) to delete (name or ID)

firewall group rule list

List firewall rules that belong to a given tenant

openstack firewall group rule list
    [-f {csv,json,table,value,yaml}]
    [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--long]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--quote <QUOTE_MODE>

when to include quotes, defaults to nonnumeric

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--noindent

whether to disable indenting the JSON

--long

List additional fields in output

firewall group rule set

Set firewall rule properties

openstack firewall group rule set
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    <firewall-rule>
--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

firewall-rule

Firewall rule to set (name or ID)

firewall group rule show

Display firewall rule details

openstack firewall group rule show
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--noindent]
    [--prefix PREFIX]
    <firewall-rule>
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

firewall-rule

Firewall rule to display (name or ID)

firewall group rule unset

Unset firewall rule properties

openstack firewall group rule unset
    [--source-ip-address]
    [--destination-ip-address]
    [--source-port]
    [--destination-port]
    [--share]
    [--public]
    [--enable-rule]
    <firewall-rule>
--source-ip-address

Source IP address or subnet

--destination-ip-address

Destination IP address or subnet

--source-port

Source port number or range(integer in [1, 65535] or range like 123:456)

--destination-port

Destination port number or range(integer in [1, 65535] or range like 123:456)

--share

Restrict use of the firewall rule to the current project

--public

Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release.

--enable-rule

Disable this rule

firewall-rule

Firewall rule to unset (name or ID)

updated: 2017-07-28 21:18
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?