firewall group rule

A firewall group rule represents a collection of attributes like ports, IP addresses which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.

Network v2

firewall group rule create

Create a new firewall rule

openstack firewall group rule create
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    [--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
    [--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
    [--project <project>]
    [--project-domain <project-domain>]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--source-firewall-group <source-firewall-group>

Source firewall group (name or ID)

--no-source-firewall-group

No associated destination firewall group

--destination-firewall-group <destination-firewall-group>

Destination firewall group (name or ID)

--no-destination-firewall-group

No associated destination firewall group

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

This command is provided by the python-neutronclient plugin.

firewall group rule delete

Delete firewall rule(s)

openstack firewall group rule delete
    <firewall-rule>
    [<firewall-rule> ...]
firewall-rule

Firewall rule(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule list

List firewall rules that belong to a given tenant

openstack firewall group rule list
    [-f {csv,json,table,value,yaml}]
    [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--noindent]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--sort-column SORT_COLUMN]
    [--long]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--quote <QUOTE_MODE>

when to include quotes, defaults to nonnumeric

--noindent

whether to disable indenting the JSON

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

firewall group rule set

Set firewall rule properties

openstack firewall group rule set
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    [--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
    [--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
    <firewall-rule>
--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--source-firewall-group <source-firewall-group>

Source firewall group (name or ID)

--no-source-firewall-group

No associated destination firewall group

--destination-firewall-group <destination-firewall-group>

Destination firewall group (name or ID)

--no-destination-firewall-group

No associated destination firewall group

firewall-rule

Firewall rule to set (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule show

Display firewall rule details

openstack firewall group rule show
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    <firewall-rule>
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

firewall-rule

Firewall rule to display (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule unset

Unset firewall rule properties

openstack firewall group rule unset
    [--source-ip-address]
    [--destination-ip-address]
    [--source-port]
    [--destination-port]
    [--share]
    [--public]
    [--enable-rule]
    [--source-firewall-group]
    [--destination-firewall-group]
    <firewall-rule>
--source-ip-address

Source IP address or subnet

--destination-ip-address

Destination IP address or subnet

--source-port

Source port number or range(integer in [1, 65535] or range like 123:456)

--destination-port

Destination port number or range(integer in [1, 65535] or range like 123:456)

--share

Restrict use of the firewall rule to the current project

--public

Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release.

--enable-rule

Disable this rule

--source-firewall-group

Source firewall group (name or ID)

--destination-firewall-group

Destination firewall group (name or ID)

firewall-rule

Firewall rule to unset (name or ID)

This command is provided by the python-neutronclient plugin.