firewall group rule¶
A firewall group rule represents a collection of attributes like ports, IP addresses which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.
Network v2
firewall group rule create¶
Create a new firewall rule
openstack firewall group rule create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--name <name>]
[--description <description>]
[--protocol {tcp,udp,icmp,any}]
[--action {allow,deny,reject}]
[--ip-version <ip-version>]
[--source-ip-address <source-ip-address> | --no-source-ip-address]
[--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
[--source-port <source-port> | --no-source-port]
[--destination-port <destination-port> | --no-destination-port]
[--public | --private | --share | --no-share]
[--enable-rule | --disable-rule]
[--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
[--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
[--project <project>]
[--project-domain <project-domain>]
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--name
<name>
¶ Name of the firewall rule
-
--description
<description>
¶ Description of the firewall rule
-
--protocol
<PROTOCOL>
¶ Protocol for the firewall rule
-
--action
<ACTION>
¶ Action for the firewall rule
-
--ip-version
<ip-version>
¶ Set IP version 4 or 6 (default is 4)
-
--source-ip-address
<source-ip-address>
¶ Source IP address or subnet
-
--no-source-ip-address
¶
Detach source IP address
-
--destination-ip-address
<destination-ip-address>
¶ Destination IP address or subnet
-
--no-destination-ip-address
¶
Detach destination IP address
-
--source-port
<source-port>
¶ Source port number or range(integer in [1, 65535] or range like 123:456)
-
--no-source-port
¶
Detach source port number or range
-
--destination-port
<destination-port>
¶ Destination port number or range(integer in [1, 65535] or range like 123:456)
-
--no-destination-port
¶
Detach destination port number or range
-
--public
¶
Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release
-
--private
¶
Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.
Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).
Restrict use of the firewall rule to the current project
-
--enable-rule
¶
Enable this rule (default is enabled)
-
--disable-rule
¶
Disable this rule
-
--source-firewall-group
<source-firewall-group>
¶ Source firewall group (name or ID)
-
--no-source-firewall-group
¶
No associated destination firewall group
-
--destination-firewall-group
<destination-firewall-group>
¶ Destination firewall group (name or ID)
-
--no-destination-firewall-group
¶
No associated destination firewall group
-
--project
<project>
¶ Owner’s project (name or ID)
-
--project-domain
<project-domain>
¶ Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
This command is provided by the python-neutronclient plugin.
firewall group rule delete¶
Delete firewall rule(s)
openstack firewall group rule delete
<firewall-rule>
[<firewall-rule> ...]
-
firewall-rule
¶
Firewall rule(s) to delete (name or ID)
This command is provided by the python-neutronclient plugin.
firewall group rule list¶
List firewall rules that belong to a given tenant
openstack firewall group rule list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--sort-column SORT_COLUMN]
[--long]
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--quote
<QUOTE_MODE>
¶ when to include quotes, defaults to nonnumeric
-
--noindent
¶
whether to disable indenting the JSON
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
--sort-column
SORT_COLUMN
¶ specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
-
--long
¶
List additional fields in output
This command is provided by the python-neutronclient plugin.
firewall group rule set¶
Set firewall rule properties
openstack firewall group rule set
[--name <name>]
[--description <description>]
[--protocol {tcp,udp,icmp,any}]
[--action {allow,deny,reject}]
[--ip-version <ip-version>]
[--source-ip-address <source-ip-address> | --no-source-ip-address]
[--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
[--source-port <source-port> | --no-source-port]
[--destination-port <destination-port> | --no-destination-port]
[--public | --private | --share | --no-share]
[--enable-rule | --disable-rule]
[--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
[--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
<firewall-rule>
-
--name
<name>
¶ Name of the firewall rule
-
--description
<description>
¶ Description of the firewall rule
-
--protocol
<PROTOCOL>
¶ Protocol for the firewall rule
-
--action
<ACTION>
¶ Action for the firewall rule
-
--ip-version
<ip-version>
¶ Set IP version 4 or 6 (default is 4)
-
--source-ip-address
<source-ip-address>
¶ Source IP address or subnet
-
--no-source-ip-address
¶
Detach source IP address
-
--destination-ip-address
<destination-ip-address>
¶ Destination IP address or subnet
-
--no-destination-ip-address
¶
Detach destination IP address
-
--source-port
<source-port>
¶ Source port number or range(integer in [1, 65535] or range like 123:456)
-
--no-source-port
¶
Detach source port number or range
-
--destination-port
<destination-port>
¶ Destination port number or range(integer in [1, 65535] or range like 123:456)
-
--no-destination-port
¶
Detach destination port number or range
-
--public
¶
Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release
-
--private
¶
Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.
Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).
Restrict use of the firewall rule to the current project
-
--enable-rule
¶
Enable this rule (default is enabled)
-
--disable-rule
¶
Disable this rule
-
--source-firewall-group
<source-firewall-group>
¶ Source firewall group (name or ID)
-
--no-source-firewall-group
¶
No associated destination firewall group
-
--destination-firewall-group
<destination-firewall-group>
¶ Destination firewall group (name or ID)
-
--no-destination-firewall-group
¶
No associated destination firewall group
-
firewall-rule
¶
Firewall rule to set (name or ID)
This command is provided by the python-neutronclient plugin.
firewall group rule show¶
Display firewall rule details
openstack firewall group rule show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width]
[--print-empty]
<firewall-rule>
-
-f
<FORMATTER>
,
--format
<FORMATTER>
¶ the output format, defaults to table
-
-c
COLUMN
,
--column
COLUMN
¶ specify the column(s) to include, can be repeated to show multiple columns
-
--noindent
¶
whether to disable indenting the JSON
-
--prefix
<PREFIX>
¶ add a prefix to all variable names
-
--max-width
<integer>
¶ Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
-
--fit-width
¶
Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
-
--print-empty
¶
Print empty table if there is no data to show.
-
firewall-rule
¶
Firewall rule to display (name or ID)
This command is provided by the python-neutronclient plugin.
firewall group rule unset¶
Unset firewall rule properties
openstack firewall group rule unset
[--source-ip-address]
[--destination-ip-address]
[--source-port]
[--destination-port]
[--share]
[--public]
[--enable-rule]
[--source-firewall-group]
[--destination-firewall-group]
<firewall-rule>
-
--source-ip-address
¶
Source IP address or subnet
-
--destination-ip-address
¶
Destination IP address or subnet
-
--source-port
¶
Source port number or range(integer in [1, 65535] or range like 123:456)
-
--destination-port
¶
Destination port number or range(integer in [1, 65535] or range like 123:456)
Restrict use of the firewall rule to the current project
-
--public
¶
Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release.
-
--enable-rule
¶
Disable this rule
-
--source-firewall-group
¶
Source firewall group (name or ID)
-
--destination-firewall-group
¶
Destination firewall group (name or ID)
-
firewall-rule
¶
Firewall rule to unset (name or ID)
This command is provided by the python-neutronclient plugin.