security group rule

A security group rule specifies the network access rules for servers and other resources on the network.

Compute v2, Network v2

security group rule create

Create a new security group rule

openstack security group rule create
    [--remote-ip <ip-address> | --remote-group <group>]
    [--dst-port <port-range>]
    [--protocol <protocol>]
    [--description <description>]
    [--icmp-type <icmp-type>]
    [--icmp-code <icmp-code>]
    [--ingress | --egress]
    [--ethertype <ethertype>]
    [--project <project>]
    [--project-domain <project-domain>]
    <group>
--remote-ip <ip-address>

Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)

--remote-group <group>

Remote security group (name or ID)

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--protocol <protocol>
Network version 2:

IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

Compute version 2:

IP protocol (icmp, tcp, udp; default: tcp)

--description <description>

Set security group rule description

Network version 2 only

--icmp-type <icmp-type>

ICMP type for ICMP IP protocols

Network version 2 only

--icmp-code <icmp-code>

ICMP code for ICMP IP protocols

Network version 2 only

--ingress

Rule applies to incoming network traffic (default)

Network version 2 only

--egress

Rule applies to outgoing network traffic

Network version 2 only

--ethertype <ethertype>

Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)

Network version 2 only

--project <project>

Owner’s project (name or ID)

Network version 2 only

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

Network version 2 only

group

Create rule in this security group (name or ID)

This command is provided by the python-openstackclient plugin.

security group rule delete

Delete security group rule(s)

openstack security group rule delete <rule> [<rule> ...]
rule

Security group rule(s) to delete (ID only)

This command is provided by the python-openstackclient plugin.

security group rule list

List security group rules

openstack security group rule list
    [--sort-column SORT_COLUMN]
    [--protocol <protocol>]
    [--ethertype <ethertype>]
    [--ingress | --egress]
    [--long]
    [--all-projects]
    [<group>]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--protocol <protocol>

List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

Network version 2 only

--ethertype <ethertype>

List rules by the Ethertype (IPv4 or IPv6)

Network version 2 only

--ingress

List rules applied to incoming network traffic

Network version 2 only

--egress

List rules applied to outgoing network traffic

Network version 2 only

--long

List additional fields in output

Network version 2 only

--all-projects

Display information from all projects (admin only)

Compute version 2 only

group

List all rules in this security group (name or ID)

This command is provided by the python-openstackclient plugin.

security group rule show

Display security group rule details

openstack security group rule show <rule>
rule

Security group rule to display (ID only)

This command is provided by the python-openstackclient plugin.