A security group rule specifies the network access rules for servers and other resources on the network.
Compute v2, Network v2
Create a new security group rule
openstack security group rule create
[--remote-ip <ip-address> | --remote-group <group>]
[--dst-port <port-range>]
[--protocol <protocol>]
[--description <description>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
--remote-ip
<ip-address>
¶Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)
--remote-group
<group>
¶Remote security group (name or ID)
--dst-port
<port-range>
¶Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.
--protocol
<protocol>
¶IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))
IP protocol (icmp, tcp, udp; default: tcp)
--description
<description>
¶Set security group rule description
Network version 2 only
--icmp-type
<icmp-type>
¶ICMP type for ICMP IP protocols
Network version 2 only
--icmp-code
<icmp-code>
¶ICMP code for ICMP IP protocols
Network version 2 only
--ingress
¶Rule applies to incoming network traffic (default)
Network version 2 only
--egress
¶Rule applies to outgoing network traffic
Network version 2 only
--ethertype
<ethertype>
¶Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)
Network version 2 only
--project
<project>
¶Owner’s project (name or ID)
Network version 2 only
--project-domain
<project-domain>
¶Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
Network version 2 only
group
¶Create rule in this security group (name or ID)
Delete security group rule(s)
openstack security group rule delete <rule> [<rule> ...]
rule
¶Security group rule(s) to delete (ID only)
List security group rules
openstack security group rule list
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--protocol <protocol>]
[--ethertype <ethertype>]
[--ingress | --egress]
[--long]
[--all-projects]
[<group>]
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--sort-ascending
¶sort the column(s) in ascending order
--sort-descending
¶sort the column(s) in descending order
--protocol
<protocol>
¶List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))
Network version 2 only
--ethertype
<ethertype>
¶List rules by the Ethertype (IPv4 or IPv6)
Network version 2 only
--ingress
¶List rules applied to incoming network traffic
Network version 2 only
--egress
¶List rules applied to outgoing network traffic
Network version 2 only
--long
¶Deprecated This argument is no longer needed
Network version 2 only
--all-projects
¶Display information from all projects (admin only)
Compute version 2 only
group
¶List all rules in this security group (name or ID)
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.