diff options
| author | Richard Theis <rtheis@us.ibm.com> | 2016-04-15 07:36:43 -0500 |
|---|---|---|
| committer | Richard Theis <rtheis@us.ibm.com> | 2016-05-14 07:54:41 -0500 |
| commit | fd5fd924d152338204fcf69673fedd31a3904977 (patch) | |
| tree | 0bbe478925603d8503109499ff3c339b11966d5b /doc/source/command-objects | |
| parent | e1c53250bcf430517d254ada998e78b057a56a49 (diff) | |
| download | python-openstackclient-fd5fd924d152338204fcf69673fedd31a3904977.tar.gz | |
Additional network protocol support
Add the following network protocol support to the
"os security group rule create" command:
- Add "--icmp-type" and "--icmp-code" options
for Network v2 only. These options can be used to set
the ICMP type and code for ICMP IP protocols.
- Change the "--proto" option to "--protocol". Using the
"--proto" option is still supported, but is no longer
documented and may be deprecated in a future release.
- Add the following Network v2 IP protocols to the
"--protocol" option: "ah", "dccp", "egp", "esp", "gre",
"igmp", "ipv6-encap", "ipv6-frag", "ipv6-icmp",
"ipv6-nonxt", "ipv6-opts", "ipv6-route", "ospf", "pgm",
"rsvp", "sctp", "udplite", "vrrp" and integer
representations [0-255].
The "os security group rule list" command now supports
displaying the ICMP type and code for security group rules
with the ICMP IP protocols.
Change-Id: Ic84bc92bc7aa5ac08f6ef91660eb6c125a200eb3
Closes-Bug: #1519512
Implements: blueprint neutron-client
Diffstat (limited to 'doc/source/command-objects')
| -rw-r--r-- | doc/source/command-objects/security-group-rule.rst | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/doc/source/command-objects/security-group-rule.rst b/doc/source/command-objects/security-group-rule.rst index b0ac3c94..97cce35c 100644 --- a/doc/source/command-objects/security-group-rule.rst +++ b/doc/source/command-objects/security-group-rule.rst @@ -16,18 +16,14 @@ Create a new security group rule .. code:: bash os security group rule create - [--proto <proto>] [--src-ip <ip-address> | --src-group <group>] - [--dst-port <port-range>] + [--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]] + [--protocol <protocol>] [--ingress | --egress] [--ethertype <ethertype>] [--project <project> [--project-domain <project-domain>]] <group> -.. option:: --proto <proto> - - IP protocol (icmp, tcp, udp; default: tcp) - .. option:: --src-ip <ip-address> Source IP address block @@ -39,8 +35,35 @@ Create a new security group rule .. option:: --dst-port <port-range> - Destination port, may be a single port or port range: 137:139 - (only required for IP protocols tcp and udp) + Destination port, may be a single port or a starting and + ending port range: 137:139. Required for IP protocols TCP + and UDP. Ignored for ICMP IP protocols. + +.. option:: --icmp-type <icmp-type> + + ICMP type for ICMP IP protocols + + *Network version 2 only* + +.. option:: --icmp-code <icmp-code> + + ICMP code for ICMP IP protocols + + *Network version 2 only* + +.. option:: --protocol <protocol> + + IP protocol (icmp, tcp, udp; default: tcp) + + *Compute version 2* + + IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, + ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, + ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, + udp, udplite, vrrp and integer representations [0-255]; + default: tcp) + + *Network version 2* .. option:: --ingress @@ -56,7 +79,8 @@ Create a new security group rule .. option:: --ethertype <ethertype> - Ethertype of network traffic (IPv4, IPv6; default: IPv4) + Ethertype of network traffic + (IPv4, IPv6; default: based on IP protocol) *Network version 2 only* |