1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
===================
security group rule
===================
A **security group rule** specifies the network access rules for servers
and other resources on the network.
Compute v2, Network v2
security group rule create
--------------------------
Create a new security group rule
.. program:: security group rule create
.. code:: bash
os security group rule create
[--src-ip <ip-address> | --src-group <group>]
[--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
[--protocol <protocol>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project> [--project-domain <project-domain>]]
<group>
.. option:: --src-ip <ip-address>
Source IP address block
(may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)
.. option:: --src-group <group>
Source security group (name or ID)
.. option:: --dst-port <port-range>
Destination port, may be a single port or a starting and
ending port range: 137:139. Required for IP protocols TCP
and UDP. Ignored for ICMP IP protocols.
.. option:: --icmp-type <icmp-type>
ICMP type for ICMP IP protocols
*Network version 2 only*
.. option:: --icmp-code <icmp-code>
ICMP code for ICMP IP protocols
*Network version 2 only*
.. option:: --protocol <protocol>
IP protocol (icmp, tcp, udp; default: tcp)
*Compute version 2*
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
udp, udplite, vrrp and integer representations [0-255];
default: tcp)
*Network version 2*
.. option:: --ingress
Rule applies to incoming network traffic (default)
*Network version 2 only*
.. option:: --egress
Rule applies to outgoing network traffic
*Network version 2 only*
.. option:: --ethertype <ethertype>
Ethertype of network traffic
(IPv4, IPv6; default: based on IP protocol)
*Network version 2 only*
.. option:: --project <project>
Owner's project (name or ID)
*Network version 2 only*
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
*Network version 2 only*
.. describe:: <group>
Create rule in this security group (name or ID)
security group rule delete
--------------------------
Delete security group rule(s)
.. program:: security group rule delete
.. code:: bash
os security group rule delete
<rule> [<rule> ...]
.. describe:: <rule>
Security group rule(s) to delete (ID only)
security group rule list
------------------------
List security group rules
.. program:: security group rule list
.. code:: bash
os security group rule list
[--all-projects]
[--long]
[<group>]
.. option:: --all-projects
Display information from all projects (admin only)
*Network version 2 ignores this option and will always display information*
*for all projects (admin only).*
.. option:: --long
List additional fields in output
*Compute version 2 does not have additional fields to display.*
.. describe:: <group>
List all rules in this security group (name or ID)
security group rule show
------------------------
Display security group rule details
.. program:: security group rule show
.. code:: bash
os security group rule show
<rule>
.. describe:: <rule>
Security group rule to display (ID only)
|
