CLI Client: Security Groups

Note

Red Cloud 2 is currently in beta testing and not available to all users. If you are not a Red Cloud 2 beta tester, use the production Red Cloud instead. This Red Cloud 2 documentation is still under development.

Beta testers: Report all problems to CAC Help. Please specify Red Cloud 2 when reporting problems. Thank you!

List Security Groups

openstack security group list

Create a Security Group

--description <group-description>: can be added for additional descriptions.

openstack security group create <group-name>

Delete a Security Group

openstack security group delete <group-name-or-id>

Manage Your Security Group

Show Details about Your Security Group

openstack security group show <group-name-or-id>

Edit Details about Your Security Group

You may change the name, description, or other attributes with set.

openstack security group set --name <new-name> <group-name-or-id>
openstack security group set --description <new-description> <group-name-or-id>

List current rules for your group

openstack security group rule list <group-name-or-id>

Show details about a specific rule

You may get <rule-id> from rule list.

openstack security group rule show <rule-id>

Add a Security Group Rule

To make a proper security group rule, consider the following options:

  • --remote-ip <ip-address> or --remote-group <group-name-or-id>
    • --remote-ip is required for this rule to apply to a certain IP range (CIDR notation).
    • --remote-group is required for this rule to apply to another security group.
  • --description <description>
    • Description of the rule.
  • --protocol <protocol>
    • Rule protocol such as TCP, UDP, ICMP, etc.
  • --ingress or --egress
    • For TCP, UDP, ICMP, and unspecified protocol, choose if rule applies to incoming or outgoing network traffic.
  • --dst-port <port-range>
    • For TCP and UDP, choose the port ranges for this rule.
openstack security group rule create <group-name-or-id>

Delete a Security Group Rule

openstack security group rule delete <rule-id>