openstack之security group和 security group rule命令行用法

CheungWi
318 阅读3分钟

security group

security group acts as a virtual firewall for servers and other resources on a network. It is a container for security group rules which specify the network access rules.

Compute v2, Network v2

security group create

Create a new security group

openstack security group create
    [--description <description>]
    [--project <project> [--project-domain <project-domain>]]
    <name>

  • --description`` <description>

    Security group description

  • --project`` <project>

    Owner’s project (name or ID)

    Network version 2 only

  • --project-domain`` <project-domain>

    Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

    Network version 2 only

  • <name>

    New security group name

security group delete

Delete security group(s)

openstack security group delete
    <group> [<group> ...]

  • <group>

    Security group(s) to delete (name or ID)

security group list

List security groups

openstack security group list
    [--all-projects]
    [--project <project> [--project-domain <project-domain>]]

  • `--all-projects```

    Display information from all projects (admin only)

    Network version 2 ignores this option and will always display information for all projects (admin only).

  • --project`` <project>

    List security groups according to the project (name or ID)

    Network version 2 only

  • --project-domain`` <project-domain>

    Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

    Network version 2 only

security group set

Set security group properties

openstack security group set
    [--name <new-name>]
    [--description <description>]
    <group>

  • --name`` <new-name>

    New security group name

  • --description`` <description>

    New security group description

  • <group>

    Security group to modify (name or ID)

security group show

Display security group details

openstack security group show
    <group>

  • <group>

    Security group to display (name or ID)

security group rule

security group rule specifies the network access rules for servers and other resources on the network.

Compute v2, Network v2

security group rule create

Create a new security group rule

openstack security group rule create
    [--remote-ip <ip-address> | --remote-group <group>]
    [--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--ethertype <ethertype>]
    [--project <project> [--project-domain <project-domain>]]
    [--description <description>]
    <group>

  • --remote-ip`` <ip-address>

    Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)

  • --remote-group`` <group>

    Remote security group (name or ID)

  • --dst-port`` <port-range>

    Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

  • --icmp-type`` <icmp-type>

    ICMP type for ICMP IP protocols

    Network version 2 only

  • --icmp-code`` <icmp-code>

    ICMP code for ICMP IP protocols

    Network version 2 only

  • --protocol`` <protocol>

    IP protocol (icmp, tcp, udp; default: tcp)

    Compute version 2

    IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]; default: tcp)

    Network version 2

  • `--ingress```

    Rule applies to incoming network traffic (default)

    Network version 2 only

  • `--egress```

    Rule applies to outgoing network traffic

    Network version 2 only

  • --ethertype`` <ethertype>

    Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)

    Network version 2 only

  • --project`` <project>

    Owner’s project (name or ID)

    Network version 2 only

  • --project-domain`` <project-domain>

    Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

    Network version 2 only

  • --description`` <description>

    Set security group rule description

    Network version 2 only

  • <group>

    Create rule in this security group (name or ID)

security group rule delete

Delete security group rule(s)

openstack security group rule delete
    <rule> [<rule> ...]

  • <rule>

    Security group rule(s) to delete (ID only)

security group rule list

List security group rules

openstack security group rule list
    [--all-projects]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--long]
    [<group>]

  • `--all-projects```

    Display information from all projects (admin only)

    Network version 2 ignores this option and will always display information for all projects (admin only).

  • `--long```

    List additional fields in output

    Compute version 2 does not have additional fields to display.

  • `--protocol```

    List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255])

    Network version 2

  • `--ingress```

    List rules applied to incoming network traffic

    Network version 2 only

  • `--egress```

    List rules applied to outgoing network traffic

    Network version 2 only

  • <group>

    List all rules in this security group (name or ID)

security group rule show

Display security group rule details

openstack security group rule show
    <rule>

  • <rule>

    Security group rule to display (ID only)

avatar
文章
阅读
粉丝