firewall group

A firewall group is a perimeter firewall management to Networking. Firewall group uses iptables to apply firewall policy to all VM ports and router ports within a project.

Network v2

firewall group create

Create a new firewall group

openstack firewall group create
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--name NAME]
    [--description <description>]
    [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
    [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
    [--share | --no-share]
    [--enable | --disable]
    [--project <project>]
    [--project-domain <project-domain>]
    [--port <port> | --no-port]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--name <NAME>

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--no-port

Detach all port from the firewall group

This command is provided by the python-neutronclient plugin.

firewall group delete

Delete firewall group(s)

openstack firewall group delete <firewall-group> [<firewall-group> ...]
firewall-group

Firewall group(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group list

List firewall groups

openstack firewall group list
    [-f {csv,json,table,value,yaml}]
    [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--noindent]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--long]
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--quote <QUOTE_MODE>

when to include quotes, defaults to nonnumeric

--noindent

whether to disable indenting the JSON

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

sort the column(s) in ascending order

--sort-descending

sort the column(s) in descending order

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

firewall group set

Set firewall group properties

openstack firewall group set
    [--name NAME]
    [--description <description>]
    [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
    [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
    [--share | --no-share]
    [--enable | --disable]
    [--port <port>]
    [--no-port]
    <firewall-group>
--name <NAME>

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--no-port

Detach all port from the firewall group

firewall-group

Firewall group to update (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group show

Display firewall group details

openstack firewall group show
    [-f {json,shell,table,value,yaml}]
    [-c COLUMN]
    [--noindent]
    [--prefix PREFIX]
    [--max-width <integer>]
    [--fit-width]
    [--print-empty]
    <firewall-group>
-f <FORMATTER>, --format <FORMATTER>

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated to show multiple columns

--noindent

whether to disable indenting the JSON

--prefix <PREFIX>

add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

firewall-group

Firewall group to show (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group unset

Unset firewall group properties

openstack firewall group unset
    [--port <port> | --all-port]
    [--ingress-firewall-policy]
    [--egress-firewall-policy]
    [--share]
    [--enable]
    <firewall-group>
--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--all-port

Remove all ports for this firewall group

--ingress-firewall-policy

Ingress firewall policy (name or ID) to delete

--egress-firewall-policy

Egress firewall policy (name or ID) to delete

--share

Restrict use of the firewall group to the current project

--enable

Disable firewall group

firewall-group

Firewall group to unset (name or ID)

This command is provided by the python-neutronclient plugin.