default security group rule¶

A default security group rule specifies the template of the security group rules which will be used by neutron to create rules in every new security group.

Network v2

default security group rule create¶

Add a new security group rule to the default security group template.

These rules will be applied to the default security groups created for any new project. They will not be applied to any existing default security groups.

openstack default security group rule create
    [--extra-property type=<property_type>,name=<property_name>,value=<property_value>]
    [--description <description>]
    [--icmp-type <icmp-type>]
    [--icmp-code <icmp-code>]
    [--ingress | --egress]
    [--ethertype <ethertype>]
    [--remote-ip <ip-address> | --remote-group <group> | --remote-address-group <group>]
    [--dst-port <port-range>]
    [--protocol <protocol>]
    [--for-default-sg]
    [--for-custom-sg]

--extra-property type=<property_type>,name=<property_name>,value=<property_value>¶: Additional parameters can be passed using this property. Default type of the extra property is string (‘str’), but other types can be used as well. Available types are: ‘dict’, ‘list’, ‘str’, ‘bool’, ‘int’. In case of ‘list’ type, ‘value’ can be semicolon-separated list of values. For ‘dict’ value is semicolon-separated list of the key:value pairs.

--description <description>¶: Set default security group rule description

--icmp-type <icmp-type>¶: ICMP type for ICMP IP protocols

--icmp-code <icmp-code>¶: ICMP code for ICMP IP protocols

--ingress¶: Rule will apply to incoming network traffic (default)

--egress¶: Rule will apply to outgoing network traffic

--ethertype <ethertype>¶: Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol)

--remote-ip <ip-address>¶: Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)

--remote-group <group>¶: Remote security group (ID)

--remote-address-group <group>¶: Remote address group (ID)

--dst-port <port-range>¶: Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--protocol <protocol>¶: IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv66-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--for-default-sg¶: Set this default security group rule to be used in all default security groups created automatically for each project

--for-custom-sg¶: Set this default security group rule to be used in all custom security groups created manually by users

default security group rule delete¶

Remove security group rule(s) from the default security group template.

These rules will not longer be applied to the default security groups created for any new project. They will not be removed from any existing default security groups.

openstack default security group rule delete <rule> [<rule> ...]

rule¶: Default security group rule(s) to delete (ID only)

default security group rule list¶

List security group rules used for new default security groups.

This shows the rules that will be added to any new default security groups created. These rules may differ for the rules present on existing default security groups.

openstack default security group rule list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--protocol <protocol>]
    [--ethertype <ethertype>]
    [--ingress | --egress]

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--protocol <protocol>¶: List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ethertype <ethertype>¶: List default rules by the Ethertype (IPv4 or IPv6)

--ingress¶: List default rules which will be applied to incoming network traffic

--egress¶: List default rules which will be applied to outgoing network traffic

default security group rule show¶

Show a security group rule used for new default security groups.

This shows a rule that will be added to any new default security groups created. This rule may not be present on existing default security groups.

openstack default security group rule show <rule>

rule¶: Default security group rule to display (ID only)

default security group rule

default security group rule¶

default security group rule create¶

default security group rule delete¶

default security group rule list¶

default security group rule show¶

OpenStack Command Line Client 6.7.0.dev38

Page Contents