End-user / Cloud / Security Groups¶
On this page the end user can manage security groups and security rules to manage network traffic. By default all network traffic is blocked and you define security groups and rules to allow specific network traffic.
When you access this page a list of existing security groups are displayed in card or table format:
Details¶
Clicking on a security group will take you to a security group details page:
Here you can see details for a security group and all the rules belonging to that group
Add a new group¶
To add a new security group click the add button on the bottom right of the page:
After you click the add button a create security group dialog will be displayed:
To create the security group select openstack region, fill up the group name and description and click Create.
Edit a new group¶
To edit an existing group click edit button on groups list or on group details. When you click the edit button the edit group dialog will be displayed:
In this dialog you can change group name or description.
Delete a security group¶
To delete an existing group click delete button on group list or on group details. When you click the delete button a confirmation dialog will be displayed:
Clicking Delete security group will delete the group.
Creating security rules¶
In order to allow network traffic you will need to add some security rules. To add a new security rule click Add rule button on security group list or details pages. When you click add a dialog will appear that allows you to create a new security rule:
The following fields are available for a rule:
Rule - The type of rule
Direction - The direction of network traffic for the rule - can be Ingress or Egress
Remote - You can select here a CIDR or another security group
CIDR - The CIDR to apply the rule for
Remote security group - The remote security group to apply this rule for
Ether type - Here you can select ethernet protocol, can be either IPv4 or IPv6
For specific kinds of rules more fields are available.
The custom ICMP rule create dialog looks like this:
and has the following extra fields:
ICMP Type - type of ICMP packet
ICMP Code - the ICMP error codes
The custom TCP rule create dialog looks like this:
and has the following extra fields:
Port - the TCP port to apply this rule to
All ports - checkbox allowing you to apply this rule to all TCP ports
The custom other protocol create dialog looks like this:
and has the following extra fields:
Protocol - the protocol code
Port - the port to apply this rule to
All ports - checkbox allowing you to apply this rule to all ports
Deleting security rules¶
Security rules can be deleted on security group details page.