Help Center/ Virtual Private Cloud/ API Reference/ Native OpenStack Neutron APIs (V2.0)/ Security Group/ Creating a Security Group Rule
Updated on 2024-06-27 GMT+08:00
View PDF

Creating a Security Group Rule

Function

This API is used to create a security group rule.

URI

POST /v2.0/security-group-rules

Request Parameters

Table 1 Request parameter

Parameter

Type

Mandatory

Description

security_group_rule

security_group_rule object

Yes

Specifies the security group rule. For details, see Table 2.
Table 2 Security Group Rule objects

Attribute

Mandatory

Type

Description

description

No

String

Provides supplementary information about the security group rule.

security_group_id

Yes

String

Specifies the ID of the belonged security group.

remote_group_id

No

String
  • Specifies the peer ID of the belonged security group.
  • This parameter is mutually exclusive with remote_ip_prefix and remote_address_group_id.

direction

Yes

String
  • Specifies the direction of a security group rule.
  • The value can be ingress (inbound) or egress (outbound).

remote_ip_prefix

No

String
  • Specifies the peer IP address segment.
  • This parameter is mutually exclusive with remote_group_id and remote_address_group_id.

protocol

No

String
  • Specifies the protocol type or the IP protocol number.
  • The value can be tcp, udp, icmp or an IP protocol number.

port_range_max

No

Integer
  • Specifies the maximum port number. When ICMP is used, the value is the ICMP code.
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

No

Integer
  • Specifies the minimum port number. When ICMP is used, the value is the ICMP type.
  • Constraints:
    • When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.
    • When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

ethertype

No

String
  • Specifies the network type.
  • The value can be IPv4 or IPv6.

remote_address_group_id

No

String
  • Specifies the remote IP address group ID. You can log in to the management console and view the ID on the IP address group page.
  • The value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

Example Request

Create an outbound rule in the security group whose ID is 5cb9c1ee-00e0-4d0f-9623-55463cd26ff8. Set protocol to tcp, and remote_ip_prefix to 10.10.0.0/24.

POST https://{Endpoint}/v2.0/security-group-rules

{
    "security_group_rule": {
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "direction": "egress", 
        "protocol": "tcp", 
        "remote_ip_prefix": "10.10.0.0/24"
    }
}

Response Parameters

Table 3 Response parameter

Parameter

Type

Description

security_group_rule

security_group_rule object

Specifies the security group rule. For details, see Table 4.
Table 4 Security Group Rule objects

Attribute

Type

Description

id

String
  • Specifies the security group rule ID.
  • This parameter is not mandatory when you query security group rules.

description

String

Provides supplementary information about the security group rule.

security_group_id

String

Specifies the ID of the belonged security group.

remote_group_id

String

Specifies the peer ID of the belonged security group.

direction

String

Specifies the direction of a security group rule.

remote_ip_prefix

String

Specifies the peer IP address segment.

protocol

String

Specifies the protocol type or the IP protocol number.

port_range_max

Integer
  • Specifies the maximum port number. When ICMP is used, the value is the ICMP code.
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

Integer
  • Specifies the minimum port number. When ICMP is used, the value is the ICMP type.
  • Constraints:
    • When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.
    • When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

ethertype

String
  • Specifies the IP version.
  • The value can be IPv4 or IPv6.

tenant_id

String

Specifies the project ID.

remote_address_group_id

String
  • Specifies the remote IP address group ID.
  • The value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

project_id

String

Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

created_at

String
  • Time when the security group rule is created
  • UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

updated_at

String
  • Time when the security group rule is updated
  • UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

Example Response

{
    "security_group_rule": {
        "remote_group_id": null, 
        "direction": "egress", 
        "remote_ip_prefix": "10.10.0.0/24", 
        "protocol": "tcp", 
        "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "port_range_max": null, 
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "port_range_min": null, 
        "ethertype": "IPv4", 
        "description": null, 
        "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488",
        "project_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "created_at": "2018-09-20T02:15:34",
        "updated_at": "2018-09-20T02:15:34",
        "remote_address_group_id": null
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Parent topic: Security Group